aboutsummaryrefslogtreecommitdiff
path: root/connector/src
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-11-27 09:18:38 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-11-27 09:18:38 +0100
commit7a800070338bec49cf3a4e2e6f76a0778f9eae02 (patch)
tree91a5f1521a0a6a02ed3e21f21d25b1792881f2ad /connector/src
parent1dcc1b9cd5d6e2a50817474c597e2924f67be2b1 (diff)
parent9f684f489a2825d1c8fde371b7e71b8d7513060a (diff)
downloadNational_eIDAS_Gateway-7a800070338bec49cf3a4e2e6f76a0778f9eae02.tar.gz
National_eIDAS_Gateway-7a800070338bec49cf3a4e2e6f76a0778f9eae02.tar.bz2
National_eIDAS_Gateway-7a800070338bec49cf3a4e2e6f76a0778f9eae02.zip
Merge branch 'connector_update_SZRv4' into 'nightlybuild'
Integration of E-ID functionality See merge request egiz/eidas_at_proxy!1
Diffstat (limited to 'connector/src')
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java64
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java63
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java33
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java7
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java247
-rw-r--r--connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder2
-rw-r--r--connector/src/main/resources/SpringTest_connector.beans.xml129
-rw-r--r--connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthenticationDataBuilderTest.java107
-rw-r--r--connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java52
-rw-r--r--connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/AuthBlockAttributeBuilderTest.java97
-rw-r--r--connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/EidasBindAttributeBuilderTest.java92
-rw-r--r--connector/src/test/resources/config/junit_config_1.properties11
-rw-r--r--connector/src/test/resources/config/junit_config_3.properties116
-rw-r--r--connector/src/test/resources/data/pvp2_authn_2.xml4
-rw-r--r--connector/src/test/resources/data/pvp2_authn_3.xml3
15 files changed, 906 insertions, 121 deletions
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java
new file mode 100644
index 00000000..be9f8862
--- /dev/null
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.asitplus.eidas.specific.connector.attributes;
+
+import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME;
+import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata;
+
+
+@PvpMetadata
+public class AuthBlockAttributeBuilder implements IPvpAttributeBuilder {
+
+ @Override
+ public String getName() {
+ return EID_AUTHBLOCK_SIGNED_NAME;
+ }
+
+ @Override
+ public <ATT> ATT build(final ISpConfiguration oaParam, final IAuthData authData,
+ final IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+
+ String authBlock = authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class);
+ if (StringUtils.isNotEmpty(authBlock)) {
+ return g.buildStringAttribute(EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, EID_AUTHBLOCK_SIGNED_NAME, authBlock);
+
+ } else {
+ throw new UnavailableAttributeException(EID_AUTHBLOCK_SIGNED_NAME);
+ }
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, EID_AUTHBLOCK_SIGNED_NAME);
+ }
+
+}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java
new file mode 100644
index 00000000..a4fe8c6c
--- /dev/null
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.asitplus.eidas.specific.connector.attributes;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata;
+import org.apache.commons.lang3.StringUtils;
+
+import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME;
+import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME;
+
+@PvpMetadata
+public class EidasBindAttributeBuilder implements IPvpAttributeBuilder {
+
+
+ @Override
+ public String getName() {
+ return EID_EIDBIND_NAME;
+ }
+
+ @Override
+ public <ATT> ATT build(final ISpConfiguration oaParam, final IAuthData authData,
+ final IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+
+ String eidasBind = authData.getGenericData(Constants.EIDAS_BIND, String.class);
+ if (StringUtils.isNotEmpty(eidasBind)) {
+ return g.buildStringAttribute(EID_EIDBIND_FRIENDLY_NAME, EID_EIDBIND_NAME, eidasBind);
+
+ } else {
+ throw new UnavailableAttributeException(EID_EIDBIND_NAME);
+ }
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(EID_EIDBIND_FRIENDLY_NAME, EID_EIDBIND_NAME);
+ }
+
+}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java
index b14faa62..13cceafb 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java
@@ -19,7 +19,7 @@
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
-*/
+ */
package at.asitplus.eidas.specific.connector.builder;
@@ -54,30 +54,35 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
public IAuthData buildAuthenticationData(IRequest pendingReq) throws EaafAuthenticationException {
final IAuthProcessDataContainer authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
- final AuthenticationData authData = new AuthenticationData();
+ AuthenticationData authData = new AuthenticationData();
- try {
- generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData);
+ boolean isEidModeNew = pendingReq.getServiceProviderConfiguration()
+ .isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false);
- // set specific informations
- authData.setSsoSessionValidTo(new Date(new Date().getTime()
- + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
+ if (isEidModeNew) {
+ authData = (AuthenticationData) super.buildAuthenticationData(pendingReq);
+ } else {
+ try {
+ generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData);
- } catch (EaafBuilderException | EaafParserException | EaafConfigurationException
- | XPathException | DOMException e) {
- log.warn("Can not build authentication data from auth. process information");
- throw new EaafAuthenticationException("builder.11", new Object[] { e.getMessage() }, e);
+ // set specific informations
+ authData.setSsoSessionValidTo(
+ new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
- }
+ } catch (EaafBuilderException | EaafParserException
+ | EaafConfigurationException | XPathException | DOMException e) {
+ log.warn("Can not build authentication data from auth. process information");
+ throw new EaafAuthenticationException("builder.11", new Object[]{e.getMessage()}, e);
+ }
+ }
return authData;
-
}
@Override
protected IAuthData buildDeprecatedAuthData(IRequest arg0) throws EaafException {
return new AuthenticationData();
-
+
}
@Override
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java
index 651b7b78..8dbb74c7 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java
@@ -173,4 +173,11 @@ public class PvpMetadataProvider extends AbstractChainingMetadataProvider {
return "Service-provider chainging metadata provider";
}
+
+ @Override
+ public void doDestroy() {
+ this.fullyDestroy();
+
+ }
+
}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
index 26176c49..a9eb06be 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
@@ -46,11 +46,13 @@ import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor;
@@ -107,120 +109,179 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
}
// post-process requested LoA
- final List<String> reqLoA = extractLoA(authnReq);
- log.trace("SP requests LoA with: {}", String.join(", ",reqLoA));
+ postprocessLoaLevel(pendingReq, authnReq);
+
+ // post-process requested LoA comparison-level
+ pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setLoAMachtingMode(
+ extractComparisonLevel(authnReq));
+
+ //extract information from requested attributes
+ extractFromRequestedAttriutes(pendingReq, authnReq);
- LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration(
- MsEidasNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL,
- EaafConstants.EIDAS_LOA_HIGH));
- if (minimumLoAFromConfig == null) {
- log.warn("Can not load minimum LoA from configuration. Use LoA: {} as default",
- EaafConstants.EIDAS_LOA_HIGH);
- minimumLoAFromConfig = LevelOfAssurance.HIGH;
+ } catch (final EaafStorageException e) {
+ log.info("Can NOT store Authn. Req. data into pendingRequest.", e);
+ throw new AuthnRequestValidatorException("internal.02", null, e);
- }
-
- log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...",
- minimumLoAFromConfig);
- final List<String> allowedLoA = new ArrayList<>();
- for (final String loa : reqLoA) {
- try {
- final LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa);
- String selectedLoA = EaafConstants.EIDAS_LOA_HIGH;
- if (intLoa != null
- && intLoa.numericValue() <= minimumLoAFromConfig.numericValue()) {
- log.info("Client: {} requested LoA: {} will be upgraded to: {}",
- pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(),
- loa,
- minimumLoAFromConfig);
- selectedLoA = minimumLoAFromConfig.getValue();
+ }
- }
+ }
- if (!allowedLoA.contains(selectedLoA)) {
- log.debug("Allow LoA: {} for Client: {}",
- selectedLoA,
- pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
- allowedLoA.add(selectedLoA);
+ private void extractFromRequestedAttriutes(IRequest pendingReq, AuthnRequest authnReq)
+ throws AuthnRequestValidatorException {
+ // validate and process requested attributes
+ boolean sectorDetected = false;
+
+ final ServiceProviderConfiguration spConfig = pendingReq.getServiceProviderConfiguration(
+ ServiceProviderConfiguration.class);
+
+ if (authnReq.getExtensions() != null) {
+ final List<XMLObject> requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects();
+ for (final XMLObject reqAttrObj : requestedAttributes) {
+ if (reqAttrObj instanceof EaafRequestedAttributes) {
+ final EaafRequestedAttributes reqAttr = (EaafRequestedAttributes) reqAttrObj;
+ if (reqAttr.getAttributes() != null && reqAttr.getAttributes().size() != 0) {
+ for (final EaafRequestedAttribute el : reqAttr.getAttributes()) {
+ log.trace("Processing req. attribute '" + el.getName() + "' ... ");
+ if (el.getName().equals(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
+ sectorDetected = extractBpkTargetIdentifier(el, spConfig);
+
+ } else if (el.getName().equals(ExtendedPvpAttributeDefinitions.EID_TRANSACTION_ID_NAME)) {
+ extractUniqueTransactionId(el, pendingReq);
+
+ } else {
+ log.debug("Ignore req. attribute: " + el.getName());
+
+ }
+ }
+ } else {
+ log.debug("No requested Attributes in Authn. Request");
+
}
- } catch (final IllegalArgumentException e) {
- log.warn("LoA: {} is currently NOT supported and it will be ignored.", loa);
-
+ } else {
+ log.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString());
+
}
-
}
+ }
+
+ if (!sectorDetected) {
+ log.warn("Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information.");
+ throw new AuthnRequestValidatorException("pvp2.22", new Object[] {
+ "NO or NO VALID target-sector information" });
- pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA(
- allowedLoA);
+ }
+
+ }
- // post-process requested LoA comparison-level
- final String reqLoAComperison = extractComparisonLevel(authnReq);
- pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setLoAMachtingMode(
- reqLoAComperison);
+ /**
+ * Extract unique transactionId from AuthnRequest.
+ *
+ * @param el Requested attribute from AuthnRequest
+ * @param pendingReq Current pendingRequest object (has to be of type {@link RequestImpl})
+ * @return <code>true</code> if transactionId extraction was successful, otherwise <code>false</code>
+ */
+ private boolean extractUniqueTransactionId(EaafRequestedAttribute el, IRequest pendingReq) {
+ if (!(pendingReq instanceof RequestImpl)) {
+ log.warn("Can NOT set unique transactionId from AuthnRequest,because 'PendingRequest' is NOT from Type: {}",
+ RequestImpl.class.getName());
+
+ } else {
+ if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
+ final String transactionId = el.getAttributeValues().get(0).getDOM().getTextContent();
+ ((RequestImpl)pendingReq).setUniqueTransactionIdentifier(transactionId);
+ return true;
- // validate and process requested attributes
- boolean sectorDetected = false;
+ } else {
+ log.warn("Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute",
+ el.getName());
+
+ }
- if (authnReq.getExtensions() != null) {
- final List<XMLObject> requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects();
- for (final XMLObject reqAttrObj : requestedAttributes) {
- if (reqAttrObj instanceof EaafRequestedAttributes) {
- final EaafRequestedAttributes reqAttr = (EaafRequestedAttributes) reqAttrObj;
- if (reqAttr.getAttributes() != null && reqAttr.getAttributes().size() != 0) {
- for (final EaafRequestedAttribute el : reqAttr.getAttributes()) {
- log.trace("Processing req. attribute '" + el.getName() + "' ... ");
- if (el.getName().equals(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
- if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
- final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent();
- final ServiceProviderConfiguration spConfig = pendingReq.getServiceProviderConfiguration(
- ServiceProviderConfiguration.class);
-
- try {
- spConfig.setBpkTargetIdentifier(sectorId);
- sectorDetected = true;
-
- } catch (final EaafException e) {
- log.info("Requested sector: " + sectorId + " DOES NOT match to allowed sectors for SP: "
- + spConfig.getUniqueIdentifier());
- }
-
- } else {
- log.info("Req. attribute '" + el.getName()
- + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute");
- }
-
- } else {
- log.debug("Ignore req. attribute: " + el.getName());
- }
-
- }
-
- } else {
- log.debug("No requested Attributes in Authn. Request");
- }
-
- } else {
- log.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString());
- }
+ }
+
+ return false;
+ }
+
+ /**
+ * Extract the bPK target from requested attribute.
+ *
+ * @param el Requested attribute from AuthnRequest
+ * @param spConfig Service-Provider configuration for current process
+ * @return <code>true</code> if bPK target extraction was successful, otherwise <code>false</code>
+ */
+ private boolean extractBpkTargetIdentifier(EaafRequestedAttribute el, ServiceProviderConfiguration spConfig) {
+ if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
+ final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent();
+ try {
+ spConfig.setBpkTargetIdentifier(sectorId);
+ return true;
+
+ } catch (final EaafException e) {
+ log.warn("Requested sector: " + sectorId + " DOES NOT match to allowed sectors for SP: "
+ + spConfig.getUniqueIdentifier());
+ }
+
+ } else {
+ log.warn("Req. attribute '" + el.getName()
+ + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute");
+ }
+
+ return false;
+
+ }
+ private void postprocessLoaLevel(IRequest pendingReq, AuthnRequest authnReq)
+ throws AuthnRequestValidatorException {
+ final List<String> reqLoA = extractLoA(authnReq);
+ log.trace("SP requests LoA with: {}", String.join(", ",reqLoA));
+
+ LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration(
+ MsEidasNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL,
+ EaafConstants.EIDAS_LOA_HIGH));
+ if (minimumLoAFromConfig == null) {
+ log.warn("Can not load minimum LoA from configuration. Use LoA: {} as default",
+ EaafConstants.EIDAS_LOA_HIGH);
+ minimumLoAFromConfig = LevelOfAssurance.HIGH;
+
+ }
+
+ log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...",
+ minimumLoAFromConfig);
+ final List<String> allowedLoA = new ArrayList<>();
+ for (final String loa : reqLoA) {
+ try {
+ final LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa);
+ String selectedLoA = EaafConstants.EIDAS_LOA_HIGH;
+ if (intLoa != null
+ && intLoa.numericValue() <= minimumLoAFromConfig.numericValue()) {
+ log.info("Client: {} requested LoA: {} will be upgraded to: {}",
+ pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(),
+ loa,
+ minimumLoAFromConfig);
+ selectedLoA = minimumLoAFromConfig.getValue();
+
}
- }
- if (!sectorDetected) {
- log.info("Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information.");
- throw new AuthnRequestValidatorException("pvp2.22", new Object[] {
- "NO or NO VALID target-sector information" });
+ if (!allowedLoA.contains(selectedLoA)) {
+ log.debug("Allow LoA: {} for Client: {}",
+ selectedLoA,
+ pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
+ allowedLoA.add(selectedLoA);
- }
+ }
- } catch (final EaafStorageException e) {
- log.info("Can NOT store Authn. Req. data into pendingRequest.", e);
- throw new AuthnRequestValidatorException("internal.02", null, e);
+ } catch (final IllegalArgumentException e) {
+ log.warn("LoA: {} is currently NOT supported and it will be ignored.", loa);
+
+ }
}
+ pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA(
+ allowedLoA);
+
}
private String extractComparisonLevel(AuthnRequest authnReq) {
diff --git a/connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
new file mode 100644
index 00000000..8508cc4b
--- /dev/null
+++ b/connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -0,0 +1,2 @@
+at.asitplus.eidas.specific.connector.attributes.AuthBlockAttributeBuilder
+at.asitplus.eidas.specific.connector.attributes.EidasBindAttributeBuilder
diff --git a/connector/src/main/resources/SpringTest_connector.beans.xml b/connector/src/main/resources/SpringTest_connector.beans.xml
new file mode 100644
index 00000000..5cf0d5b8
--- /dev/null
+++ b/connector/src/main/resources/SpringTest_connector.beans.xml
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xmlns:mvc="http://www.springframework.org/schema/mvc"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
+ http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
+
+ <context:annotation-config />
+ <mvc:annotation-driven />
+ <mvc:default-servlet-handler />
+
+ <bean id="WebResourceConfiguration"
+ class="at.asitplus.eidas.specific.connector.config.StaticResourceConfiguration" />
+
+ <bean id="ProcessEngineSignalController"
+ class="at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalController" />
+
+ <bean id="MonitoringController"
+ class="at.asitplus.eidas.specific.connector.controller.MonitoringController">
+ <property name="pvpIdpCredentials">
+ <ref bean="PVPEndPointCredentialProvider" />
+ </property>
+ </bean>
+
+ <bean id="AuthenticationManager"
+ class="at.asitplus.eidas.specific.connector.auth.AuthenticationManager" />
+
+ <bean id="AuthenticationDataBuilder"
+ class="at.asitplus.eidas.specific.connector.builder.AuthenticationDataBuilder" />
+
+ <bean id="PVPEndPointConfiguration"
+ class="at.asitplus.eidas.specific.connector.config.PvpEndPointConfiguration" />
+
+ <bean id="PVPEndPointCredentialProvider"
+ class="at.asitplus.eidas.specific.connector.provider.PvpEndPointCredentialProvider" />
+
+ <bean id="PVPMetadataConfigurationFactory"
+ class="at.asitplus.eidas.specific.connector.provider.PvpMetadataConfigurationFactory" />
+
+ <bean id="PVP2XProtocol"
+ class="at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint">
+ <property name="pvpIdpCredentials">
+ <ref bean="PVPEndPointCredentialProvider" />
+ </property>
+ </bean>
+
+ <bean id="AuthnRequestValidator"
+ class="at.asitplus.eidas.specific.connector.verification.AuthnRequestValidator" />
+
+ <bean id="SAMLVerificationEngine"
+ class="at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine" />
+
+ <bean id="pvpMetadataService"
+ class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.MetadataAction">
+ <property name="pvpIdpCredentials">
+ <ref bean="PVPEndPointCredentialProvider" />
+ </property>
+ </bean>
+
+ <bean id="PVPAuthenticationRequestAction"
+ class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AuthenticationAction">
+ <property name="pvpIdpCredentials">
+ <ref bean="PVPEndPointCredentialProvider" />
+ </property>
+ </bean>
+
+ <bean id="eaafProtocolAuthenticationService"
+ class="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService">
+ <property name="guiBuilder" ref="mvcGUIBuilderImpl" />
+ </bean>
+
+ <bean id="securePendingRequestIdGeneration"
+ class="at.gv.egiz.eaaf.core.impl.utils.SecurePendingRequestIdGenerationStrategy" />
+
+ <bean id="PVPMetadataProvider"
+ class="at.asitplus.eidas.specific.connector.provider.PvpMetadataProvider" />
+
+ <bean id="PVPSubjectNameGenerator"
+ class="at.asitplus.eidas.specific.connector.builder.PvpSubjectNameGenerator" />
+
+ <bean id="LoALevelMapper"
+ class="at.asitplus.eidas.specific.connector.mapper.LoALevelMapper" />
+
+ <bean id="GUIBuilderConfigurationFactory"
+ class="at.asitplus.eidas.specific.connector.gui.GuiBuilderConfigurationFactory" />
+
+ <bean id="velocityGUIBuilderImpl"
+ class="at.asitplus.eidas.specific.connector.gui.DefaultVelocityGuiBuilderImpl" />
+
+ <bean id="mvcGUIBuilderImpl"
+ class="at.asitplus.eidas.specific.connector.gui.SpringMvcGuiFormBuilderImpl" />
+
+ <bean id="templateEngine"
+ class="org.thymeleaf.spring5.SpringTemplateEngine">
+ <property name="templateResolver" ref="templateResolver" />
+ </bean>
+
+ <bean class="org.thymeleaf.spring5.view.ThymeleafViewResolver">
+ <property name="order" value="2" />
+ <property name="templateEngine" ref="templateEngine" />
+ <property name="characterEncoding" value="UTF-8" />
+ </bean>
+
+ <bean id="StatusMessageProvider"
+ class="at.asitplus.eidas.specific.connector.provider.StatusMessageProvider" />
+
+ <bean id="eidasRevisionLogger"
+ class="at.asitplus.eidas.specific.connector.logger.RevisionLogger" />
+
+ <bean id="eidasStatisticLogger"
+ class="at.asitplus.eidas.specific.connector.logger.StatisticLogger" />
+
+
+ <!-- Tasks -->
+ <bean id="GenerateCountrySelectionFrameTask"
+ class="at.asitplus.eidas.specific.connector.processes.tasks.GenerateCountrySelectionFrameTask"
+ scope="prototype" />
+
+ <bean id="EvaluateCountrySelectionTask"
+ class="at.asitplus.eidas.specific.connector.processes.tasks.EvaluateCountrySelectionTask"
+ scope="prototype" />
+
+</beans> \ No newline at end of file
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthenticationDataBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthenticationDataBuilderTest.java
new file mode 100644
index 00000000..1721fe61
--- /dev/null
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthenticationDataBuilderTest.java
@@ -0,0 +1,107 @@
+package at.asitplus.eidas.specific.connector.test;
+
+
+import at.asitplus.eidas.specific.connector.builder.AuthenticationDataBuilder;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.config.InitializationException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.i18n.LocaleContextHolder;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({"/applicationContext.xml", "/SpringTest_connector.beans.xml", "/eaaf_core.beans.xml", "/eaaf_pvp.beans.xml", "/eaaf_pvp_idp.beans.xml", "/spring/SpringTest-context_simple_storage.xml"})
+@WebAppConfiguration
+public class AuthenticationDataBuilderTest {
+
+ @Autowired
+ private AuthenticationDataBuilder authenticationDataBuilder;
+
+ @Autowired(required = true)
+ private IConfiguration basicConfig;
+
+ private MockHttpServletRequest httpReq;
+ private MockHttpServletResponse httpResp;
+ private TestRequestImpl pendingReq;
+
+ private DummySpConfiguration oaParam;
+
+ private String eidasBind;
+ private String authBlock;
+
+
+ @BeforeClass
+ public static void classInitializer() throws InitializationException, ComponentInitializationException {
+ final String current = new java.io.File(".").toURI().toString();
+ System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_3.properties");
+
+ EaafOpenSaml3xInitializer.eaafInitialize();
+ }
+
+ @Before
+ public void initialize() throws EaafStorageException {
+ httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+ httpResp = new MockHttpServletResponse();
+ RequestContextHolder.resetRequestAttributes();
+ RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+ final Map<String, String> spConfig = new HashMap<>();
+ spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp");
+ spConfig.put("target", "urn:publicid:gv.at:cdid+XX");
+ spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true");
+ oaParam = new DummySpConfiguration(spConfig, basicConfig);
+
+ pendingReq = new TestRequestImpl();
+ pendingReq.setAuthUrl("https://localhost/ms_connector");
+ pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+ pendingReq.setSpConfig(oaParam);
+ pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
+ authBlock = RandomStringUtils.randomAlphanumeric(20);
+ eidasBind = RandomStringUtils.randomAlphanumeric(20);
+ pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(Constants.SZR_AUTHBLOCK, authBlock);
+ pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(Constants.EIDAS_BIND, eidasBind);
+ LocaleContextHolder.resetLocaleContext();
+ }
+
+ @Test
+ public void first() throws EaafAuthenticationException {
+ IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+ Assert.assertNotNull("AuthData null", authData);
+ Assert.assertNotNull("authBlock null", authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class));
+ Assert.assertNotNull("eidasBind null", authData.getGenericData(Constants.EIDAS_BIND, String.class));
+ Assert.assertNotNull("eidasBind null", authData.getEidasQaaLevel());
+ String authBlock = authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class);
+ String eidasBind = authData.getGenericData(Constants.EIDAS_BIND, String.class);
+
+ Assert.assertEquals("authBlock not equal", authBlock, this.authBlock);
+ Assert.assertEquals("eidasBind not equal", eidasBind, this.eidasBind);
+ }
+
+}
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java
index e34c8036..389f561e 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java
@@ -33,11 +33,14 @@ import org.xml.sax.SAXException;
import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration;
import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PvpSProfilePendingRequest;
import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
@@ -53,12 +56,12 @@ import net.shibboleth.utilities.java.support.component.ComponentInitializationEx
@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
public class AuthnRequestValidatorTest {
- @Autowired private IConfiguration basicConfig;
+ @Autowired private IConfigurationWithSP basicConfig;
@Autowired protected IAuthnRequestPostProcessor authRequestValidator;
private MockHttpServletRequest httpReq;
private MockHttpServletResponse httpResp;
- private TestRequestImpl pendingReq;
+ private PvpSProfilePendingRequest pendingReq;
/**
* jUnit class initializer.
@@ -76,10 +79,11 @@ public class AuthnRequestValidatorTest {
/**
* jUnit test set-up.
+ * @throws EaafException
*
*/
@Before
- public void initialize() {
+ public void initialize() throws EaafException {
httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
httpResp = new MockHttpServletResponse();
RequestContextHolder.resetRequestAttributes();
@@ -88,10 +92,12 @@ public class AuthnRequestValidatorTest {
Map<String, String> spConfig = new HashMap<>();
spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphabetic(10));
- pendingReq = new TestRequestImpl();
- pendingReq.setAuthUrl("https://localhost/ms_connector");
- pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
- pendingReq.setSpConfig(new ServiceProviderConfiguration(spConfig, basicConfig));
+ pendingReq = new PvpSProfilePendingRequest();
+ pendingReq.initialize(httpReq, basicConfig);
+ pendingReq.setPendingRequestId(RandomStringUtils.randomAlphanumeric(10));
+ pendingReq.setOnlineApplicationConfiguration(new ServiceProviderConfiguration(spConfig, basicConfig));
+ ((RequestImpl)pendingReq).setUniqueTransactionIdentifier(null);
+
}
@Test
@@ -128,6 +134,8 @@ public class AuthnRequestValidatorTest {
Assert.assertEquals("bPK target not match", "urn:publicid:gv.at:cdid+BF",
pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+ Assert.assertNull("wrong transactionId", pendingReq.getUniqueTransactionIdentifier());
+
}
@Test
@@ -164,6 +172,8 @@ public class AuthnRequestValidatorTest {
Assert.assertEquals("bPK target not match", "urn:publicid:gv.at:cdid+BF",
pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+ Assert.assertNull("wrong transactionId", pendingReq.getUniqueTransactionIdentifier());
+
}
@Test
@@ -200,6 +210,30 @@ public class AuthnRequestValidatorTest {
Assert.assertEquals("bPK target not match", "urn:publicid:gv.at:cdid+XX",
pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+ Assert.assertEquals("wrong transactionId", "transId_11223344556677aabbcc",
+ pendingReq.getUniqueTransactionIdentifier());
+
+ }
+
+ @Test
+ public void transactionIdWrongPendingReqType() throws AuthnRequestValidatorException, ParserConfigurationException,
+ SAXException, IOException, UnmarshallingException {
+
+ Map<String, String> spConfig = new HashMap<>();
+ spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphabetic(10));
+
+ TestRequestImpl pendingReqLocal = new TestRequestImpl();
+ pendingReqLocal.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+ pendingReqLocal.setSpConfig(new ServiceProviderConfiguration(spConfig, basicConfig));
+
+ AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_3.xml");
+
+ //test
+ authRequestValidator.process(httpReq, pendingReqLocal, authReq, null);
+
+ //validate
+ Assert.assertNull("wrong transactionId", pendingReqLocal.getUniqueTransactionIdentifier());
+
}
@Test
@@ -214,7 +248,7 @@ public class AuthnRequestValidatorTest {
} catch (AuthnRequestValidatorException e) {
Assert.assertEquals("Wrong errorCode", "pvp2.22", e.getErrorId());
-
+
}
}
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/AuthBlockAttributeBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/AuthBlockAttributeBuilderTest.java
new file mode 100644
index 00000000..b7c6cd44
--- /dev/null
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/AuthBlockAttributeBuilderTest.java
@@ -0,0 +1,97 @@
+package at.asitplus.eidas.specific.connector.test.attributes;
+
+import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.asitplus.eidas.specific.connector.attributes.AuthBlockAttributeBuilder;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.auth.attributes.AbstractAttributeBuilderTest;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/SpringTest-context_eaaf_core.xml")
+public class AuthBlockAttributeBuilderTest extends AbstractAttributeBuilderTest {
+
+ private final String JSW =
+ "eyJhbGciOiJQUzI1NiIsIng1dCNTMjU2IjoiTjBDZUJRdzlMX1BleEt6SlhVM2w2dkF1aExGb3hkWFlIUjNSX01ubTZnRSJ9.ImF2YWFz" +
+ "YmF2Ig.dpzCcHFlISXyKEZaXgvRj0ja1cenfMuy0VKwK_rmHZLkUCb58V4X5balpQduDTyRfTyFE0zmBjm8_cmDVNOYTIG4NsEtvY" +
+ "qW4ee9JH-VpkU0w5-7HTH81R3JOd9g7XaHGPXYyUuqceZQRmkl1Vw4HSsnIAT3bb0Di0us6zmFkOPmRtbXQAym_ygGFwTVGLskUTm" +
+ "epCxmDQC7OJoIV9oqDavLySP7Ram4NHfi043uF_DmBf6csTjmQu3g2vKJWwlkD8RXDzqksozO8fLDFyVWjA8G1IcvnuHDW1nTTkuG" +
+ "_fBIU6yBZ7kQe9vtjqKiGhGa1zD-F_Lem2zsY7d7dVUvyQ";
+ private final IAttributeBuilder attrBuilde = new AuthBlockAttributeBuilder();
+
+ @Rule
+ public TestName mTestName = new TestName();
+
+ @Before
+ public void init() {
+ log.info("setting up");
+ }
+
+ @Test
+ public void okTest() {
+ log.info("starting: " + mTestName);
+ try {
+ final IAuthData authData = buildAuthData();
+ ((AuthenticationData) authData).setGenericData(Constants.SZR_AUTHBLOCK, JSW);
+
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Authblock build wrong", JSW, value);
+
+ } catch (final Exception e) {
+ Assert.assertNull("Attr. builder has an exception", e);
+ }
+ }
+
+
+ @Test
+ public void nullTest() {
+ log.info("starting: " + mTestName);
+ try {
+ final IAuthData authData = buildAuthData();
+ ((AuthenticationData) authData).setGenericData(Constants.SZR_AUTHBLOCK, null);
+
+ final String value = attrBuilde.build(spConfig, authData, gen);
+ Assert.fail("Attr. Builder provide no 'UnavailableAttributeException'");
+
+ } catch (final Exception e) {
+ Assert.assertTrue("Attr. builder provide wrong exception",
+ e instanceof UnavailableAttributeException);
+ Assert.assertEquals("Attr. name in exception does NOT match",
+ EID_AUTHBLOCK_SIGNED_NAME,
+ ((UnavailableAttributeException) e).getAttributeName());
+ }
+ }
+
+ @Test
+ public void emptyTest() {
+ log.info("starting: " + mTestName);
+ try {
+ final IAuthData authData = buildAuthData();
+ ((AuthenticationData) authData).setGenericData(Constants.SZR_AUTHBLOCK, "");
+
+ final String value = attrBuilde.build(spConfig, authData, gen);
+ Assert.fail("Attr. Builder provide no 'UnavailableAttributeException'");
+
+ } catch (final Exception e) {
+ Assert.assertTrue("Attr. builder provide wrong exception",
+ e instanceof UnavailableAttributeException);
+ Assert.assertEquals("Attr. name in exception does NOT match",
+ EID_AUTHBLOCK_SIGNED_NAME,
+ ((UnavailableAttributeException) e).getAttributeName()); }
+ }
+}
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/EidasBindAttributeBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/EidasBindAttributeBuilderTest.java
new file mode 100644
index 00000000..254efb59
--- /dev/null
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/EidasBindAttributeBuilderTest.java
@@ -0,0 +1,92 @@
+package at.asitplus.eidas.specific.connector.test.attributes;
+
+import at.asitplus.eidas.specific.connector.attributes.EidasBindAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.auth.attributes.AbstractAttributeBuilderTest;
+import lombok.extern.slf4j.Slf4j;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.EIDAS_BIND;
+
+
+@Slf4j
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/SpringTest-context_eaaf_core.xml")
+public class EidasBindAttributeBuilderTest extends AbstractAttributeBuilderTest {
+
+ private final IAttributeBuilder attrBuilde = new EidasBindAttributeBuilder();
+
+ @Rule
+ public TestName mTestName = new TestName();
+
+ @Before
+ public void init() {
+ log.info("setting up");
+ }
+
+ @Test
+ public void okTest() {
+ log.info("starting: " + mTestName);
+ try {
+ final IAuthData authData = buildAuthData();
+ ((AuthenticationData) authData).setGenericData(EIDAS_BIND, "vuG8w29GT0");
+
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("eDIAS bind build wrong", "vuG8w29GT0", value);
+
+ } catch (final Exception e) {
+ Assert.assertNull("Attr. builder has an exception", e);
+ }
+ }
+
+ @Test
+ public void nullTest() {
+ log.info("starting: " + mTestName);
+ try {
+ final IAuthData authData = buildAuthData();
+ ((AuthenticationData) authData).setGenericData(EIDAS_BIND, null);
+
+ final String value = attrBuilde.build(spConfig, authData, gen);
+ Assert.fail("Attr. Builder provide no 'UnavailableAttributeException'");
+
+ } catch (final Exception e) {
+ Assert.assertTrue("Attr. builder provide wrong exception",
+ e instanceof UnavailableAttributeException);
+ Assert.assertEquals("Attr. name in exception does NOT match",
+ ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME,
+ ((UnavailableAttributeException) e).getAttributeName());
+ }
+ }
+
+ @Test
+ public void emptyTest() {
+ log.info("starting: " + mTestName);
+ try {
+ final IAuthData authData = buildAuthData();
+ ((AuthenticationData) authData).setGenericData(EIDAS_BIND, "");
+
+ final String value = attrBuilde.build(spConfig, authData, gen);
+ Assert.fail("Attr. Builder provide no 'UnavailableAttributeException'");
+
+ } catch (final Exception e) {
+ Assert.assertTrue("Attr. builder provide wrong exception",
+ e instanceof UnavailableAttributeException);
+ Assert.assertEquals("Attr. name in exception does NOT match",
+ ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME,
+ ((UnavailableAttributeException) e).getAttributeName()); }
+ }
+
+
+}
diff --git a/connector/src/test/resources/config/junit_config_1.properties b/connector/src/test/resources/config/junit_config_1.properties
index 8bff74a9..3350f947 100644
--- a/connector/src/test/resources/config/junit_config_1.properties
+++ b/connector/src/test/resources/config/junit_config_1.properties
@@ -1,5 +1,5 @@
## Basic service configuration
-eidas.ms.context.url.prefix=
+eidas.ms.context.url.prefix=http://localhost
eidas.ms.context.url.request.validation=false
eidas.ms.context.use.clustermode=true
@@ -80,12 +80,13 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true
## PVP2 S-Profile end-point configuration
+eidas.ms.pvp2.keystore.type=jks
eidas.ms.pvp2.keystore.path=keys/junit.jks
eidas.ms.pvp2.keystore.password=password
-eidas.ms.pvp2.key.metadata.alias=
-eidas.ms.pvp2.key.metadata.password=
-eidas.ms.pvp2.key.signing.alias=
-eidas.ms.pvp2.key.signing.password=
+eidas.ms.pvp2.key.metadata.alias=meta
+eidas.ms.pvp2.key.metadata.password=password
+eidas.ms.pvp2.key.signing.alias=sig
+eidas.ms.pvp2.key.signing.password=password
eidas.ms.pvp2.metadata.validity=24
eidas.ms.pvp2.metadata.organisation.name=JUnit
diff --git a/connector/src/test/resources/config/junit_config_3.properties b/connector/src/test/resources/config/junit_config_3.properties
new file mode 100644
index 00000000..32e30790
--- /dev/null
+++ b/connector/src/test/resources/config/junit_config_3.properties
@@ -0,0 +1,116 @@
+## Basic service configuration
+eidas.ms.context.url.prefix=
+eidas.ms.context.url.request.validation=false
+
+eidas.ms.context.use.clustermode=true
+
+##Monitoring
+eidas.ms.monitoring.eIDASNode.metadata.url=
+
+
+##Specific logger configuration
+eidas.ms.technicallog.write.MDS.into.techlog=true
+eidas.ms.revisionlog.write.MDS.into.revisionlog=true
+eidas.ms.revisionlog.logIPAddressOfUser=true
+
+##Directory for static Web content
+eidas.ms.webcontent.static.directory=webcontent/
+eidas.ms.webcontent.templates=templates/
+eidas.ms.webcontent.properties=properties/messages
+eidas.ms.webcontent.templates.countryselection=countrySelection.html
+
+## extended validation of pending-request Id's
+eidas.ms.core.pendingrequestid.maxlifetime=300
+eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256
+eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret
+
+## eIDAS Ref. Implementation connector ###
+eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector
+eidas.ms.auth.eIDAS.node_v2.forward.endpoint=
+eidas.ms.auth.eIDAS.node_v2.forward.method=POST
+eidas.ms.auth.eIDAS.node_v2.countrycode=AT
+eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.*
+eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true
+eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true
+eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true
+
+eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/substantial
+
+eidas.ms.auth.eIDAS.szrclient.useTestService=true
+eidas.ms.auth.eIDAS.szrclient.endpoint.prod=
+eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr
+eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/junit.jks
+eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password=password
+eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path=
+eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password=
+eidas.ms.auth.eIDAS.szrclient.timeout.connection=15
+eidas.ms.auth.eIDAS.szrclient.timeout.response=30
+eidas.ms.auth.eIDAS.szrclient.params.vkz=
+
+eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false
+
+
+#Raw eIDAS Id data storage
+eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true
+
+eidas.ms.auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true
+eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true
+
+eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true
+eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=true
+
+##without mandates
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.2=FirstName,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.3=DateOfBirth,true
+
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.4=PlaceOfBirth,false
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.5=BirthName,false
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.6=Gender,false
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.7=CurrentAddress,false
+
+##with mandates ---- NOT FULLY SUPPORTED AT THE MOMENT -----
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.0=PersonIdentifier,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.1=FamilyName,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.2=FirstName,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.3=DateOfBirth,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true
+
+
+## PVP2 S-Profile end-point configuration
+eidas.ms.pvp2.keystore.type=jks
+eidas.ms.pvp2.keystore.path=keys/junit.jks
+eidas.ms.pvp2.keystore.password=password
+eidas.ms.pvp2.key.metadata.alias=
+eidas.ms.pvp2.key.metadata.password=
+eidas.ms.pvp2.key.signing.alias=
+eidas.ms.pvp2.key.signing.password=
+eidas.ms.pvp2.metadata.validity=24
+
+eidas.ms.pvp2.metadata.organisation.name=JUnit
+eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit
+eidas.ms.pvp2.metadata.organisation.url=http://junit.test
+eidas.ms.pvp2.metadata.contact.givenname=Max
+eidas.ms.pvp2.metadata.contact.surname=Mustermann
+eidas.ms.pvp2.metadata.contact.email=max@junit.test
+
+## Service Provider configuration
+eidas.ms.sp.0.uniqueID=
+eidas.ms.sp.0.pvp2.metadata.truststore=keys/junit.jks
+eidas.ms.sp.0.pvp2.metadata.truststore.password=password
+eidas.ms.sp.0.newEidMode=true
+
+#eidas.ms.sp.0.friendlyName=
+#eidas.ms.sp.0.pvp2.metadata.url=
+#eidas.ms.sp.0.policy.allowed.requested.targets=.*
+#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false
+
+
+##only for advanced config
+eidas.ms.configuration.sp.disableRegistrationRequirement=
+eidas.ms.configuration.restrictions.baseID.spTransmission=
+eidas.ms.configuration.auth.default.countrycode=
+eidas.ms.configuration.pvp.scheme.validation=
+eidas.ms.configuration.pvp.enable.entitycategories= \ No newline at end of file
diff --git a/connector/src/test/resources/data/pvp2_authn_2.xml b/connector/src/test/resources/data/pvp2_authn_2.xml
index 5f21af05..dbf46622 100644
--- a/connector/src/test/resources/data/pvp2_authn_2.xml
+++ b/connector/src/test/resources/data/pvp2_authn_2.xml
@@ -28,6 +28,10 @@
<eid:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
<eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:cdid+BF</eid:AttributeValue>
</eid:RequestedAttribute>
+ <eid:RequestedAttribute FriendlyName="transactionId" Name="urn:eidgvat:attributes.transactionId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+ <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">transId_11223344556677aabbcc</eid:AttributeValue>
+ <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">transId_second</eid:AttributeValue>
+ </eid:RequestedAttribute>
</eid:RequestedAttributes>
</saml2p:Extensions>
<saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
diff --git a/connector/src/test/resources/data/pvp2_authn_3.xml b/connector/src/test/resources/data/pvp2_authn_3.xml
index bf356da7..35e49b0f 100644
--- a/connector/src/test/resources/data/pvp2_authn_3.xml
+++ b/connector/src/test/resources/data/pvp2_authn_3.xml
@@ -28,6 +28,9 @@
<eid:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
<eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:cdid+XX</eid:AttributeValue>
</eid:RequestedAttribute>
+ <eid:RequestedAttribute FriendlyName="transactionId" Name="urn:eidgvat:attributes.transactionId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+ <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">transId_11223344556677aabbcc</eid:AttributeValue>
+ </eid:RequestedAttribute>
</eid:RequestedAttributes>
</saml2p:Extensions>
<saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>