build 'requesterId' for private-sector SP's based on hashed unique AppIds

set 'requesterId' and 'providerName' to static value for any type of SP
author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2021-01-19 10:37:45 +0100
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2021-01-19 11:42:21 +0100
commit: 58b3c1c2d7a27775af8c0b7c9d12dea08aa575fa (patch)
tree: 803baa58694bf22ce52dfc8787571efc4f59b664 /eidas_modules/authmodule-eIDAS-v2/src/test/java/at
parent: c77fcb3e75da79647f099216c3478ecdf219a120 (diff)
download: National_eIDAS_Gateway-58b3c1c2d7a27775af8c0b7c9d12dea08aa575fa.tar.gz
National_eIDAS_Gateway-58b3c1c2d7a27775af8c0b7c9d12dea08aa575fa.tar.bz2
National_eIDAS_Gateway-58b3c1c2d7a27775af8c0b7c9d12dea08aa575fa.zip
3 files changed, 196 insertions, 3 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
index c416b515..f796bd86 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
@@ -83,6 +83,7 @@ public class GenerateAuthnRequestTaskTest {
     pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue());
     pendingReq.setAuthUrl("http://test.com/");
 
+    basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm", "true");
     basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.entityId", 
         RandomStringUtils.randomAlphabetic(10));
     basicConfig.putConfigValue(
@@ -297,7 +298,7 @@ public class GenerateAuthnRequestTaskTest {
     basicConfig.putConfigValue(
         "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
     basicConfig.putConfigValue(
-        "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true");
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderNames", "true");
     basicConfig.putConfigValue(
         "eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs", "myNode");
     
@@ -366,6 +367,101 @@ public class GenerateAuthnRequestTaskTest {
   }
   
   @Test
+  public void publicSpWithCountryLu() throws TaskExecutionException,
+      SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException {
+    //set-up test
+    executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU");
+    executionContext.put("selectedEnvironment", "prod");
+    
+    String providerName = RandomStringUtils.randomAlphanumeric(10);
+    pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+            
+    basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
+            
+    String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);    
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
+    
+    //execute test
+    task.execute(pendingReq, executionContext);
+        
+    //validate state
+    Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus());
+    Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location"));
+    Assert.assertTrue("Wrong redirect endpoint", 
+        ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint));
+        
+    
+    final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
+
+    Assert.assertEquals("PrividerName", "myNode", eidasReq.getProviderName());
+    Assert.assertEquals("RequesterId found", "myNode", eidasReq.getRequesterId());
+    Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType());
+    Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH, 
+        eidasReq.getLevelOfAssurance());
+    
+    Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size());
+    
+  }
+  
+  @Test
+  public void privateSpWithCountryLu() throws TaskExecutionException,
+      SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException {
+    //set-up test
+    executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU");
+    executionContext.put("selectedEnvironment", "prod");
+    
+    String providerName = RandomStringUtils.randomAlphanumeric(10);
+    String requesterId = RandomStringUtils.randomAlphanumeric(10);
+    pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+    pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, requesterId);
+    
+    spConfig.put("target", 
+        EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6));
+            
+    basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true");
+            
+    String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);    
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
+    
+    //execute test
+    task.execute(pendingReq, executionContext);
+        
+    //validate state
+    Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus());
+    Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location"));
+    Assert.assertTrue("Wrong redirect endpoint", 
+        ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint));
+        
+    
+    final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
+
+    Assert.assertEquals("PrividerName", "myNode", eidasReq.getProviderName());
+    Assert.assertEquals("RequesterId", "myNode", eidasReq.getRequesterId());
+    Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType());
+    Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH, 
+        eidasReq.getLevelOfAssurance());
+    
+    Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size());
+    
+  }
+  
+  @Test
   public void withEidasNodePostReqNotValidTemplate() throws TaskExecutionException,
       SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException {
     //set-up test
@@ -409,6 +505,53 @@ public class GenerateAuthnRequestTaskTest {
         EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6));
     String providerName = RandomStringUtils.randomAlphanumeric(10);
     pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+    pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, "http://junit.sp");
+
+    basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false");
+    
+    String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);    
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
+        
+    
+    //perform test
+    task.execute(pendingReq, executionContext);
+    
+    //validate state
+    Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus());
+    Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location"));
+    Assert.assertTrue("Wrong redirect endpoint", 
+        ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint));
+    
+
+    final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
+
+    Assert.assertEquals("PrividerName", providerName, eidasReq.getProviderName());
+    Assert.assertEquals("RequesterId", "Wr8LrrVf5SYneblOlZdZNaLQQCCgzklfKQvyeZjBx10=", eidasReq.getRequesterId());
+    Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType());
+    Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance());
+    
+  }
+  
+  @Test
+  public void privateSPWithoutRequestIdHashing() throws TaskExecutionException,
+      SpecificCommunicationException, EaafStorageException {
+    //set-up test
+    executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC");
+    spConfig.put("target", 
+        EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6));
+    String providerName = RandomStringUtils.randomAlphanumeric(10);
+    String requesterId = RandomStringUtils.randomAlphanumeric(10);
+    pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+    pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, requesterId);
 
     basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
     basicConfig.putConfigValue(
@@ -417,6 +560,7 @@ public class GenerateAuthnRequestTaskTest {
         "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
     basicConfig.putConfigValue(
         "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false");
+    basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm", "false");
     
     String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
     basicConfig.putConfigValue(
@@ -438,7 +582,7 @@ public class GenerateAuthnRequestTaskTest {
     final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
 
     Assert.assertEquals("PrividerName", providerName, eidasReq.getProviderName());
-    Assert.assertEquals("RequesterId", providerName, eidasReq.getRequesterId());
+    Assert.assertEquals("RequesterId", requesterId, eidasReq.getRequesterId());
     Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType());
     Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance());
     
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
index d0ab50f4..7ac41500 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
@@ -146,9 +146,10 @@ public class EidasRequestPreProcessingFirstTest {
 
     Assert.assertEquals("ProviderName is not Static",
         Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, lightReq.getProviderName());
+    Assert.assertNotSame("RequesterId was set", lightReq.getRequesterId());
     Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
     Assert.assertEquals("Requested attribute size not match", 8, lightReq.getRequestedAttributes().size());
 
   }
-
+    
 }
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
index c44e803b..4a03fac1 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
@@ -86,6 +86,9 @@ public class EidasRequestPreProcessingSecondTest {
     authnRequestBuilder.issuer("Test");
     authnRequestBuilder.levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH);
 
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "true");
+    
   }
 
   @Test
@@ -106,4 +109,49 @@ public class EidasRequestPreProcessingSecondTest {
 
   }
 
+
+  /*
+   * Set ProviderName according to general configuration
+   */
+  @Test
+  public void prePreProcessLuPublicSpWithoutRequestId() throws EidPostProcessingException {
+
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "false");
+    
+    final String testCountry = "LU";
+    authnRequestBuilder.citizenCountryCode(testCountry);
+    preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
+
+    final LightRequest lightReq = authnRequestBuilder.build();
+
+    Assert.assertEquals("ProviderName is not Static", "myNode", lightReq.getProviderName());
+    Assert.assertNull("RequesterId", lightReq.getRequesterId());
+    Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
+    Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size());
+
+  }
+  
+  /* 
+   * Always set requesterId and providername in case of country LU
+   */
+  @Test
+  public void prePreProcessLuPublicSpWithStaticRequesterId() throws EidPostProcessingException {
+
+    
+    final String testCountry = "LU";
+    authnRequestBuilder.citizenCountryCode(testCountry);
+    preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
+
+    final LightRequest lightReq = authnRequestBuilder.build();
+
+    Assert.assertEquals("ProviderName is not Static",
+        "myNode", lightReq.getProviderName());
+    Assert.assertEquals("RequesterId is not Static",
+        "myNode", lightReq.getRequesterId());
+    Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
+    Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size());
+
+  }
+  
 }
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2021-01-19 10:37:45 +0100
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2021-01-19 11:42:21 +0100
commit	58b3c1c2d7a27775af8c0b7c9d12dea08aa575fa (patch)
tree	803baa58694bf22ce52dfc8787571efc4f59b664 /eidas_modules/authmodule-eIDAS-v2/src/test/java/at
parent	c77fcb3e75da79647f099216c3478ecdf219a120 (diff)
download	National_eIDAS_Gateway-58b3c1c2d7a27775af8c0b7c9d12dea08aa575fa.tar.gz National_eIDAS_Gateway-58b3c1c2d7a27775af8c0b7c9d12dea08aa575fa.tar.bz2 National_eIDAS_Gateway-58b3c1c2d7a27775af8c0b7c9d12dea08aa575fa.zip