diff options
| author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-12-15 18:21:07 +0100 | 
|---|---|---|
| committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-12-15 18:21:07 +0100 | 
| commit | 47e2b6c838233aec6482ae81db91d8d48f0d3ea3 (patch) | |
| tree | 495db98e50d49f8170896df6a4577a8e480866d0 /connector | |
| parent | 230e6c3890c7e63b286e9a08001e5ffd63743d2c (diff) | |
| parent | 76bba5972cfa6d6272a73cbdf56a8705419c55c8 (diff) | |
| download | National_eIDAS_Gateway-47e2b6c838233aec6482ae81db91d8d48f0d3ea3.tar.gz National_eIDAS_Gateway-47e2b6c838233aec6482ae81db91d8d48f0d3ea3.tar.bz2 National_eIDAS_Gateway-47e2b6c838233aec6482ae81db91d8d48f0d3ea3.zip | |
Merge branch 'feature/EID_connection' into 'nightlybuild'
Feature/eid connection
See merge request egiz/eidas_at_proxy!2
Diffstat (limited to 'connector')
15 files changed, 1136 insertions, 86 deletions
| diff --git a/connector/checks/spotbugs-exclude.xml b/connector/checks/spotbugs-exclude.xml new file mode 100644 index 00000000..5d4fd515 --- /dev/null +++ b/connector/checks/spotbugs-exclude.xml @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> +<FindBugsFilter> +    <Match> +      <!-- Write only application status into response. Should be removed if we switch to Spring Actuator --> +      <Class name="at.asitplus.eidas.specific.connector.controller.MonitoringController" /> +      <Method name="startSingleTests" /> +      <Bug pattern="XSS_SERVLET" />                +    </Match> +    <Match> +      <!-- CSFR protection is implemented by pendingRequestId that is an one-time token  +           Endpoint for Metadata generation can be unrestrected by design --> +      <OR> +        <Class name="at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalController" /> +        <Class name="at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint" /> +      </OR> +      <OR> +        <Method name="performGenericAuthenticationProcess" /> +        <Method name="pvpMetadataRequest" /> +      </OR> +      <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" />                +    </Match> +</FindBugsFilter> diff --git a/connector/pom.xml b/connector/pom.xml index 6621fb0f..3c2ddf07 100644 --- a/connector/pom.xml +++ b/connector/pom.xml @@ -156,6 +156,15 @@          </executions>        </plugin> +      <plugin> +        <groupId>com.github.spotbugs</groupId> +        <artifactId>spotbugs-maven-plugin</artifactId> +        <version>${spotbugs-maven-plugin.version}</version> +        <configuration> +          <excludeFilterFile>checks/spotbugs-exclude.xml</excludeFilterFile> +        </configuration> +      </plugin> +      </plugins>    </build>  </project> diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java index 13cceafb..c41660ce 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java @@ -25,70 +25,63 @@ package at.asitplus.eidas.specific.connector.builder;  import java.util.Date; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory;  import org.springframework.stereotype.Service; -import org.w3c.dom.DOMException;  import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;  import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;  import at.gv.egiz.eaaf.core.api.idp.IAuthData;  import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;  import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; -import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;  import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;  import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafParserException; -import at.gv.egiz.eaaf.core.exceptions.XPathException;  import at.gv.egiz.eaaf.core.impl.data.Pair;  import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;  import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;  import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import lombok.extern.slf4j.Slf4j;  @Service("AuthenticationDataBuilder") +@Slf4j  public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder { -  private static final Logger log = LoggerFactory.getLogger(AuthenticationDataBuilder.class); - +      @Override -  public IAuthData buildAuthenticationData(IRequest pendingReq) throws EaafAuthenticationException { - -    final IAuthProcessDataContainer authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); +  protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException {         +    final IAuthProcessDataContainer authProcessData = +        pendingReq.getSessionData(AuthProcessDataWrapper.class);          AuthenticationData authData = new AuthenticationData(); - -    boolean isEidModeNew = pendingReq.getServiceProviderConfiguration() -        .isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false); - -    if (isEidModeNew) { -      authData = (AuthenticationData) super.buildAuthenticationData(pendingReq); -    } else { -      try { -        generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData); - -        // set specific informations -        authData.setSsoSessionValidTo( -            new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); - -      } catch (EaafBuilderException | EaafParserException -          | EaafConfigurationException | XPathException | DOMException e) { -        log.warn("Can not build authentication data from auth. process information"); -        throw new EaafAuthenticationException("builder.11", new Object[]{e.getMessage()}, e); - -      } -    } +     +    //set basis infos +    super.generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData); +     +    // set specific informations +    authData.setSsoSessionValidTo( +        new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); +          return authData; -  } - -  @Override -  protected IAuthData buildDeprecatedAuthData(IRequest arg0) throws EaafException { -    return new AuthenticationData();    }    @Override -  protected void buildServiceSpecificAuthenticationData(IAuthData arg0, IRequest arg1) throws EaafException { -    // TODO Auto-generated method stub - +  protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq)  +      throws EaafException { +    if (authData instanceof AuthenticationData) { +      ((AuthenticationData)authData).setGenericData( +          ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME,  +          pendingReq.getUniquePiiTransactionIdentifier()); +      log.trace("Inject piiTransactionId: {} into AuthData", pendingReq.getUniquePiiTransactionIdentifier()); +     +      // set specific informations +      ((AuthenticationData)authData).setSsoSessionValidTo( +          new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); + +       +    } else { +      throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: "  +          + authData.getClass().getName()); +       +    } +            }    @Override @@ -100,8 +93,6 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder    @Override    protected Pair<String, String> buildOAspecificbPK(IRequest pendingReq, AuthenticationData authData)        throws EaafBuilderException { -    // TODO: check if bPK already exists -      return super.buildOAspecificbPK(pendingReq, authData);    } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/MonitoringController.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/MonitoringController.java index aa45c836..f2d9fc8c 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/MonitoringController.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/MonitoringController.java @@ -34,6 +34,7 @@ import org.apache.commons.text.StringEscapeUtils;  import org.apache.http.client.methods.CloseableHttpResponse;  import org.apache.http.client.methods.HttpGet;  import org.apache.http.client.methods.HttpUriRequest; +import org.apache.http.client.utils.URIBuilder;  import org.apache.http.impl.client.CloseableHttpClient;  import org.slf4j.Logger;  import org.slf4j.LoggerFactory; @@ -250,9 +251,9 @@ public class MonitoringController {        }        // create HTTP client -      // TODO: update if we switch to openSAML3 -      CloseableHttpClient httpClient = httpClientFactory.getHttpClient(); -      HttpUriRequest request = new HttpGet(urlString); +      CloseableHttpClient httpClient = httpClientFactory.getHttpClient();       +      URIBuilder uriBuilder = new URIBuilder(urlString);       +      HttpUriRequest request = new HttpGet(uriBuilder.build());        final CloseableHttpResponse respCode = httpClient.execute(request);        if (respCode.getStatusLine().getStatusCode() != 200) { diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthenticationDataBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthenticationDataBuilderTest.java index 1721fe61..316dcb5f 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthenticationDataBuilderTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthenticationDataBuilderTest.java @@ -1,18 +1,15 @@  package at.asitplus.eidas.specific.connector.test; +import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; + +import java.io.IOException; +import java.security.PublicKey; +import java.util.Date; +import java.util.HashMap; +import java.util.Map; + +import javax.xml.transform.TransformerException; -import at.asitplus.eidas.specific.connector.builder.AuthenticationDataBuilder; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; -import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; -import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; -import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; -import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; -import net.shibboleth.utilities.java.support.component.ComponentInitializationException;  import org.apache.commons.lang3.RandomStringUtils;  import org.junit.Assert;  import org.junit.Before; @@ -29,14 +26,32 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;  import org.springframework.test.context.web.WebAppConfiguration;  import org.springframework.web.context.request.RequestContextHolder;  import org.springframework.web.context.request.ServletRequestAttributes; +import org.w3c.dom.Element; -import java.util.HashMap; -import java.util.Map; - -import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; +import at.asitplus.eidas.specific.connector.builder.AuthenticationDataBuilder; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EaafParserException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import net.shibboleth.utilities.java.support.component.ComponentInitializationException;  @RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration({"/applicationContext.xml", "/SpringTest_connector.beans.xml", "/eaaf_core.beans.xml", "/eaaf_pvp.beans.xml", "/eaaf_pvp_idp.beans.xml", "/spring/SpringTest-context_simple_storage.xml"}) +@ContextConfiguration({ "/applicationContext.xml", "/SpringTest_connector.beans.xml", "/eaaf_core.beans.xml", +    "/eaaf_pvp.beans.xml", "/eaaf_pvp_idp.beans.xml", "/spring/SpringTest-context_simple_storage.xml" })  @WebAppConfiguration  public class AuthenticationDataBuilderTest { @@ -55,11 +70,11 @@ public class AuthenticationDataBuilderTest {    private String eidasBind;    private String authBlock; -    @BeforeClass    public static void classInitializer() throws InitializationException, ComponentInitializationException {      final String current = new java.io.File(".").toURI().toString(); -    System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_3.properties"); +    System.setProperty("eidas.ms.configuration", current +        + "src/test/resources/config/junit_config_3.properties");      EaafOpenSaml3xInitializer.eaafInitialize();    } @@ -80,28 +95,258 @@ public class AuthenticationDataBuilderTest {      pendingReq = new TestRequestImpl();      pendingReq.setAuthUrl("https://localhost/ms_connector");      pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); +    pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10));      pendingReq.setSpConfig(oaParam); -    pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);      authBlock = RandomStringUtils.randomAlphanumeric(20);      eidasBind = RandomStringUtils.randomAlphanumeric(20); -    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(Constants.SZR_AUTHBLOCK, authBlock); -    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(Constants.EIDAS_BIND, eidasBind); +    pendingReq.getSessionData(AuthProcessDataWrapper.class) +        .setGenericDataToSession(Constants.SZR_AUTHBLOCK, authBlock); +    pendingReq.getSessionData(AuthProcessDataWrapper.class) +        .setGenericDataToSession(Constants.EIDAS_BIND, eidasBind); +    pendingReq.getSessionData(AuthProcessDataWrapper.class) +        .setQaaLevel(EaafConstants.EIDAS_LOA_PREFIX + RandomStringUtils.randomAlphabetic(5)); +    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( +        PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, +        RandomStringUtils.randomAlphabetic(2)); +      LocaleContextHolder.resetLocaleContext(); +    }    @Test -  public void first() throws EaafAuthenticationException { +  public void eidMode() throws EaafAuthenticationException { +    // initialize state +    pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); + +    // execute      IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); +    // validate state      Assert.assertNotNull("AuthData null", authData);      Assert.assertNotNull("authBlock null", authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class));      Assert.assertNotNull("eidasBind null", authData.getGenericData(Constants.EIDAS_BIND, String.class)); -    Assert.assertNotNull("eidasBind null", authData.getEidasQaaLevel()); +    Assert.assertNotNull("LoA null", authData.getEidasQaaLevel()); +      String authBlock = authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class);      String eidasBind = authData.getGenericData(Constants.EIDAS_BIND, String.class); -    Assert.assertEquals("authBlock not equal", authBlock, this.authBlock); -    Assert.assertEquals("eidasBind not equal", eidasBind, this.eidasBind); +    Assert.assertEquals("authBlock not equal", this.authBlock, authBlock); +    Assert.assertEquals("eidasBind not equal", this.eidasBind, eidasBind); +    Assert.assertEquals("piiTransactionId", +        authData.getGenericData(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, String.class), +        this.pendingReq.getUniquePiiTransactionIdentifier()); +    Assert.assertNotNull("assertion validTo", authData.getSsoSessionValidTo()); +    Assert.assertEquals("LoA", pendingReq.getSessionData(AuthProcessDataWrapper.class).getQaaLevel(), +        authData.getEidasQaaLevel()); +    Assert.assertEquals("EID-ISSUING-NATION", +        pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession( +            PvpAttributeDefinitions.EID_ISSUING_NATION_NAME), +        authData.getCiticenCountryCode()); + +    Assert.assertNull("bPK", authData.getBpk()); +    Assert.assertNull("bPKType", authData.getBpkType()); +    Assert.assertNull("FamilyName", authData.getFamilyName()); +    Assert.assertNull("GivenName", authData.getGivenName()); +    Assert.assertNull("DateOfBirth", authData.getDateOfBirth()); +    Assert.assertNull("baseId", authData.getIdentificationValue()); +    Assert.assertNull("baseIdType", authData.getIdentificationType()); +    Assert.assertNull("IDL", authData.getIdentityLink()); + +  } + +  @Test +  public void moaIdMode() throws EaafAuthenticationException, EaafBuilderException { +    //initialize state +    pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(false); +    IIdentityLink idl = buildDummyIdl(); +    pendingReq.getSessionData(AuthProcessDataWrapper.class).setIdentityLink(idl); +     +    //execute +    IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); + +    //validate state +    Assert.assertNotNull("AuthData null", authData); +    Assert.assertNull("authBlock null", authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class)); +    Assert.assertNull("eidasBind null", authData.getGenericData(Constants.EIDAS_BIND, String.class)); +    Assert.assertNull("piiTransactionId",  +        authData.getGenericData(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, String.class)); +     +     +    Assert.assertNotNull("assertion validTo", authData.getSsoSessionValidTo()); +    Assert.assertNotNull("LoA null", authData.getEidasQaaLevel()); +    Assert.assertEquals("LoA", pendingReq.getSessionData(AuthProcessDataWrapper.class).getQaaLevel(),  +        authData.getEidasQaaLevel()); +    Assert.assertEquals("EID-ISSUING-NATION",  +        pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession( +            PvpAttributeDefinitions.EID_ISSUING_NATION_NAME),  +        authData.getCiticenCountryCode()); +     +    Assert.assertEquals("FamilyName", idl.getFamilyName(), authData.getFamilyName()); +    Assert.assertEquals("GivenName", idl.getGivenName(), authData.getGivenName()); +    Assert.assertEquals("DateOfBirth", idl.getDateOfBirth(), authData.getFormatedDateOfBirth()); +    Assert.assertEquals("bPK",  +        BpkBuilder.generateAreaSpecificPersonIdentifier( +            idl.getIdentificationValue(), EaafConstants.URN_PREFIX_CDID + "XX").getFirst(),  +        authData.getBpk()); +    Assert.assertEquals("bPKType", EaafConstants.URN_PREFIX_CDID + "XX", authData.getBpkType()); +    Assert.assertNotNull("IDL", authData.getIdentityLink()); +     +     +  } + +  private IIdentityLink buildDummyIdl() { +    return new IIdentityLink() { +       +      String familyName = RandomStringUtils.randomAlphabetic(10); +      String givenName = RandomStringUtils.randomAlphabetic(10); +      String dateOfBirth = "1955-02-03"; +      String baseId = RandomStringUtils.randomAlphanumeric(20); +      String saml2Serialized = RandomStringUtils.randomAlphanumeric(150); + +      +       +      @Override +      public void setSamlAssertion(Element arg0) throws TransformerException, IOException { +      +      } + +      @Override +      public void setPublicKey(PublicKey[] arg0) { +        // TODO Auto-generated method stub + +      } + +      @Override +      public void setPrPerson(Element arg0) { +        // TODO Auto-generated method stub + +      } + +      @Override +      public void setIssueInstant(String arg0) { +        // TODO Auto-generated method stub + +      } + +      @Override +      public void setIdentificationValue(String arg0) { +        // TODO Auto-generated method stub + +      } + +      @Override +      public void setIdentificationType(String arg0) { +        // TODO Auto-generated method stub + +      } + +      @Override +      public void setGivenName(String arg0) { +        // TODO Auto-generated method stub + +      } + +      @Override +      public void setFamilyName(String arg0) { +        // TODO Auto-generated method stub + +      } + +      @Override +      public void setDsigReferenceTransforms(Element[] arg0) { +        // TODO Auto-generated method stub + +      } + +      @Override +      public void setDateOfBirth(String arg0) { +        // TODO Auto-generated method stub + +      } + +      @Override +      public String getSerializedSamlAssertion() { +        return this.saml2Serialized; +      } + +      @Override +      public Element getSamlAssertion() {         +        IIdentityLink fullIdl; +        try { +          fullIdl = new SimpleIdentityLinkAssertionParser( +              AuthenticationDataBuilderTest.class.getResourceAsStream("/data/test_idl_1.xml")).parseIdentityLink(); +          return fullIdl.getSamlAssertion(); +         +        } catch (EaafParserException e) {          +          e.printStackTrace(); +        } +         +        return null; +         +      } + +      @Override +      public PublicKey[] getPublicKey() { +        // TODO Auto-generated method stub +        return null; +      } + +      @Override +      public Element getPrPerson() { +        // TODO Auto-generated method stub +        return null; +      } + +      @Override +      public String getName() { +        // TODO Auto-generated method stub +        return null; +      } + +      @Override +      public Date getIssueInstantDate() { +        // TODO Auto-generated method stub +        return null; +      } + +      @Override +      public String getIssueInstant() { +        // TODO Auto-generated method stub +        return null; +      } + +      @Override +      public String getIdentificationValue() { +        return this.baseId; +      } + +      @Override +      public String getIdentificationType() { +        return EaafConstants.URN_PREFIX_BASEID; +      } + +      @Override +      public String getGivenName() { +        return this.givenName; +      } + +      @Override +      public String getFamilyName() { +        return this.familyName; +      } + +      @Override +      public Element[] getDsigReferenceTransforms() { +        // TODO Auto-generated method stub +        return null; +      } + +      @Override +      public String getDateOfBirth() { +        return this.dateOfBirth; + +      } +    };    }  } diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/BasicConfigurationTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/BasicConfigurationTest.java new file mode 100644 index 00000000..6e52f113 --- /dev/null +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/BasicConfigurationTest.java @@ -0,0 +1,135 @@ +package at.asitplus.eidas.specific.connector.test; + +import java.net.MalformedURLException; +import java.net.URL; +import java.security.cert.CertificateException; + +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.config.InitializationException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.web.WebAppConfiguration; + +import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import net.shibboleth.utilities.java.support.component.ComponentInitializationException; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ +    "/applicationContext.xml", +    "/specific_eIDAS_connector.beans.xml", +    "/eaaf_core.beans.xml", +    "/eaaf_pvp.beans.xml", +    "/eaaf_pvp_idp.beans.xml", +    "/spring/SpringTest-context_simple_storage.xml" }) +@WebAppConfiguration +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) +public class BasicConfigurationTest { + +  @Autowired private IConfigurationWithSP basicConfig; +   +  /** +   * jUnit class initializer. +   * @throws ComponentInitializationException In case of an error +   * @throws InitializationException In case of an error +   * @throws CertificateException  +   *  +   */ +  @BeforeClass +  public static void classInitializer() throws InitializationException,  +      ComponentInitializationException, CertificateException  { +    final String current = new java.io.File(".").toURI().toString(); +    System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties"); +     +  } +   +   +  @Test +  public void basicConfig() throws MalformedURLException, EaafException {     +    Assert.assertEquals("validate req. URL", "http://localhost",  +        basicConfig.validateIdpUrl(new URL("http://junit/test"))); +     +    Assert.assertEquals("validate req. URL", "http://localhost",  +        basicConfig.validateIdpUrl(new URL("http://localhost/test1/test"))); +     +  } +   +  @Test +  public void loadSpNotExist() throws EaafConfigurationException { +    //check +    ISpConfiguration sp = basicConfig.getServiceProviderConfiguration( +        "https://not/exist"); +         +    //validate state +    Assert.assertNull("spConfig", sp); +     +     +  } +   +  @Test +  public void loadSpDefault() throws EaafConfigurationException { +    //check +    ISpConfiguration sp = basicConfig.getServiceProviderConfiguration( +        "https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata"); +         +    //validate state +    Assert.assertNotNull("spConfig", sp); +    Assert.assertEquals("BaseId transfare restrication", true, sp.hasBaseIdTransferRestriction()); +    Assert.assertEquals("BaseId process restrication", false, sp.hasBaseIdInternalProcessingRestriction()); +     +    Assert.assertEquals("req. LoA size", 1, sp.getRequiredLoA().size()); +    Assert.assertEquals("req. LoA", EaafConstants.EIDAS_LOA_HIGH, sp.getRequiredLoA().get(0)); +    Assert.assertEquals("LoA matching mode",  +        EaafConstants.EIDAS_LOA_MATCHING_MINIMUM, sp.getLoAMatchingMode()); +     +  } +   +  @Test +  public void loadSpNoBaseIdTransferRestriction() throws EaafException { +    //check +    ServiceProviderConfiguration sp = basicConfig.getServiceProviderConfiguration( +        "https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata", ServiceProviderConfiguration.class); +         +    //validate state +    Assert.assertNotNull("spConfig", sp); +    Assert.assertNull("bPKTarget already set", sp.getAreaSpecificTargetIdentifier()); +         +    //validate baseId transfer restriction +    sp.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_CDID + "ZP");    +    Assert.assertEquals("BaseId restrication", false, sp.hasBaseIdTransferRestriction());     +    Assert.assertEquals("bPKTarget", EaafConstants.URN_PREFIX_CDID + "ZP", sp.getAreaSpecificTargetIdentifier()); +     +    sp.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+123456h");    +    Assert.assertEquals("BaseId restrication", true, sp.hasBaseIdTransferRestriction()); +     +  } +   +  @Test +  public void loadSpWithMsSpecificConfig() throws EaafConfigurationException { +    //check +    ServiceProviderConfiguration sp = basicConfig.getServiceProviderConfiguration( +        "https://demo.egiz.gv.at/junit_test", ServiceProviderConfiguration.class); +         +    //validate state +    Assert.assertNotNull("spConfig", sp); +    Assert.assertEquals("friendlyName", "jUnit test", sp.getFriendlyName()); +    Assert.assertEquals("UniqueId", "https://demo.egiz.gv.at/junit_test", sp.getUniqueIdentifier()); +    Assert.assertEquals("BaseId restrication", true, sp.hasBaseIdTransferRestriction()); +    Assert.assertEquals("generic config value", false,  +        sp.isConfigurationValue("policy.allowed.requested.targets")); +    Assert.assertEquals("generic config value", "test",  +        sp.getConfigurationValue("policy.allowed.requested.targets")); +    Assert.assertEquals("not_exist_value", "true", sp.getConfigurationValue("not.exist", "true")); +     +  } +} diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/AuthBlockAttributeBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/AuthBlockAttributeBuilderTest.java index b7c6cd44..f6d22c98 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/AuthBlockAttributeBuilderTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/AuthBlockAttributeBuilderTest.java @@ -13,6 +13,7 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;  import at.asitplus.eidas.specific.connector.attributes.AuthBlockAttributeBuilder;  import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;  import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;  import at.gv.egiz.eaaf.core.api.idp.IAuthData;  import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; @@ -42,6 +43,19 @@ public class AuthBlockAttributeBuilderTest extends AbstractAttributeBuilderTest    }    @Test +  public void checkName() { +    Assert.assertEquals("Wrong attr. name",  +        ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME, attrBuilde.getName()); +     +  } +   +  @Test +  public void checkEmptyAttribute() { +    Assert.assertNull("empty attr.", attrBuilde.buildEmpty(gen)); +     +  } +   +  @Test    public void okTest() {      log.info("starting: " + mTestName);      try { diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/EidasBindAttributeBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/EidasBindAttributeBuilderTest.java index 254efb59..9a2c6cdc 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/EidasBindAttributeBuilderTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/EidasBindAttributeBuilderTest.java @@ -1,13 +1,7 @@  package at.asitplus.eidas.specific.connector.test.attributes; -import at.asitplus.eidas.specific.connector.attributes.EidasBindAttributeBuilder; -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; -import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; -import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; -import at.gv.egiz.eaaf.core.impl.idp.auth.attributes.AbstractAttributeBuilderTest; -import lombok.extern.slf4j.Slf4j; +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.EIDAS_BIND; +  import org.junit.Assert;  import org.junit.Before;  import org.junit.Rule; @@ -17,7 +11,14 @@ import org.junit.runner.RunWith;  import org.springframework.test.context.ContextConfiguration;  import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.EIDAS_BIND; +import at.asitplus.eidas.specific.connector.attributes.EidasBindAttributeBuilder; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.auth.attributes.AbstractAttributeBuilderTest; +import lombok.extern.slf4j.Slf4j;  @Slf4j @@ -36,6 +37,19 @@ public class EidasBindAttributeBuilderTest extends AbstractAttributeBuilderTest    }    @Test +  public void checkName() { +    Assert.assertEquals("Wrong attr. name",  +        ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME, attrBuilde.getName()); +     +  } +   +  @Test +  public void checkEmptyAttribute() { +    Assert.assertNull("empty attr.", attrBuilde.buildEmpty(gen)); +     +  } +   +  @Test    public void okTest() {      log.info("starting: " + mTestName);      try { diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java new file mode 100644 index 00000000..81ee2625 --- /dev/null +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java @@ -0,0 +1,335 @@ +package at.asitplus.eidas.specific.connector.test.saml2; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.List; +import java.util.Timer; + +import javax.xml.transform.TransformerException; + +import org.joda.time.DateTime; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.config.InitializationException; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.core.xml.io.UnmarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.metadata.resolver.impl.ResourceBackedMetadataResolver; +import org.opensaml.saml.saml2.core.RequestAbstractType; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; +import org.opensaml.saml.saml2.metadata.RoleDescriptor; +import org.opensaml.saml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator; +import org.opensaml.security.credential.Credential; +import org.opensaml.security.x509.BasicX509Credential; +import org.opensaml.xmlsec.signature.support.SignatureException; +import org.opensaml.xmlsec.signature.support.SignatureValidator; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.ResourceLoader; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.web.WebAppConfiguration; +import org.springframework.util.Base64Utils; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint; +import at.asitplus.eidas.specific.connector.provider.PvpEndPointCredentialProvider; +import at.asitplus.eidas.specific.connector.provider.PvpMetadataProvider; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import net.shibboleth.utilities.java.support.component.ComponentInitializationException; +import net.shibboleth.utilities.java.support.xml.XMLParserException; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ +    "/applicationContext.xml", +    "/specific_eIDAS_connector.beans.xml", +    "/eaaf_core.beans.xml", +    "/eaaf_pvp.beans.xml", +    "/eaaf_pvp_idp.beans.xml", +    "/spring/SpringTest-context_simple_storage.xml" }) +@WebAppConfiguration +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) +public class Pvp2SProfileEndPointTest { + + +  @Autowired private Pvp2SProfileEndpoint controller; +  @Autowired private PvpEndPointCredentialProvider credentialProvider; +  @Autowired private PvpMetadataProvider metadataProvider; +  @Autowired private ResourceLoader resourceLoader; +  @Autowired private IRequestStorage storage; +   +  private static CertificateFactory fact; +     +   +  private MockHttpServletRequest httpReq; +  private MockHttpServletResponse httpResp; + +   +  /** +   * jUnit class initializer. +   * @throws ComponentInitializationException In case of an error +   * @throws InitializationException In case of an error +   * @throws CertificateException  +   *  +   */ +  @BeforeClass +  public static void classInitializer() throws InitializationException,  +      ComponentInitializationException, CertificateException  { +    final String current = new java.io.File(".").toURI().toString(); +    System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties"); +     +    EaafOpenSaml3xInitializer.eaafInitialize(); +     +    fact = CertificateFactory.getInstance("X.509"); +     +  } +   +  /** +   * jUnit test set-up. +   * @throws EaafException  +   *  +   */ +  @Before +  public void initialize() throws EaafException { +    httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); +    httpResp = new MockHttpServletResponse(); +    RequestContextHolder.resetRequestAttributes(); +    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); +     +  } +   +  @Test +  public void authnReqWrongEndpoint() throws EaafException, XMLParserException, UnmarshallingException,  +      UnsupportedEncodingException, TransformerException, IOException, MarshallingException,  +      ComponentInitializationException { +    //initialize test +    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( +        XMLObjectProviderRegistrySupport.getParserPool(), +        Pvp2SProfileEndPointTest.class.getResourceAsStream("/data/pvp2_authn_3.xml")); +    authnReq.setIssueInstant(DateTime.now());     +    RequestAbstractType signedAuthnReq =  +        Saml2Utils.signSamlObject(authnReq, credentialProvider.getMetaDataSigningCredential(), true);            +    String b64 = Base64Utils.encodeToString(DomUtils.serializeNode( +          XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8"));     +    httpReq.setParameter("SAMLRequest", b64); +             +    final org.springframework.core.io.Resource resource = resourceLoader.getResource( +        "classpath:/data/metadata_valid.xml"); +    Timer timer = new Timer("PVP metadata-resolver refresh"); +    ResourceBackedMetadataResolver fileSystemResolver =  +        new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource)); +    fileSystemResolver.setId("test"); +    fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool()); +    fileSystemResolver.initialize();                     +    metadataProvider.addMetadataResolverIntoChain(fileSystemResolver); +     +     +    //request SAML2 authentication +    try { +      controller.pvpIdpPostRequest(httpReq, httpResp); +      Assert.fail("wrong AuthnRequest not detected"); +       +    }catch (EaafException e) { +      Assert.assertEquals("wrong errorId", "pvp2.22", e.getErrorId());       +       +    }    +  } +   +  @Test +  public void authnReqWrongSigned() throws EaafException, XMLParserException, UnmarshallingException,  +      UnsupportedEncodingException, TransformerException, IOException, MarshallingException,  +      ComponentInitializationException { +    //initialize test +    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( +        XMLObjectProviderRegistrySupport.getParserPool(), +        Pvp2SProfileEndPointTest.class.getResourceAsStream("/data/pvp2_authn_1.xml")); +    authnReq.setIssueInstant(DateTime.now());     +    RequestAbstractType signedAuthnReq =  +        Saml2Utils.signSamlObject(authnReq, credentialProvider.getMetaDataSigningCredential(), true);            +    String b64 = Base64Utils.encodeToString(DomUtils.serializeNode( +          XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8"));     +    httpReq.setParameter("SAMLRequest", b64); +             +    final org.springframework.core.io.Resource resource = resourceLoader.getResource( +        "classpath:/data/metadata_valid.xml"); +    Timer timer = new Timer("PVP metadata-resolver refresh"); +    ResourceBackedMetadataResolver fileSystemResolver =  +        new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource)); +    fileSystemResolver.setId("test"); +    fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool()); +    fileSystemResolver.initialize();                     +    metadataProvider.addMetadataResolverIntoChain(fileSystemResolver); +     +     +    //request SAML2 authentication +    try { +      controller.pvpIdpPostRequest(httpReq, httpResp); +      Assert.fail("wrong AuthnRequest not detected"); +       +    }catch (EaafException e) { +      Assert.assertEquals("wrong errorId", "pvp2.21", e.getErrorId());       +       +    }    +  } +   +  @Test +  public void authnReqMetadataExpired() throws EaafException, XMLParserException, UnmarshallingException,  +      UnsupportedEncodingException, TransformerException, IOException, MarshallingException,  +      ComponentInitializationException { +    //initialize test +    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( +        XMLObjectProviderRegistrySupport.getParserPool(), +        Pvp2SProfileEndPointTest.class.getResourceAsStream("/data/pvp2_authn_1.xml")); +    authnReq.setIssueInstant(DateTime.now());     +    RequestAbstractType signedAuthnReq =  +        Saml2Utils.signSamlObject(authnReq, credentialProvider.getMetaDataSigningCredential(), true);            +    String b64 = Base64Utils.encodeToString(DomUtils.serializeNode( +          XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8"));     +    httpReq.setParameter("SAMLRequest", b64); +             +    final org.springframework.core.io.Resource resource = resourceLoader.getResource( +        "classpath:/data/metadata_expired.xml"); +    Timer timer = new Timer("PVP metadata-resolver refresh"); +    ResourceBackedMetadataResolver fileSystemResolver =  +        new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource)); +    fileSystemResolver.setId("test"); +    fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool()); +    fileSystemResolver.initialize();                     +    metadataProvider.addMetadataResolverIntoChain(fileSystemResolver); +     +     +    //request SAML2 authentication +    try { +      controller.pvpIdpPostRequest(httpReq, httpResp); +      Assert.fail("wrong AuthnRequest not detected"); +       +    }catch (EaafException e) { +      Assert.assertEquals("wrong errorId", "pvp2.21", e.getErrorId());       +       +    }    +  } +   +  @Test +  public void authnReqValid() throws EaafException, XMLParserException, UnmarshallingException,  +      UnsupportedEncodingException, TransformerException, IOException, MarshallingException,  +      ComponentInitializationException { +    //initialize test +    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( +        XMLObjectProviderRegistrySupport.getParserPool(), +        Pvp2SProfileEndPointTest.class.getResourceAsStream("/data/pvp2_authn_1.xml")); +    authnReq.setIssueInstant(DateTime.now());     +    RequestAbstractType signedAuthnReq =  +        Saml2Utils.signSamlObject(authnReq, credentialProvider.getMessageSigningCredential(), true);            +    String b64 = Base64Utils.encodeToString(DomUtils.serializeNode( +          XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8"));     +    httpReq.setParameter("SAMLRequest", b64); +             +    final org.springframework.core.io.Resource resource = resourceLoader.getResource( +        "classpath:/data/metadata_valid.xml"); +    Timer timer = new Timer("PVP metadata-resolver refresh"); +    ResourceBackedMetadataResolver fileSystemResolver =  +        new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource)); +    fileSystemResolver.setId("test"); +    fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool()); +    fileSystemResolver.initialize();                     +    metadataProvider.addMetadataResolverIntoChain(fileSystemResolver); +     +     +    //request SAML2 authentication +    controller.pvpIdpPostRequest(httpReq, httpResp); +     +     +    //validate state +    Assert.assertEquals("http statuscode", 200, httpResp.getStatus()); +    Assert.assertEquals("Wrong http ContentType", "text/html;charset=UTF-8", httpResp.getContentType()); +     +    String html = httpResp.getContentAsString(); +    Assert.assertNotNull("html result is null", html); +    Assert.assertFalse("html result is empty", html.isEmpty());     +    Assert.assertTrue("Wrong page", html.contains("action=\"/myHomeCountry\"")); +        +    String pattern = "<input  type=\"hidden\" name=\"pendingid\"  value=\""; +    int pendingIdStart = html.indexOf(pattern) + pattern.length(); +    int pendingIdEnd = html.indexOf("\"", pendingIdStart);     +    String pendingReqId = html.substring(pendingIdStart, pendingIdEnd);     +    Assert.assertFalse("pendingReqId is empty", pendingReqId.isEmpty()); +     +    IRequest pendingReq = storage.getPendingRequest(pendingReqId); +    Assert.assertNotNull("pendingReq", pendingReq);     +    Assert.assertNotNull("piiTransId", pendingReq.getUniquePiiTransactionIdentifier()); +    Assert.assertNotNull("piiTransId", pendingReq.getUniqueTransactionIdentifier()); +     +    Assert.assertEquals("wrong OA Id", "https://demo.egiz.gv.at/demoportal-openID_demo",  +        pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class)); +    Assert.assertEquals("wrong bPK Target", "urn:publicid:gv.at:cdid+BF",  +        pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); +    +         +  } +   +  @Test +  public void checkSaml2Metadata() throws EaafException, UnsupportedEncodingException, XMLParserException,  +      UnmarshallingException, CertificateException, SignatureException { +     +    //request SAML2 Metadata +    controller.pvpMetadataRequest(httpReq, httpResp); +     +    //validate state +    Assert.assertEquals("http statuscode", 200, httpResp.getStatus()); +    Assert.assertEquals("Wrong http ContentType", "application/xml", httpResp.getContentType()); +     +    String html = httpResp.getContentAsString(); +    Assert.assertNotNull("html result is null", html); +    Assert.assertFalse("html result is empty", html.isEmpty());     +     + +    final EntityDescriptor entity = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( +        XMLObjectProviderRegistrySupport.getParserPool(), +        new ByteArrayInputStream(html.getBytes("UTF-8"))); + +    Assert.assertNotNull("Unmarshalling failed", entity); +    Assert.assertNotNull("EntityId is null", entity.getEntityID()); + +    Assert.assertNotNull("Signature is null", entity.getSignature()); +    final SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); +    sigValidator.validate(entity.getSignature()); + +    final Credential cred = new BasicX509Credential((X509Certificate) fact.generateCertificate( +        Pvp2SProfileEndPointTest.class.getResourceAsStream("/config/keys/Metadata.pem"))); +    SignatureValidator.validate(entity.getSignature(), cred); +     +    Assert.assertEquals("wrong entityId", "http://localhost/pvp/metadata", entity.getEntityID()); +    Assert.assertNotNull("IDPSSODescr", entity.getRoleDescriptors(IDPSSODescriptor.DEFAULT_ELEMENT_NAME)); +    Assert.assertNotNull("SPSSODescr", entity.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME)); +    Assert.assertEquals("SPSSODescr. size", 0,  +        entity.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME).size()); +     +    List<RoleDescriptor> idp = entity.getRoleDescriptors(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); +    Assert.assertEquals("IDP descr. size", 1, idp.size()); +    Assert.assertEquals("IDP descr. endpoints", 2, idp.get(0).getEndpoints().size()); +    Assert.assertEquals("IDP descr. keyDescr", 1, idp.get(0).getKeyDescriptors().size()); +         +  } +   +} diff --git a/connector/src/test/resources/config/junit_config_1.properties b/connector/src/test/resources/config/junit_config_1.properties index 3350f947..78981b6a 100644 --- a/connector/src/test/resources/config/junit_config_1.properties +++ b/connector/src/test/resources/config/junit_config_1.properties @@ -97,19 +97,27 @@ eidas.ms.pvp2.metadata.contact.surname=Mustermann  eidas.ms.pvp2.metadata.contact.email=max@junit.test  ## Service Provider configuration -eidas.ms.sp.0.uniqueID= +eidas.ms.sp.0.uniqueID=https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata  eidas.ms.sp.0.pvp2.metadata.truststore=keys/junit.jks  eidas.ms.sp.0.pvp2.metadata.truststore.password=password - -#eidas.ms.sp.0.friendlyName= +eidas.ms.sp.0.friendlyName=jUnit test  #eidas.ms.sp.0.pvp2.metadata.url=  #eidas.ms.sp.0.policy.allowed.requested.targets=.*  #eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false +## Service Provider configuration +eidas.ms.sp.1.uniqueID=https://demo.egiz.gv.at/junit_test +eidas.ms.sp.1.pvp2.metadata.truststore=keys/junit.jks +eidas.ms.sp.1.pvp2.metadata.truststore.password=password +eidas.ms.sp.1.friendlyName=jUnit test +eidas.ms.sp.1.pvp2.metadata.url=http://junit.test/metadata +eidas.ms.sp.1.policy.allowed.requested.targets=test +eidas.ms.sp.1.policy.hasBaseIdTransferRestriction=true +  ##only for advanced config  eidas.ms.configuration.sp.disableRegistrationRequirement= -eidas.ms.configuration.restrictions.baseID.spTransmission= +#eidas.ms.configuration.restrictions.baseID.spTransmission=  eidas.ms.configuration.auth.default.countrycode=  eidas.ms.configuration.pvp.scheme.validation=  eidas.ms.configuration.pvp.enable.entitycategories=
\ No newline at end of file diff --git a/connector/src/test/resources/config/keys/Metadata.pem b/connector/src/test/resources/config/keys/Metadata.pem new file mode 100644 index 00000000..b544c194 --- /dev/null +++ b/connector/src/test/resources/config/keys/Metadata.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC+jCCAeKgAwIBAgIEXjF+fTANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJB +VDENMAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxETAPBgNVBAMMCE1ldGFk +YXRhMB4XDTIwMDEyOTEyNDU0OVoXDTI2MDEyODEyNDU0OVowPzELMAkGA1UEBhMC +QVQxDTALBgNVBAcMBEVHSVoxDjAMBgNVBAoMBWpVbml0MREwDwYDVQQDDAhNZXRh +ZGF0YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK230G3dxNbNlSYA +O5Kx/Js0aBAgxMt7q9m+dA35fK/dOvF/GjrqjWsMCnax+no9gLnq6x0gXiJclz6H +rp/YDOfLrJjMpNL/r0FWT947vbnEj7eT8TdY5d6Yi8AZulZmjiCI5nbZh2zwrP4+ +WqRroLoPhXQj8mDyp26M4xHBBUhLMRc2HV4S+XH4uNZ/vTmb8vBg31XGHCY33gl7 +/KA54JNGxJdN8Dxv6yHYsm91ZfVrX39W0iYLUNhUCkolwuQmjDVfrExM8BTLIONb +f+erJoCm3A9ghZyDYRQ/e69/UEUqDa6XOzykr88INkQscEiAXCDS+EBPMpKo+t3l +PIA9r7kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAh/2mg4S03bdZy1OVtEAudBT9 +YZb9OF34hxPtNbkB/V04wSIg1d4TBr5KDhV7CdiUOxPZzHpS8LUCgfGX306FB6NX +zh/b67uTOPaE72AB4VIT/Np0fsM7k5WhG9k9NoprIGiqCz2lXcfpZiT+LtSO1vWS +YI87wR9KOSWjcw/5i5qZIAJuwvLCQj5JtUsmrhHK75222J3TJf4dS/gfN4xfY2rW +9vcXtH6//8WdWp/zx9V7Z1ZsDb8TDKtBCEGuFDgVeU5ScKtVq8qRoUKD3Ve76cZi +purO3KrRrVAuZP2EfLkZdHEHqe8GPigNnZ5kTn8V2VJ3iRAQ73hpJRR98tFd0A== +-----END CERTIFICATE----- diff --git a/connector/src/test/resources/data/metadata_expired.xml b/connector/src/test/resources/data/metadata_expired.xml new file mode 100644 index 00000000..16364c05 --- /dev/null +++ b/connector/src/test/resources/data/metadata_expired.xml @@ -0,0 +1,106 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_b67c160c0ad7b4ebd430581df167ac23" entityID="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata" validUntil="2020-12-12T20:41:20.635Z"> +  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> +    <ds:SignedInfo> +      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> +      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> +      <ds:Reference URI="#_b67c160c0ad7b4ebd430581df167ac23"> +        <ds:Transforms> +          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> +          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> +        </ds:Transforms> +        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> +        <ds:DigestValue>00SaL0XjeknOb/DttutP50lTyAux1jaRPJIVdSupWvU=</ds:DigestValue> +      </ds:Reference> +    </ds:SignedInfo> +    <ds:SignatureValue>PfEBmLMX/ZgL6ViXghyWtal5MaMoW8k3zjw+54+WK1OAtVsVgOsIDRJE0M/a/VXBbMSifgY6J1gN23xhr61jkrjRQEkbDzLpWZLzWAJ65YqqUQo8wsKI2Gz0j12yY5D8/GOamKOH9KDi5ba1veXR/fnxRINoy7nZo4tcUWZChdl8BWkMN5ugr6dORNIQg/Ym3GabQ/hR5z+9FmveAKphdH63MC6qW3EgM9EMvOVkrLBTP92sNMAAJeaawui9tlxi9anVQ0OqwZsgKLvI7fyV4CM/0sd/ELjeReIlWlHk07Nz4eltMq3eOx3q1YurYvhE8XapHiQMehOtCS+Fzh10sw==</ds:SignatureValue> +    <ds:KeyInfo> +      <ds:X509Data> +        <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH +SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W +ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w +CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ +RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq +UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ +M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F +Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt +1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq +nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC +VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq +itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc +2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O +fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy +4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate> +      </ds:X509Data> +    </ds:KeyInfo> +  </ds:Signature> +  <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> +    <md:KeyDescriptor use="signing"> +      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> +        <ds:X509Data> +          <ds:X509Certificate>MIIBbTCCARKgAwIBAgIEXjF+qTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJBVDEN +MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw +HhcNMjAwMTI5MTI0NjMzWhcNMjcwMTI4MTI0NjMzWjA+MQswCQYDVQQGEwJBVDEN +MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASRt7gZRrr4rSEE7Q922oKQJF+mlkwC +LZnv8ZzHtH54s4VdyQFIBjQF1PPf9PTn+5tid8QJehZPndcoeD7J8fPJMAoGCCqG +SM49BAMCA0kAMEYCIQDFUO0owvqMVRO2FmD+vb8mqJBpWCE6Cl5pEHaygTa5LwIh +ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L</ds:X509Certificate> +        </ds:X509Data> +      </ds:KeyInfo> +    </md:KeyDescriptor> +    <md:KeyDescriptor use="encryption"> +      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> +        <ds:X509Data> +          <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH +SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W +ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w +CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ +RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq +UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ +M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F +Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt +1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq +nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC +VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq +itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc +2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O +fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy +4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate> +        </ds:X509Data> +      </ds:KeyInfo> +    </md:KeyDescriptor> +    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat> +    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/post" index="0" isDefault="true"/> +    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/redirect" index="1"/> +    <md:AttributeConsumingService index="0" isDefault="true"> +      <md:ServiceName xml:lang="en">Default Service</md:ServiceName> +      <md:RequestedAttribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +      <md:RequestedAttribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +      <md:RequestedAttribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +      <md:RequestedAttribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +      <md:RequestedAttribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +      <md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.76" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +      <md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-FULL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.84" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +      <md:RequestedAttribute FriendlyName="MANDATE-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.68" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +      <md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN" Name="urn:oid:1.2.40.0.10.2.1.1.261.100" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +      <md:RequestedAttribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +      <md:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +      <md:RequestedAttribute FriendlyName="MANDATE-TYPE-OID" Name="urn:oid:1.2.40.0.10.2.1.1.261.106" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +      <md:RequestedAttribute FriendlyName="EID-IDENTITY-LINK" Name="urn:oid:1.2.40.0.10.2.1.1.261.38" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +      <md:RequestedAttribute FriendlyName="EID-CITIZEN-QAA-EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +    </md:AttributeConsumingService> +  </md:SPSSODescriptor> +  <md:Organization> +    <md:OrganizationName xml:lang="de">EGIZ</md:OrganizationName> +    <md:OrganizationDisplayName xml:lang="de">E-Government Innovationszentrum</md:OrganizationDisplayName> +    <md:OrganizationURL xml:lang="de">http://www.egiz.gv.at</md:OrganizationURL> +  </md:Organization> +  <md:ContactPerson contactType="technical"> +    <md:Company>E-Government Innovationszentrum</md:Company> +    <md:GivenName>Lenz</md:GivenName> +    <md:SurName>Thomas</md:SurName> +    <md:EmailAddress>thomas.lenz@egiz.gv.at</md:EmailAddress> +    <md:TelephoneNumber>+43 316 873 5525</md:TelephoneNumber> +  </md:ContactPerson> +</md:EntityDescriptor> diff --git a/connector/src/test/resources/data/metadata_valid.xml b/connector/src/test/resources/data/metadata_valid.xml new file mode 100644 index 00000000..06e1e785 --- /dev/null +++ b/connector/src/test/resources/data/metadata_valid.xml @@ -0,0 +1,106 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_b67c160c0ad7b4ebd430581df167ac23" entityID="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata"> +  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> +    <ds:SignedInfo> +      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> +      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> +      <ds:Reference URI="#_b67c160c0ad7b4ebd430581df167ac23"> +        <ds:Transforms> +          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> +          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> +        </ds:Transforms> +        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> +        <ds:DigestValue>00SaL0XjeknOb/DttutP50lTyAux1jaRPJIVdSupWvU=</ds:DigestValue> +      </ds:Reference> +    </ds:SignedInfo> +    <ds:SignatureValue>PfEBmLMX/ZgL6ViXghyWtal5MaMoW8k3zjw+54+WK1OAtVsVgOsIDRJE0M/a/VXBbMSifgY6J1gN23xhr61jkrjRQEkbDzLpWZLzWAJ65YqqUQo8wsKI2Gz0j12yY5D8/GOamKOH9KDi5ba1veXR/fnxRINoy7nZo4tcUWZChdl8BWkMN5ugr6dORNIQg/Ym3GabQ/hR5z+9FmveAKphdH63MC6qW3EgM9EMvOVkrLBTP92sNMAAJeaawui9tlxi9anVQ0OqwZsgKLvI7fyV4CM/0sd/ELjeReIlWlHk07Nz4eltMq3eOx3q1YurYvhE8XapHiQMehOtCS+Fzh10sw==</ds:SignatureValue> +    <ds:KeyInfo> +      <ds:X509Data> +        <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH +SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W +ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w +CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ +RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq +UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ +M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F +Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt +1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq +nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC +VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq +itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc +2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O +fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy +4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate> +      </ds:X509Data> +    </ds:KeyInfo> +  </ds:Signature> +  <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> +    <md:KeyDescriptor use="signing"> +      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> +        <ds:X509Data> +          <ds:X509Certificate>MIIBbTCCARKgAwIBAgIEXjF+qTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJBVDEN +MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw +HhcNMjAwMTI5MTI0NjMzWhcNMjcwMTI4MTI0NjMzWjA+MQswCQYDVQQGEwJBVDEN +MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASRt7gZRrr4rSEE7Q922oKQJF+mlkwC +LZnv8ZzHtH54s4VdyQFIBjQF1PPf9PTn+5tid8QJehZPndcoeD7J8fPJMAoGCCqG +SM49BAMCA0kAMEYCIQDFUO0owvqMVRO2FmD+vb8mqJBpWCE6Cl5pEHaygTa5LwIh +ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L</ds:X509Certificate> +        </ds:X509Data> +      </ds:KeyInfo> +    </md:KeyDescriptor> +    <md:KeyDescriptor use="encryption"> +      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> +        <ds:X509Data> +          <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH +SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W +ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w +CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ +RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq +UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ +M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F +Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt +1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq +nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC +VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq +itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc +2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O +fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy +4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate> +        </ds:X509Data> +      </ds:KeyInfo> +    </md:KeyDescriptor> +    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat> +    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/post" index="0" isDefault="true"/> +    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/redirect" index="1"/> +    <md:AttributeConsumingService index="0" isDefault="true"> +      <md:ServiceName xml:lang="en">Default Service</md:ServiceName> +      <md:RequestedAttribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +      <md:RequestedAttribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +      <md:RequestedAttribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +      <md:RequestedAttribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +      <md:RequestedAttribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +      <md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.76" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +      <md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-FULL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.84" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +      <md:RequestedAttribute FriendlyName="MANDATE-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.68" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +      <md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN" Name="urn:oid:1.2.40.0.10.2.1.1.261.100" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +      <md:RequestedAttribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +      <md:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +      <md:RequestedAttribute FriendlyName="MANDATE-TYPE-OID" Name="urn:oid:1.2.40.0.10.2.1.1.261.106" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +      <md:RequestedAttribute FriendlyName="EID-IDENTITY-LINK" Name="urn:oid:1.2.40.0.10.2.1.1.261.38" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +      <md:RequestedAttribute FriendlyName="EID-CITIZEN-QAA-EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +    </md:AttributeConsumingService> +  </md:SPSSODescriptor> +  <md:Organization> +    <md:OrganizationName xml:lang="de">EGIZ</md:OrganizationName> +    <md:OrganizationDisplayName xml:lang="de">E-Government Innovationszentrum</md:OrganizationDisplayName> +    <md:OrganizationURL xml:lang="de">http://www.egiz.gv.at</md:OrganizationURL> +  </md:Organization> +  <md:ContactPerson contactType="technical"> +    <md:Company>E-Government Innovationszentrum</md:Company> +    <md:GivenName>Lenz</md:GivenName> +    <md:SurName>Thomas</md:SurName> +    <md:EmailAddress>thomas.lenz@egiz.gv.at</md:EmailAddress> +    <md:TelephoneNumber>+43 316 873 5525</md:TelephoneNumber> +  </md:ContactPerson> +</md:EntityDescriptor> diff --git a/connector/src/test/resources/data/pvp2_authn_1.xml b/connector/src/test/resources/data/pvp2_authn_1.xml index ff5f08a5..1275b200 100644 --- a/connector/src/test/resources/data/pvp2_authn_1.xml +++ b/connector/src/test/resources/data/pvp2_authn_1.xml @@ -1,5 +1,5 @@  <?xml version="1.0" encoding="UTF-8"?> -<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="0" Destination="https://vidp.gv.at/ms_connector/pvp/post" ID="_27f4ce57e524e483446654a34cf886e2" IsPassive="false" IssueInstant="2019-12-11T10:50:19.032Z" ProviderName="OpenID Connect Demo" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema"> +<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="0" Destination="http://localhost/pvp/post" ID="_27f4ce57e524e483446654a34cf886e2" IsPassive="false" IssueInstant="2019-12-11T10:50:19.032Z" ProviderName="OpenID Connect Demo" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata</saml2:Issuer>    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">      <ds:SignedInfo> diff --git a/connector/src/test/resources/data/test_idl_1.xml b/connector/src/test/resources/data/test_idl_1.xml new file mode 100644 index 00000000..8151468b --- /dev/null +++ b/connector/src/test/resources/data/test_idl_1.xml @@ -0,0 +1,46 @@ +<?xml version="1.0" encoding="UTF-8"?><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:si="http://www.w3.org/2001/XMLSchema-instance" AssertionID="szr.bmi.gv.at-AssertionID1467616845518699" IssueInstant="2016-07-04T09:20:45+01:00" Issuer="http://portal.bmi.gv.at/ref/szr/issuer" MajorVersion="1" MinorVersion="0"> +  <saml:AttributeStatement> +    <saml:Subject> +      <saml:SubjectConfirmation> +        <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> +        <saml:SubjectConfirmationData> +          <pr:Person si:type="pr:PhysicalPersonType"><pr:Identification><pr:Value>AT/CZ/xWE0vFWarzpzSL4LYlpst9b6vg0=</pr:Value><pr:Type>urn:publicid:gv.at:eidasid+AT+CZ</pr:Type></pr:Identification><pr:Name><pr:GivenName>XXXMaria-Theresia Kunigunda</pr:GivenName><pr:FamilyName primary="undefined">XXXHabsburg-Lothringen</pr:FamilyName></pr:Name><pr:DateOfBirth>1980-02-29</pr:DateOfBirth></pr:Person> +        </saml:SubjectConfirmationData> +      </saml:SubjectConfirmation> +    </saml:Subject> +  <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2"><saml:AttributeValue><ecdsa:ECDSAKeyValue><ecdsa:DomainParameters><ecdsa:NamedCurve URN="urn:oid:1.2.840.10045.3.1.7"/></ecdsa:DomainParameters><ecdsa:PublicKey><ecdsa:X Value="49629022697474602497707473238246914610217535689798527313620157109614355242988" si:type="ecdsa:PrimeFieldElemType"/><ecdsa:Y Value="77111560713755914450736041751615112402310649832147731609221710465065501356492" si:type="ecdsa:PrimeFieldElemType"/></ecdsa:PublicKey></ecdsa:ECDSAKeyValue></saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2"><saml:AttributeValue><dsig:RSAKeyValue><dsig:Modulus>1BFOitiQUc1lAHDGksneXWZGKGaFBcu03HEiIFsjHjNt/IfRZ4IzqHotUKItxnCdNtsFc1MkMJg+ +g0AXHsuU6MNgcbcXPaPfmHp+8+BJh+amDF3FnAN4ceG8oFAGVEZteOgfdWk1r5RQ2SK+0PuXPuLp +Tee7IzXtksReZkVEadUCxn/hiRXZa0dABgkFe3kSXbDr5tKXOF0FCtLKhZBI9z+NbX+aTSKOmAOq +4jyymoo5EP3L+iPecrUwHijD0Bm89h1JjxP521fkYe3Si+0J40okrmCCQHBr+IzB1uX98pKhvs7X +6rPjOJ6lBwP7XjK7D128P/cg4eH6v58cCfbLcQ==</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></saml:AttributeValue></saml:Attribute></saml:AttributeStatement> +   +<dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-1-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>E+BXH0C2F6EYHjdJrOUKr+DsKT8=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>Hvj40m9ridp2HOz81MTAqzf0q+sZC5YeKpJP43eK5G1HNH1/DNGU/r/6IVPibU9Y +YGYJoXpznxRFibEQ6dFCHAaNPyADmdGHyJSWryI5ypAap4Y8MJnaUGSWY49IZbht +PjfKWB2jUNzj1T2u6ebIifAThAK8ZqIE+e5uaR+qrrLicxIhXcSZoyScbKxMuT1Q +p6zNsNBOHujbVAfKFUE8WmGInyvuoDgerUrA0XstWWg2M9ghytcDJwZpTYwXvmmo +GV47ue0ITrtM+QqWVbt+dHO8369JFnGQ9h/6h/4j9iyNuxfG7u/EyHQiSuy0+FP8 +1lkLsg1YX+2pN0HElyXVqw==</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIEqzCCBBSgAwIBAgIHANux81oNezANBgkqhkiG9w0BAQUFADBAMSIwIAYDVQQD +ExlJQUlLIFRlc3QgSW50ZXJtZWRpYXRlIENBMQ0wCwYDVQQKEwRJQUlLMQswCQYD +VQQGEwJBVDAeFw0xMzA5MjcwNTMzMzdaFw0yMzA5MjcwNTMzMzdaMIHkMQswCQYD +VQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5 +IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJ +bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEUMBIGA1UE +BBMLTU9BLVNTIFRlc3QxGDAWBgNVBCoTD0VHSVogVGVzdHBvcnRhbDEkMCIGA1UE +AxMbRUdJWiBUZXN0cG9ydGFsIE1PQS1TUyBUZXN0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAuDjOyf+mY+oQL2FQzzuaiC8C23vVKbq/n2Zi7BqSibZH +mtqMJfmj4pT+hWSNHvVvWsaxFcx4KeNqdCMzwnw1r4P3Sf+2o5uFku5KHEMLMokR +yYQG9VqY/KkB94ye7Pv6zT8gvKqxGFg96UamECep4swPaSZrA8AOER5WAtyGDzKI +Tz+a5zfFaTXDoba7f98PCWR96yKiFjVOhzp38WVz4VJgz+b8ZSY7Xsv5Kn7DXjOL +STX4MevFLki3rFPup3+4vGToaMBW3PEj67HXBdqR855Le6+E6rVxORqsXqlVwhsI +6nuS0CO2LWYmBNR1IB0mXteeYH/HfxvuZc+7yDjdPQIDAQABo4IBhDCCAYAwDgYD +VR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEmcH6VY4BG1EAGB +TLoNR9vH/g6yMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9jcmxzL0lBSUtUZXN0X0ludGVybWVkaWF0ZUNBLmNybDCBqgYI +KwYBBQUHAQEEgZ0wgZowSgYIKwYBBQUHMAGGPmh0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9PQ1NQP2NhPUlBSUtUZXN0X0ludGVybWVkaWF0ZUNBMEwGCCsG +AQUFBzAChkBodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY2Fwc28vY2VydHMvSUFJ +S1Rlc3RfSW50ZXJtZWRpYXRlQ0EuY2VyMCEGA1UdEQQaMBiBFnRob21hcy5sZW56 +QGVnaXouZ3YuYXQwHwYDVR0jBBgwFoAUaKJeEdreL4BrRES/jfplNoEkp28wDQYJ +KoZIhvcNAQEFBQADgYEAlFGjUxXLs7SAT8NtXSrv2WrjlklaRnHTFHLQwyVo8JWb +gvRkHHDUv2o8ofXUY2R2WJ38dxeDoccgbXrJb/Qhi8IY7YhCwv/TuIZDisyAqo8W +ORKSip/6HWlGCSR/Vgoet1GtCmF0FoUxFUIGSAuQ2yyt4fIzt5GJrU1X5ujjI1w=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo></dsig:Signature></saml:Assertion>
\ No newline at end of file | 
