diff options
author | Thomas <> | 2021-09-02 08:58:17 +0200 |
---|---|---|
committer | Thomas <> | 2021-09-02 08:58:17 +0200 |
commit | 34094edfbf91cf445dbeae12b1b63cbfef543244 (patch) | |
tree | 88e2bbd008a7fd9f3a425bbcfdb53cfac4e24079 /connector | |
parent | 847e690da4a2f6b08ca604538f1f42e6e6717d0b (diff) | |
parent | e0a9aad4a321bae3b9c9afe7ea178d93b258749a (diff) | |
download | National_eIDAS_Gateway-34094edfbf91cf445dbeae12b1b63cbfef543244.tar.gz National_eIDAS_Gateway-34094edfbf91cf445dbeae12b1b63cbfef543244.tar.bz2 National_eIDAS_Gateway-34094edfbf91cf445dbeae12b1b63cbfef543244.zip |
Merge branch 'master' into feature/matching_rebased
# Conflicts:
# connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java
# connector/src/main/resources/specific_eIDAS_connector.beans.xml
# connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
# connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java
# connector/src/test/resources/spring/SpringTest_connector.beans.xml
# eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
# eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
# eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
# eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java
# eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
# eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java
# eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java
# pom.xml
Diffstat (limited to 'connector')
13 files changed, 177 insertions, 182 deletions
diff --git a/connector/pom.xml b/connector/pom.xml index bbc54443..8b123cd4 100644 --- a/connector/pom.xml +++ b/connector/pom.xml @@ -6,7 +6,7 @@ <parent> <groupId>at.asitplus.eidas</groupId> <artifactId>ms_specific</artifactId> - <version>1.1.1-SNAPSHOT</version> + <version>1.2.2</version> </parent> <groupId>at.asitplus.eidas.ms_specific</groupId> @@ -139,6 +139,20 @@ <groupId>com.github.skjolber</groupId> <artifactId>mockito-soap-cxf</artifactId> <scope>test</scope> + <!--exclusions> + <exclusion> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-wsdl</artifactId> + </exclusion> + <exclusion> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-bindings-soap</artifactId> + </exclusion> + <exclusion> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-core</artifactId> + </exclusion> + </exclusions--> </dependency> <dependency> <groupId>com.squareup.okhttp3</groupId> diff --git a/connector/src/assembly/assembly_dir.xml b/connector/src/assembly/assembly_dir.xml index 37e05390..59437be6 100644 --- a/connector/src/assembly/assembly_dir.xml +++ b/connector/src/assembly/assembly_dir.xml @@ -43,7 +43,9 @@ <includes> <!-- include>README.md</include--> <include>readme_${project.version}.txt</include> + <include>readme_${project.version}.md</include> <include>eIDAS_Ref_Impl/*</include> + <include>handbook/*</include> </includes> </fileSet> </fileSets> diff --git a/connector/src/assembly/assembly_zip.xml b/connector/src/assembly/assembly_zip.xml index 579da2e1..43877283 100644 --- a/connector/src/assembly/assembly_zip.xml +++ b/connector/src/assembly/assembly_zip.xml @@ -43,6 +43,9 @@ <includes> <!-- include>README.md</include --> <include>readme_${project.version}.txt</include> + <include>readme_${project.version}.md</include> + <include>eIDAS_Ref_Impl/*</include> + <include>handbook/*</include> </includes> </fileSet> </fileSets> diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java index c41660ce..3a93c1b8 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java @@ -30,6 +30,7 @@ import org.springframework.stereotype.Service; import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; @@ -37,8 +38,9 @@ import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper; import lombok.extern.slf4j.Slf4j; @Service("AuthenticationDataBuilder") @@ -47,9 +49,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder @Override protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException { - final IAuthProcessDataContainer authProcessData = - pendingReq.getSessionData(AuthProcessDataWrapper.class); - AuthenticationData authData = new AuthenticationData(); + final EidAuthProcessDataWrapper authProcessData = + pendingReq.getSessionData(EidAuthProcessDataWrapper.class); + EidAuthenticationData authData = new EidAuthenticationData(); //set basis infos super.generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData); @@ -58,6 +60,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder authData.setSsoSessionValidTo( new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); + authData.setEidStatus(authProcessData.isTestIdentity() + ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY); + return authData; } @@ -65,16 +70,21 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder @Override protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) throws EaafException { - if (authData instanceof AuthenticationData) { - ((AuthenticationData)authData).setGenericData( + if (authData instanceof EidAuthenticationData) { + ((EidAuthenticationData)authData).setGenericData( ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, pendingReq.getUniquePiiTransactionIdentifier()); log.trace("Inject piiTransactionId: {} into AuthData", pendingReq.getUniquePiiTransactionIdentifier()); // set specific informations - ((AuthenticationData)authData).setSsoSessionValidTo( + ((EidAuthenticationData)authData).setSsoSessionValidTo( new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); + //set E-ID status-level + final EidAuthProcessDataWrapper authProcessData = + pendingReq.getSessionData(EidAuthProcessDataWrapper.class); + ((EidAuthenticationData)authData).setEidStatus(authProcessData.isTestIdentity() + ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY); } else { throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: " @@ -86,7 +96,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder @Override protected IAuthData getAuthDataInstance(IRequest arg0) throws EaafException { - return new AuthenticationData(); + return new EidAuthenticationData(); } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java index 55ce044d..eef09b8d 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java @@ -28,16 +28,16 @@ import java.util.Locale; import java.util.MissingResourceException; import java.util.ResourceBundle; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; +import org.apache.commons.lang3.StringUtils; import org.springframework.stereotype.Service; import at.gv.egiz.eaaf.core.api.IStatusMessenger; import at.gv.egiz.eaaf.core.exceptions.EaafException; +import lombok.extern.slf4j.Slf4j; @Service("StatusMessageProvider") +@Slf4j public class StatusMessageProvider implements IStatusMessenger { - private static final Logger log = LoggerFactory.getLogger(StatusMessageProvider.class); private static final String ERROR_MESSAGES_UNAVAILABLE = "Error messages can NOT be load from application. Only errorCode: {0} is availabe"; @@ -96,7 +96,6 @@ public class StatusMessageProvider implements IStatusMessenger { return ((EaafException) throwable).getErrorId(); } - return IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC; } @@ -118,7 +117,13 @@ public class StatusMessageProvider implements IStatusMessenger { } else { try { - return externalError.getString(intErrorCode); + if (StringUtils.isNotEmpty(intErrorCode)) { + return externalError.getString(intErrorCode); + + } else { + return IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; + + } } catch (final MissingResourceException e2) { log.info(MessageFormat.format(ERROR_NO_EXTERNALERROR_CODE, new Object[] { intErrorCode })); diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java index a9eb06be..881eeb8a 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java @@ -75,7 +75,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { if (nameIdPolicy != null) { final String nameIdFormat = nameIdPolicy.getFormat(); if (nameIdFormat != null) { - if (!(NameIDType.TRANSIENT.equals(nameIdFormat) + if (!(NameIDType.TRANSIENT.equals(nameIdFormat) || NameIDType.PERSISTENT.equals(nameIdFormat))) { throw new NameIdFormatNotSupportedException(nameIdFormat); @@ -114,10 +114,10 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { // post-process requested LoA comparison-level pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setLoAMachtingMode( extractComparisonLevel(authnReq)); - - //extract information from requested attributes + + // extract information from requested attributes extractFromRequestedAttriutes(pendingReq, authnReq); - + } catch (final EaafStorageException e) { log.info("Can NOT store Authn. Req. data into pendingRequest.", e); throw new AuthnRequestValidatorException("internal.02", null, e); @@ -126,14 +126,14 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { } - private void extractFromRequestedAttriutes(IRequest pendingReq, AuthnRequest authnReq) - throws AuthnRequestValidatorException { + private void extractFromRequestedAttriutes(IRequest pendingReq, AuthnRequest authnReq) + throws AuthnRequestValidatorException, EaafStorageException { // validate and process requested attributes boolean sectorDetected = false; - + final ServiceProviderConfiguration spConfig = pendingReq.getServiceProviderConfiguration( ServiceProviderConfiguration.class); - + if (authnReq.getExtensions() != null) { final List<XMLObject> requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects(); for (final XMLObject reqAttrObj : requestedAttributes) { @@ -143,77 +143,101 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { for (final EaafRequestedAttribute el : reqAttr.getAttributes()) { log.trace("Processing req. attribute '" + el.getName() + "' ... "); if (el.getName().equals(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) { - sectorDetected = extractBpkTargetIdentifier(el, spConfig); - + sectorDetected = extractBpkTargetIdentifier(el, spConfig); + } else if (el.getName().equals(ExtendedPvpAttributeDefinitions.EID_TRANSACTION_ID_NAME)) { extractUniqueTransactionId(el, pendingReq); - + + } else if (el.getName().equals(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME)) { + extractBindingPublicKey(el, pendingReq); + } else { log.debug("Ignore req. attribute: " + el.getName()); - + } } } else { log.debug("No requested Attributes in Authn. Request"); - + } } else { log.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString()); - + } } } - + if (!sectorDetected) { log.warn("Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information."); throw new AuthnRequestValidatorException("pvp2.22", new Object[] { "NO or NO VALID target-sector information" }); } - + + } + + private void extractBindingPublicKey(EaafRequestedAttribute el, IRequest pendingReq) + throws EaafStorageException { + if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { + final String bindingPubKey = el.getAttributeValues().get(0).getDOM().getTextContent(); + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey); + log.info("Find Binding Public-Key. eIDAS authentication will be used to create an ID Austria Binding"); + + } else { + log.warn( + "Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute", + el.getName()); + + } } /** * Extract unique transactionId from AuthnRequest. - * - * @param el Requested attribute from AuthnRequest - * @param pendingReq Current pendingRequest object (has to be of type {@link RequestImpl}) - * @return <code>true</code> if transactionId extraction was successful, otherwise <code>false</code> + * + * @param el Requested attribute from AuthnRequest + * @param pendingReq Current pendingRequest object (has to be of type + * {@link RequestImpl}) + * @return <code>true</code> if transactionId extraction was successful, + * otherwise <code>false</code> */ private boolean extractUniqueTransactionId(EaafRequestedAttribute el, IRequest pendingReq) { if (!(pendingReq instanceof RequestImpl)) { - log.warn("Can NOT set unique transactionId from AuthnRequest,because 'PendingRequest' is NOT from Type: {}", + log.warn( + "Can NOT set unique transactionId from AuthnRequest,because 'PendingRequest' is NOT from Type: {}", RequestImpl.class.getName()); - - } else { + + } else { if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { - final String transactionId = el.getAttributeValues().get(0).getDOM().getTextContent(); - ((RequestImpl)pendingReq).setUniqueTransactionIdentifier(transactionId); + final String transactionId = el.getAttributeValues().get(0).getDOM().getTextContent(); + ((RequestImpl) pendingReq).setUniqueTransactionIdentifier(transactionId); return true; } else { - log.warn("Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute", + log.warn( + "Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute", el.getName()); - + } - + } - + return false; } /** * Extract the bPK target from requested attribute. - * - * @param el Requested attribute from AuthnRequest + * + * @param el Requested attribute from AuthnRequest * @param spConfig Service-Provider configuration for current process - * @return <code>true</code> if bPK target extraction was successful, otherwise <code>false</code> + * @return <code>true</code> if bPK target extraction was successful, otherwise + * <code>false</code> */ - private boolean extractBpkTargetIdentifier(EaafRequestedAttribute el, ServiceProviderConfiguration spConfig) { + private boolean extractBpkTargetIdentifier(EaafRequestedAttribute el, + ServiceProviderConfiguration spConfig) { if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { - final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent(); + final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent(); try { spConfig.setBpkTargetIdentifier(sectorId); return true; @@ -227,16 +251,16 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { log.warn("Req. attribute '" + el.getName() + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute"); } - + return false; - + } - - private void postprocessLoaLevel(IRequest pendingReq, AuthnRequest authnReq) + + private void postprocessLoaLevel(IRequest pendingReq, AuthnRequest authnReq) throws AuthnRequestValidatorException { final List<String> reqLoA = extractLoA(authnReq); - log.trace("SP requests LoA with: {}", String.join(", ",reqLoA)); - + log.trace("SP requests LoA with: {}", String.join(", ", reqLoA)); + LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration( MsEidasNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL, EaafConstants.EIDAS_LOA_HIGH)); @@ -246,15 +270,15 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { minimumLoAFromConfig = LevelOfAssurance.HIGH; } - + log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...", - minimumLoAFromConfig); + minimumLoAFromConfig); final List<String> allowedLoA = new ArrayList<>(); for (final String loa : reqLoA) { try { final LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa); String selectedLoA = EaafConstants.EIDAS_LOA_HIGH; - if (intLoa != null + if (intLoa != null && intLoa.numericValue() <= minimumLoAFromConfig.numericValue()) { log.info("Client: {} requested LoA: {} will be upgraded to: {}", pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(), @@ -281,7 +305,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA( allowedLoA); - + } private String extractComparisonLevel(AuthnRequest authnReq) { @@ -335,7 +359,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { private String extractScopeRequsterId(AuthnRequest authnReq) { if (authnReq.getScoping() != null) { final Scoping scoping = authnReq.getScoping(); - if (scoping.getRequesterIDs() != null + if (scoping.getRequesterIDs() != null && scoping.getRequesterIDs().size() > 0) { if (scoping.getRequesterIDs().size() == 1) { return scoping.getRequesterIDs().get(0).getRequesterID(); diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index 8263ea82..e92099ab 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -17,9 +17,9 @@ spring.boot.admin.client.enabled=false ############################################################################# ## MS-speccific eIDAS-Connector configuration -#proxy.context.url.prefix= +#eidas.ms.context.url.prefix= eidas.ms.context.url.request.validation=false -#proxy.configRootDir=file:/.../config/ +#eidas.ms.configRootDir=file:/.../config/ eidas.ms.context.use.clustermode=true eidas.ms.core.logging.level.info.errorcodes=auth.21 @@ -48,14 +48,28 @@ eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256 ## eIDAS Ref. Implementation connector ### eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector +eidas.ms.auth.eIDAS.eid.testidentity.default=false + #eidas.ms.auth.eIDAS.node_v2.forward.endpoint= eidas.ms.auth.eIDAS.node_v2.forward.method=POST eidas.ms.auth.eIDAS.node_v2.countrycode=AT -eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.* -eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true +eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=urn:publicid:gv.at:cdid\+.* + +## use SAML2 requestId as transactionIdentifier to mitigate problems with SAML2 relaystate eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true -eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true +## use hashed version of unique SP-Identifier as requesterId +eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm=true + +## user static requesterId for all SP's in case of LU +eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll=true + + +## set provider name for all public SPs +eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=false + + +#eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat= eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high #eidas.ms.auth.eIDAS.szrclient.useTestService=true @@ -108,6 +122,7 @@ eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=false eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false + ##without mandates eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true @@ -136,7 +151,7 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true #eidas.ms.pvp2.key.metadata.password=password #eidas.ms.pvp2.key.signing.alias=sig #eidas.ms.pvp2.key.signing.password=password -#eidas.ms.pvp2.metadata.validity=24 +eidas.ms.pvp2.metadata.validity=24 #eidas.ms.pvp2.metadata.organisation.name=JUnit #eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit @@ -157,8 +172,6 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true ##only for advanced config -eidas.ms.configuration.sp.disableRegistrationRequirement= -#eidas.ms.configuration.restrictions.baseID.spTransmission= -eidas.ms.configuration.auth.default.countrycode= -eidas.ms.configuration.pvp.scheme.validation= -eidas.ms.configuration.pvp.enable.entitycategories=
\ No newline at end of file +eidas.ms.configuration.sp.disableRegistrationRequirement=false +eidas.ms.configuration.pvp.scheme.validation=true +eidas.ms.configuration.pvp.enable.entitycategories=false
\ No newline at end of file diff --git a/connector/src/main/resources/logback.xml b/connector/src/main/resources/logback.xml index 7aa2d0cc..9679d9e4 100644 --- a/connector/src/main/resources/logback.xml +++ b/connector/src/main/resources/logback.xml @@ -8,96 +8,6 @@ <!-- http://www.qos.ch/shop/products/professionalSupport --> <!-- --> <configuration> - <appender name="msnode" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender --> - <File>logs/eidas-ms-specific.log</File> - <encoder> - <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern> - </encoder> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <maxIndex>9999</maxIndex> - <FileNamePattern>logs/eidas-ms-specific.log.%i - </FileNamePattern> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <MaxFileSize>10000KB</MaxFileSize> - </triggeringPolicy> - </appender> - <appender name="EIDASNODE" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender --> - <File>logs/eIDAS_node.log</File> - <encoder> - <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern> - </encoder> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <maxIndex>9999</maxIndex> - <FileNamePattern>logs/eIDAS_node.log.%i - </FileNamePattern> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <MaxFileSize>10000KB</MaxFileSize> - </triggeringPolicy> - </appender> - <appender name="reversion" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender --> - <File>logs/eidas-ms-reversion.log</File> - <encoder> - <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern> - </encoder> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <maxIndex>9999</maxIndex> - <FileNamePattern>logs/eidas-ms-reversion.log.%i - </FileNamePattern> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <MaxFileSize>10000KB</MaxFileSize> - </triggeringPolicy> - </appender> - <appender name="statistic" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender --> - <File>logs/eidas-ms-statistic.log</File> - <encoder> - <pattern>%m%n</pattern> - </encoder> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <maxIndex>9999</maxIndex> - <FileNamePattern>logs/eidas-ms-statistic.log.%i - </FileNamePattern> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <MaxFileSize>10000KB</MaxFileSize> - </triggeringPolicy> - </appender> - <appender name="stdout" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender --> - <File>logs/console.log</File> - <encoder> - <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern> - </encoder> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <maxIndex>9999</maxIndex> - <FileNamePattern>logs/console.log.%i - </FileNamePattern> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <MaxFileSize>10000KB</MaxFileSize> - </triggeringPolicy> - </appender> <appender name="console" class="ch.qos.logback.core.ConsoleAppender"> <encoder> @@ -105,27 +15,16 @@ </encoder> </appender> <logger name="at.gv.egiz.eaaf" level="info"> - <appender-ref ref="msnode" /> + <appender-ref ref="console" /> </logger> <logger name="eu.eidas" additivity="false" level="info"> - <appender-ref ref="EIDASNODE" /> + <appender-ref ref="console" /> </logger> <logger name="at.gv.egiz.eidas.specific" additivity="false" level="info"> - <appender-ref ref="msnode" /> - </logger> - <logger - name="at.gv.egiz.eidas.specific.connector.logger.RevisionLogger" - additivity="false" level="info"> - <appender-ref ref="reversion" /> - </logger> - <logger - name="at.gv.egiz.eidas.specific.connector.logger.StatisticLogger" - additivity="false" level="info"> - <appender-ref ref="statistic" /> + <appender-ref ref="console" /> </logger> <root level="info"> - <appender-ref ref="stdout" /> <appender-ref ref="console" /> </root> </configuration> diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java index 1690016e..4e66d324 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java @@ -51,13 +51,12 @@ import org.springframework.web.context.WebApplicationContext; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; -import com.skjolberg.mockito.soap.SoapServiceRule; +import com.github.skjolber.mockito.soap.SoapServiceRule; import at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalController; import at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint; import at.asitplus.eidas.specific.connector.provider.PvpEndPointCredentialProvider; import at.asitplus.eidas.specific.connector.provider.PvpMetadataProvider; -import at.asitplus.eidas.specific.connector.test.saml2.Pvp2SProfileEndPointTest; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; @@ -76,6 +75,7 @@ import at.gv.e_government.reference.namespace.persondata.de._20040201.Identifica import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer; import at.gv.egiz.eaaf.core.api.IStatusMessenger; import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController; import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory; @@ -115,7 +115,7 @@ import szrservices.SignContentResponseType; public class FullStartUpAndProcessTest { private static final String FINAL_REDIRECT = "http://localhost/public/secure/finalizeAuthProtocol?pendingid="; - + @Autowired private WebApplicationContext wac; @Autowired private PvpEndPointCredentialProvider credentialProvider; @Autowired private PvpMetadataProvider metadataProvider; @@ -178,7 +178,6 @@ public class FullStartUpAndProcessTest { System.out.println("Closiong Ignite Node ... "); Ignition.stopAll(true); - //set Ignite-node holder to 'null' because static holders are shared between different tests final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance"); field.setAccessible(true); @@ -400,7 +399,8 @@ public class FullStartUpAndProcessTest { Assert.assertEquals("SAML2 status", Constants.SUCCESS_URI, saml2.getStatus().getStatusCode().getValue()); final AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(saml2); - Assert.assertEquals("wrong resp attr. size", 6, extractor.getAllIncludeAttributeNames().size()); + + Assert.assertEquals("wrong resp attr. size", 7, extractor.getAllIncludeAttributeNames().size()); Assert.assertEquals("Wrong attr: LoA ", "http://eidas.europa.eu/LoA/high", extractor.getSingleAttributeValue("urn:oid:1.2.40.0.10.2.1.1.261.108")); Assert.assertEquals("Wrong attr: PVP_VERSION ", "2.2", @@ -413,7 +413,9 @@ public class FullStartUpAndProcessTest { extractor.getSingleAttributeValue("urn:eidgvat:attributes.authblock.signed")); Assert.assertNotNull("Wrong attr: piiTras.Id ", extractor.getSingleAttributeValue("urn:eidgvat:attributes.piiTransactionId")); - + Assert.assertEquals("Wrong attr:EID_STATUS_LEVEL ", "http://eid.gv.at/eID/status/identity", + extractor.getSingleAttributeValue(PvpAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_NAME)); + } private void injectSzrResponse() throws Exception { @@ -538,7 +540,7 @@ public class FullStartUpAndProcessTest { IOException, MarshallingException, ComponentInitializationException { final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), - Pvp2SProfileEndPointTest.class.getResourceAsStream("/data/pvp2_authn_1.xml")); + FullStartUpAndProcessTest.class.getResourceAsStream("/data/pvp2_authn_1.xml")); authnReq.setIssueInstant(DateTime.now()); RequestAbstractType signedAuthnReq = Saml2Utils.signSamlObject(authnReq, credentialProvider.getMessageSigningCredential(), true); diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java index f4b8e57c..17ecb2ca 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java @@ -11,6 +11,7 @@ import java.util.Map; import javax.xml.transform.TransformerException; import org.apache.commons.lang3.RandomStringUtils; +import org.apache.commons.lang3.RandomUtils; import org.junit.Assert; import org.junit.Before; import org.junit.BeforeClass; @@ -35,6 +36,7 @@ import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; @@ -43,7 +45,9 @@ import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; import at.gv.egiz.eaaf.core.exceptions.EaafParserException; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder; +import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; @@ -118,8 +122,10 @@ public class AuthenticationDataBuilderTest { @Test public void eidMode() throws EaafAuthenticationException { // initialize state + boolean isTestIdentity = RandomUtils.nextBoolean(); pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); - + pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity); + // execute IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); @@ -128,6 +134,9 @@ public class AuthenticationDataBuilderTest { Assert.assertNotNull("authBlock null", authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class)); Assert.assertNotNull("eidasBind null", authData.getGenericData(Constants.EIDAS_BIND, String.class)); Assert.assertNotNull("LoA null", authData.getEidasQaaLevel()); + Assert.assertEquals("testIdentity flag", + isTestIdentity ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY, + ((EidAuthenticationData)authData).getEidStatus()); String authBlock = authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class); String eidasBind = authData.getGenericData(Constants.EIDAS_BIND, String.class); @@ -159,6 +168,8 @@ public class AuthenticationDataBuilderTest { @Test public void moaIdMode() throws EaafAuthenticationException, EaafBuilderException { //initialize state + boolean isTestIdentity = RandomUtils.nextBoolean(); + pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity); pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(false); IIdentityLink idl = buildDummyIdl(); pendingReq.getSessionData(AuthProcessDataWrapper.class).setIdentityLink(idl); @@ -173,6 +184,9 @@ public class AuthenticationDataBuilderTest { Assert.assertNull("piiTransactionId", authData.getGenericData(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, String.class)); + Assert.assertEquals("testIdentity flag", + isTestIdentity ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY, + ((EidAuthenticationData)authData).getEidStatus()); Assert.assertNotNull("assertion validTo", authData.getSsoSessionValidTo()); Assert.assertNotNull("LoA null", authData.getEidasQaaLevel()); diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java index 9aafb4b6..c57515a0 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java @@ -214,6 +214,11 @@ public class AuthnRequestValidatorTest { Assert.assertEquals("wrong transactionId", "transId_11223344556677aabbcc", pendingReq.getUniqueTransactionIdentifier()); + + Assert.assertEquals("wrong binding pubkey", "binding_pubKey_1144225247125dsfasfasdf", + pendingReq.getRawData(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, String.class)); + + } diff --git a/connector/src/test/resources/data/metadata_valid_without_encryption.xml b/connector/src/test/resources/data/metadata_valid_without_encryption.xml index b224c336..32b24e91 100644 --- a/connector/src/test/resources/data/metadata_valid_without_encryption.xml +++ b/connector/src/test/resources/data/metadata_valid_without_encryption.xml @@ -71,6 +71,7 @@ ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L</ds:X509Certificate> <md:RequestedAttribute FriendlyName="userAuthBlock" Name="urn:eidgvat:attributes.authblock.signed" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> <md:RequestedAttribute FriendlyName="eidBind" Name="urn:eidgvat:attributes.eidbind" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> <md:RequestedAttribute FriendlyName="piiTransactionId" Name="urn:eidgvat:attributes.piiTransactionId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> + <md:RequestedAttribute FriendlyName="EID-IDENTITY-STATUS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.109" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> </md:AttributeConsumingService> </md:SPSSODescriptor> <md:Organization> diff --git a/connector/src/test/resources/data/pvp2_authn_3.xml b/connector/src/test/resources/data/pvp2_authn_3.xml index 35e49b0f..5352c441 100644 --- a/connector/src/test/resources/data/pvp2_authn_3.xml +++ b/connector/src/test/resources/data/pvp2_authn_3.xml @@ -31,6 +31,9 @@ <eid:RequestedAttribute FriendlyName="transactionId" Name="urn:eidgvat:attributes.transactionId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"> <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">transId_11223344556677aabbcc</eid:AttributeValue> </eid:RequestedAttribute> + <eid:RequestedAttribute FriendlyName="Binding-PublicKey" Name="urn:eidgvat:attributes.binding.pubkey" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"> + <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">binding_pubKey_1144225247125dsfasfasdf</eid:AttributeValue> + </eid:RequestedAttribute> </eid:RequestedAttributes> </saml2p:Extensions> <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/> |