aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src
diff options
context:
space:
mode:
authorAlexander Marsalek <amarsalek@iaik.tugraz.at>2021-02-01 09:42:38 +0100
committerAlexander Marsalek <amarsalek@iaik.tugraz.at>2021-02-02 12:55:15 +0100
commitde03adfbe79968f65bb711d7b3a583eeb1054140 (patch)
tree7d805b1c968639b4a14acd6e1356ec43e72d45f0 /eidas_modules/authmodule-eIDAS-v2/src
parent4c621edbacbaed95edf4cac3a44a84e9e5c55819 (diff)
downloadNational_eIDAS_Gateway-de03adfbe79968f65bb711d7b3a583eeb1054140.tar.gz
National_eIDAS_Gateway-de03adfbe79968f65bb711d7b3a583eeb1054140.tar.bz2
National_eIDAS_Gateway-de03adfbe79968f65bb711d7b3a583eeb1054140.zip
more transitions & tests
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java8
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java33
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java121
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java3
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java6
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java79
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java16
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java266
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml8
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml12
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java169
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java131
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java7
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml27
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties34
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties119
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/junit_test.jksbin0 -> 8410 bytes
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/teststore.jksbin0 -> 2028 bytes
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/junit_test.jksbin0 -> 8410 bytes
20 files changed, 835 insertions, 206 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index 858637e9..ba57b28e 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -180,4 +180,12 @@ public class Constants {
public static final String COUNTRY_CODE_DE = "DE";
public static final String COUNTRY_CODE_IT = "IT";
+
+ public static final String TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK = "TASK_CreateNewErnpEntryTask";
+ public static final String TRANSITION_TO_CREATE_GENERATE_GUI_TASK = "TASK_GenerateGuiTask";
+ public static final String TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK =
+ "Task_GenerateGuiQueryAustrianResidenceTask";
+ public static final String TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK =
+ "TASK_GenerateMobilePhoneSignatureRequestTask";
+ public static final String TRANSITION_TO_GENERATE_EIDAS_LOGIN = "TASK_TODO";
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java
new file mode 100644
index 00000000..f28d8afa
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2020 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception;
+
+public class InvalidUserInputException extends EidasSAuthenticationException {
+ private static final long serialVersionUID = 1L;
+
+ public InvalidUserInputException() {
+ super("eidas.10", null);
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java
new file mode 100644
index 00000000..30c8b65f
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java
@@ -0,0 +1,121 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.saml.saml2.metadata.ContactPerson;
+import org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration;
+import org.opensaml.saml.saml2.metadata.EmailAddress;
+import org.opensaml.saml.saml2.metadata.GivenName;
+import org.opensaml.saml.saml2.metadata.Organization;
+import org.opensaml.saml.saml2.metadata.OrganizationDisplayName;
+import org.opensaml.saml.saml2.metadata.OrganizationName;
+import org.opensaml.saml.saml2.metadata.OrganizationURL;
+import org.opensaml.saml.saml2.metadata.SurName;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import java.util.Arrays;
+import java.util.List;
+
+public class IdAustriaAuthPvpConfiguration implements IPvp2BasicConfiguration {
+
+ private static final String DEFAULT_XML_LANG = "en";
+
+ @Autowired
+ private IConfiguration basicConfig;
+
+ @Override
+ public String getIdpEntityId(String authUrl) throws EaafException {
+ return authUrl + IdAustriaClientAuthConstants.ENDPOINT_METADATA;
+
+ }
+
+ @Override
+ public String getIdpSsoPostService(String authUrl) throws EaafException {
+ return null;
+
+ }
+
+ @Override
+ public String getIdpSsoRedirectService(String authUrl) throws EaafException {
+ return null;
+
+ }
+
+ @Override
+ public String getIdpSsoSoapService(String extractAuthUrlFromRequest) throws EaafException {
+ return null;
+
+ }
+
+ @Override
+ public List<ContactPerson> getIdpContacts() throws EaafException {
+ final ContactPerson contactPerson = Saml2Utils.createSamlObject(ContactPerson.class);
+ final GivenName givenName = Saml2Utils.createSamlObject(GivenName.class);
+ final SurName surname = Saml2Utils.createSamlObject(SurName.class);
+ final EmailAddress emailAddress = Saml2Utils.createSamlObject(EmailAddress.class);
+
+ givenName.setName(getAndVerifyFromConfiguration(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_GIVENNAME));
+ surname.setName(getAndVerifyFromConfiguration(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_SURNAME));
+ emailAddress.setAddress(getAndVerifyFromConfiguration(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_EMAIL));
+
+ contactPerson.setType(ContactPersonTypeEnumeration.TECHNICAL);
+ contactPerson.setGivenName(givenName);
+ contactPerson.setSurName(surname);
+ contactPerson.getEmailAddresses().add(emailAddress);
+
+ return Arrays.asList(contactPerson);
+
+ }
+
+ @Override
+ public Organization getIdpOrganisation() throws EaafException {
+ final Organization organisation = Saml2Utils.createSamlObject(Organization.class);
+ final OrganizationName orgName = Saml2Utils.createSamlObject(OrganizationName.class);
+ final OrganizationDisplayName orgDisplayName = Saml2Utils.createSamlObject(OrganizationDisplayName.class);
+ final OrganizationURL orgUrl = Saml2Utils.createSamlObject(OrganizationURL.class);
+
+ orgName.setXMLLang(DEFAULT_XML_LANG);
+ orgName.setValue(getAndVerifyFromConfiguration(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_NAME));
+
+ orgDisplayName.setXMLLang(DEFAULT_XML_LANG);
+ orgDisplayName.setValue(getAndVerifyFromConfiguration(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME));
+
+ orgUrl.setXMLLang(DEFAULT_XML_LANG);
+ orgUrl.setValue(getAndVerifyFromConfiguration(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_URL));
+
+
+ organisation.getOrganizationNames().add(orgName);
+ organisation.getDisplayNames().add(orgDisplayName);
+ organisation.getURLs().add(orgUrl);
+
+ return organisation;
+ }
+
+
+ @Override
+ public IConfiguration getBasicConfiguration() {
+ return basicConfig;
+
+ }
+
+ private String getAndVerifyFromConfiguration(String configKey) throws EaafConfigurationException {
+ final String value = basicConfig.getBasicConfiguration(configKey);
+ if (StringUtils.isEmpty(value)) {
+ throw new EaafConfigurationException("module.eidasauth.00",
+ new Object[]{configKey});
+
+ }
+
+ return value;
+ }
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java
index 69386194..2608cad1 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java
@@ -19,7 +19,7 @@ public class IdAustriaClientAuthCredentialProvider extends AbstractCredentialPro
@Autowired
IConfiguration authConfig;
- private static final String FRIENDLYNAME = "eIDAS centrial authentication";
+ private static final String FRIENDLYNAME = "ID Austria authentication";
@Override
public KeyStoreConfiguration getBasicKeyStoreConfig() throws EaafConfigurationException {
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
index 546a2039..af1ef6f7 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
@@ -82,9 +82,6 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet
log.trace("Starting GenerateMobilePhoneSignatureRequestTask");
//step 15a
- //final IAhSpConfiguration spConfig = pendingReq.getServiceProviderConfiguration(
- // IAhSpConfiguration.class);
-
// get entityID for ms-specific eIDAS node
final String msNodeEntityID = "TODO";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
index 99da21a1..2e754e14 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
@@ -207,13 +207,13 @@ public class InitialSearchTask extends AbstractAuthServletTask {
MergedRegisterSearchResult mdsSearchResult = new MergedRegisterSearchResult(resultsZmr, resultsErnp);
if (mdsSearchResult.getResultCount() == 0) {
- executionContext.put("TASK_CreateNewErnpEntryTask", true);
+ executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK, true);
} else {
- executionContext.put("TASK_GenerateGuiTask", true);
+ executionContext.put(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK, true);
}
//TODO implement next phase and return correct value
- return "TODO-Temporary-Endnode-105";
+ return null;
}
private MergedRegisterSearchResult searchInZmrAndErnp(String personIdentifier) {
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java
index 34fbf507..977262bb 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java
@@ -23,7 +23,9 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
@@ -46,33 +48,70 @@ import java.util.Enumeration;
@Component("ReceiveGuiAustrianResidenceResponseTask")
public class ReceiveGuiAustrianResidenceResponseTask extends AbstractAuthServletTask {
- final String loginMethod = "loginSelection";
+ final String formerResidenceAvailableParameterName = "formerResidenceAvailable";
+ final String streetParameterName = "street";
+ final String zipCodeParameterName = "zipcode";
+ final String cityParameterName = "city";
+ private final IZmrClient zmrClient;
+
+ public ReceiveGuiAustrianResidenceResponseTask(IZmrClient zmrClient) {
+ this.zmrClient = zmrClient;
+ }
//TODO
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
- try {
- log.trace("Starting ReceiveGuiAustrianResidenceResponseTask");
- // set parameter execution context
- final Enumeration<String> reqParamNames = request.getParameterNames();
- while (reqParamNames.hasMoreElements()) {
- final String paramName = reqParamNames.nextElement();
- if (StringUtils.isNotEmpty(paramName)
- && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)
- && loginMethod.equalsIgnoreCase(paramName)) {
- String value = StringEscapeUtils.escapeHtml(request.getParameter(paramName));
- SelectedLoginMethod selection = SelectedLoginMethod.valueOf(value);
- executionContext.put(loginMethod, selection);
-
- }
+ log.trace("Starting ReceiveGuiAustrianResidenceResponseTask");
+ // set parameter execution context
+ final Enumeration<String> reqParamNames = request.getParameterNames();
+ String street = null;
+ String city = null;
+ String zipcode = null;
+ Boolean formerResidenceAvailable = false;
+ while (reqParamNames.hasMoreElements()) {
+ final String paramName = reqParamNames.nextElement();
+ if (StringUtils.isNotEmpty(paramName)
+ && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)
+ && formerResidenceAvailableParameterName.equalsIgnoreCase(paramName)) {
+ formerResidenceAvailable =
+ Boolean.parseBoolean(StringEscapeUtils.escapeHtml(request.getParameter(paramName)));
+ }
+ if (StringUtils.isNotEmpty(paramName)
+ && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)
+ && streetParameterName.equalsIgnoreCase(paramName)) {
+ street = StringEscapeUtils.escapeHtml(request.getParameter(paramName));
+ }
+ if (StringUtils.isNotEmpty(paramName)
+ && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)
+ && cityParameterName.equalsIgnoreCase(paramName)) {
+ city = StringEscapeUtils.escapeHtml(request.getParameter(paramName));
+ }
+ if (StringUtils.isNotEmpty(paramName)
+ && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)
+ && zipCodeParameterName.equalsIgnoreCase(paramName)) {
+ zipcode = StringEscapeUtils.escapeHtml(request.getParameter(paramName));
}
-
- } catch (final Exception e) {
- log.error("Parsing selected login method FAILED.", e);
- throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.", e);
}
+ if (formerResidenceAvailable) {
+ //step 18
+ if (street.isEmpty() || city.isEmpty() || zipcode.isEmpty()) {
+ //form should ensure that mandatory fields are field =>
+ //this can never happen, expect somebody manipulated the response
+ throw new TaskExecutionException(pendingReq, "Invalid user input", new InvalidUserInputException());
+ }
+ step18_RegisterSearch(street, city, zipcode);//TODO also MDS?
+ } else {
+ //step 20 or for now (phase 1) step 9
+ executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK, true);
+ }
+
+
+ }
+
+ private void step18_RegisterSearch(String street, String city, String zipcode) {
+ System.out.println(street + city + zipcode + zmrClient);//TODO
}
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java
index fa787792..f8f22ce2 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java
@@ -23,7 +23,9 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
@@ -62,7 +64,19 @@ public class ReceiveGuiResponseTask extends AbstractAuthServletTask {
String value = StringEscapeUtils.escapeHtml(request.getParameter(paramName));
SelectedLoginMethod selection = SelectedLoginMethod.valueOf(value);
executionContext.put(loginMethod, selection);
-
+ switch (selection) {
+ case EIDAS_LOGIN:
+ executionContext.put(Constants.TRANSITION_TO_GENERATE_EIDAS_LOGIN, true);
+ break;
+ case MOBILE_PHONE_SIGNATURE_LOGIN:
+ executionContext.put(Constants.TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK, true);
+ break;
+ case NO_OTHER_LOGIN:
+ executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true);
+ break;
+ default:
+ throw new InvalidUserInputException();
+ }
}
}
} catch (final Exception e) {
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
index 9d30b581..8b58f2e1 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
@@ -35,14 +35,13 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustri
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient;
-import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption;
@@ -68,12 +67,13 @@ import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
-import javax.naming.ConfigurationException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.transform.TransformerException;
import java.io.IOException;
+import java.util.HashMap;
import java.util.List;
+import java.util.Set;
/**
* Task that searches ErnB and ZMR before adding person to SZR.
@@ -132,140 +132,120 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
InboundMessage msg = null;
- try {
+ IDecoder decoder = null;
+ EaafUriCompare comperator = null;
+ // select Response Binding
+ if (request.getMethod().equalsIgnoreCase("POST")) {
+ decoder = new PostBinding();
+ comperator = new EaafUriCompare(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_POST);
+ log.trace("Receive PVP Response from 'ID Austria node', by using POST-Binding.");
- IDecoder decoder = null;
- EaafUriCompare comperator = null;
- // select Response Binding
- if (request.getMethod().equalsIgnoreCase("POST")) {
- decoder = new PostBinding();
- comperator = new EaafUriCompare(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_POST);
- log.trace("Receive PVP Response from 'ID Austria node', by using POST-Binding.");
+ } else if (request.getMethod().equalsIgnoreCase("GET")) {
+ decoder = new RedirectBinding();
+ comperator = new EaafUriCompare(pendingReq.getAuthUrl()
+ + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT);
+ log.trace("Receive PVP Response from 'ID Austria node', by using Redirect-Binding.");
- } else if (request.getMethod().equalsIgnoreCase("GET")) {
- decoder = new RedirectBinding();
- comperator = new EaafUriCompare(pendingReq.getAuthUrl()
- + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT);
- log.trace("Receive PVP Response from 'ID Austria node', by using Redirect-Binding.");
-
- } else {
- log.warn("Receive PVP Response, but Binding ("
- + request.getMethod() + ") is not supported.");
- throw new AuthnResponseValidationException(ERROR_PVP_03, new Object[]{
- IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING});
-
- }
-
- // decode PVP response object
- msg = (InboundMessage) decoder.decode(
- request, response, metadataProvider, IDPSSODescriptor.DEFAULT_ELEMENT_NAME,
- comperator);
-
- // validate response signature
- if (!msg.isVerified()) {
- samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(
- metadataProvider));
- msg.setVerified(true);
-
- }
-
- // validate assertion
- final Pair<PvpSProfileResponse, Boolean> processedMsg =
- preProcessAuthResponse((PvpSProfileResponse) msg);
-
- //check if SAML2 response contains user-stop decision
- if (processedMsg.getSecond()) {
- stopProcessFromUserDecision(executionContext, request, response);
-
- } else {
- // validate entityId of response
- final String msNodeEntityID = authConfig.getBasicConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
- final String respEntityId = msg.getEntityID();
- if (!msNodeEntityID.equals(respEntityId)) {
- log.warn("Response Issuer is not a 'ms-specific eIDAS node'. Stopping eIDAS authentication ...");
- throw new AuthnResponseValidationException(ERROR_PVP_08,
- new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING,
- msg.getEntityID()});
-
- }
+ } else {
+ log.warn("Receive PVP Response, but Binding ("
+ + request.getMethod() + ") is not supported.");
+ throw new AuthnResponseValidationException(ERROR_PVP_03, new Object[]{
+ IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING});
- // initialize Attribute extractor
- final AssertionAttributeExtractor extractor =
- new AssertionAttributeExtractor(processedMsg.getFirst().getResponse());
+ }
- getAuthDataFromInterfederation(extractor);
+ // decode PVP response object
+ msg = (InboundMessage) decoder.decode(
+ request, response, metadataProvider, IDPSSODescriptor.DEFAULT_ELEMENT_NAME,
+ comperator);
- // set NeedConsent to false, because user gives consont during authentication
- pendingReq.setNeedUserConsent(false);
+ // validate response signature
+ if (!msg.isVerified()) {
+ samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(
+ metadataProvider));
+ msg.setVerified(true);
- // store pending-request
- requestStoreage.storePendingRequest(pendingReq);
+ }
- //set E-ID process flag to execution context
- // final AhAuthProcessDataWrapper session = pendingReq.getSessionData(
- // AhAuthProcessDataWrapper.class);
- // executionContext.put(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS, session.isEidProcess());
- // executionContext.put(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES, session.isMandateUsed());
+ // validate assertion
+ final Pair<PvpSProfileResponse, Boolean> processedMsg =
+ preProcessAuthResponse((PvpSProfileResponse) msg);
+ //check if SAML2 response contains user-stop decision
+ if (processedMsg.getSecond()) {
+ stopProcessFromUserDecision(executionContext, request, response);
- log.info("Receive a valid assertion from IDP " + msg.getEntityID());
+ } else {
+ // validate entityId of response
+ final String msNodeEntityID = authConfig.getBasicConfiguration(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+ final String respEntityId = msg.getEntityID();
+ if (!msNodeEntityID.equals(respEntityId)) {
+ log.warn("Response Issuer is not a 'ID Austria node'. Stopping eIDAS authentication ...");
+ throw new AuthnResponseValidationException(ERROR_PVP_08,
+ new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING,
+ msg.getEntityID()});
}
- } catch (final AuthnResponseValidationException e) {
- throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e);
-
- } catch (MessageDecodingException | SecurityException | SamlSigningException e) {
- //final String samlRequest = request.getParameter("SAMLRequest");
- //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}",
- // samlRequest, null, e);
- throw new TaskExecutionException(pendingReq, ERROR_MSG_00,
- new AuthnResponseValidationException(ERROR_PVP_11,
- new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e));
-
- } catch (IOException | MarshallingException | TransformerException e) {
- log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
- throw new TaskExecutionException(pendingReq, ERROR_MSG_01,
- new AuthnResponseValidationException(ERROR_PVP_12,
- new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()},
- e));
-
- } catch (final CredentialsNotAvailableException e) {
- log.debug("PVP response decrytion FAILED. No credential found.", e);
- throw new TaskExecutionException(pendingReq, ERROR_MSG_02,
- new AuthnResponseValidationException(ERROR_PVP_10,
- new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e));
-
- } catch (final Exception e) {
- log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e);
- throw new TaskExecutionException(pendingReq, ERROR_MSG_03,
- new AuthnResponseValidationException(ERROR_PVP_12,
- new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));
+ // initialize Attribute extractor
+ final AssertionAttributeExtractor extractor =
+ new AssertionAttributeExtractor(processedMsg.getFirst().getResponse());
+
+ String bpkzp = getAuthDataFromInterfederation(extractor);
+
+ MergedRegisterSearchResult result = searchInZmrAndErnp(bpkzp);
+ if (result.getResultCount() == 0) {
+ //go to step 16
+ executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true);
+ return;
+ } else if (result.getResultCount() == 1) {
+ String bpk =
+ Utils.step7aKittProcess(ernpClient, zmrClient, initialSearchResult, result, eidData, pendingReq);
+ authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk);
+ //node 110
+ } else if (result.getResultCount() > 1) {
+ throw new ManualFixNecessaryException("bpkzp:" + bpkzp);// node 108
+ }
- }
+ // set NeedConsent to false, because user gives consont during authentication
+ pendingReq.setNeedUserConsent(false);
+ log.info("Receive a valid assertion from IDP " + msg.getEntityID());
- //TODO extract bPK-ZP from response
- String bpkzp = "TODO";
- MergedRegisterSearchResult result = searchInZmrAndErnp(bpkzp);
- if (result.getResultCount() == 0) {
- //go to step 16
- //TODO set context variable
- return;
- } else if (result.getResultCount() == 1) {
- String bpk = Utils.step7aKittProcess(ernpClient, zmrClient, initialSearchResult, result, eidData, pendingReq);
- authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk);
- //node 110
- //TODO bpk vs bpkzp???? same?
- } else if (result.getResultCount() > 1) {
- throw new ManualFixNecessaryException("bpkzp:" + bpkzp);// node 108
}
+ } catch (final AuthnResponseValidationException e) {
+ throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e);
+
+ } catch (MessageDecodingException | SecurityException | SamlSigningException e) {
+ //final String samlRequest = request.getParameter("SAMLRequest");
+ //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}",
+ // samlRequest, null, e);
+ throw new TaskExecutionException(pendingReq, ERROR_MSG_00,
+ new AuthnResponseValidationException(ERROR_PVP_11,
+ new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e));
+
+ } catch (IOException | MarshallingException | TransformerException e) {
+ log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
+ throw new TaskExecutionException(pendingReq, ERROR_MSG_01,
+ new AuthnResponseValidationException(ERROR_PVP_12,
+ new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()},
+ e));
+
+ } catch (final CredentialsNotAvailableException e) {
+ log.debug("PVP response decrytion FAILED. No credential found.", e);
+ throw new TaskExecutionException(pendingReq, ERROR_MSG_02,
+ new AuthnResponseValidationException(ERROR_PVP_10,
+ new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e));
+
} catch (final Exception e) {
- log.error("Initial search FAILED.", e);
- throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e);
+ log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e);
+ throw new TaskExecutionException(pendingReq, ERROR_MSG_03,
+ new AuthnResponseValidationException(ERROR_PVP_12,
+ new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));
}
+
}
private Pair<PvpSProfileResponse, Boolean> preProcessAuthResponse(PvpSProfileResponse msg)
@@ -325,44 +305,47 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
return null;
}
- private void getAuthDataFromInterfederation(AssertionAttributeExtractor extractor)
- throws EaafBuilderException, ConfigurationException {
+ private String getAuthDataFromInterfederation(AssertionAttributeExtractor extractor)
+ throws EaafBuilderException {
List<String> requiredEidasNodeAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES;
-
+ String bpk = null;
try {
// check if all attributes are include
if (!extractor.containsAllRequiredAttributes()
|| !extractor.containsAllRequiredAttributes(
requiredEidasNodeAttributes)) {
- log.warn("PVP Response from 'ms-specific eIDAS node' contains not all requested attributes.");
+ log.warn("PVP Response from 'ID Austria node' contains not all requested attributes.");
throw new AssertionValidationExeption(ERROR_PVP_06, new Object[]{
IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING});
}
- // copy attributes into MOASession
- // final AhAuthProcessDataWrapper session = pendingReq.getSessionData(
- // AhAuthProcessDataWrapper.class);
- // final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
- // for (final String attrName : includedAttrNames) {
- // injectAuthInfosIntoSession(session, attrName,
- // extractor.getSingleAttributeValue(attrName));
- //
- // }
-
- //set piiTransactionId from eIDAS Connector
- String piiTransactionId = extractor.getSingleAttributeValue(
- ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME);
- if (StringUtils.isNotEmpty(piiTransactionId) && pendingReq instanceof RequestImpl) {
- log.info("Receive piiTransactionId from Austrian eIDAS Connector. Use this for further processing");
- ((RequestImpl) pendingReq).setUniquePiiTransactionIdentifier(piiTransactionId);
+ HashMap<String, String> map = new HashMap<>();
+ final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
+ for (final String attrName : includedAttrNames) {
+ map.put(attrName, extractor.getSingleAttributeValue(attrName));
- } else {
- log.debug("Receive no piiTransactionId from Austrian eIDAS Connector.");
+ if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) {
+ bpk = extractor.getSingleAttributeValue(attrName);
+ }
+ //injectAuthInfosIntoSession(session, attrName,
+ // extractor.getSingleAttributeValue(attrName));
}
+ //set piiTransactionId from eIDAS Connector
+ // String piiTransactionId = extractor.getSingleAttributeValue(
+ // ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME);
+ // if (StringUtils.isNotEmpty(piiTransactionId) && pendingReq instanceof RequestImpl) {
+ // log.info("Receive piiTransactionId from Austrian eIDAS Connector. Use this for further processing");
+ // ((RequestImpl) pendingReq).setUniquePiiTransactionIdentifier(piiTransactionId);
+ //
+ // } else {
+ // log.debug("Receive no piiTransactionId from Austrian eIDAS Connector.");
+ //
+ // }
+
// set foreigner flag
// session.setForeigner(true);
@@ -383,6 +366,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e);
}
+ return bpk;
}
// private void injectAuthInfosIntoSession(AhAuthProcessDataWrapper session, String attrName, String attrValue)
@@ -404,7 +388,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
// } else if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) {
// session.setQaaLevel(attrValue);
//
- // // } else if (ExtendedPvpAttributeDefinitions.EID_MIS_MANDATE_NAME.equals(attrName)
+ // // } else if (ExtendedPvpAttributeDefinitions.EID_MIS_MANDATE_NAME.equals(attrName)
// // && authConfig.getBasicConfigurationBoolean(
// // IdAustriaClientAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) {
// // session.setMandateDate(new SignedMandateDao(attrValue));
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
index 992ad766..6b67379c 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
@@ -49,13 +49,14 @@
to="receiveGuiResponseTask" />
<pd:Transition from="receiveGuiResponseTask"
to="generateMobilePhoneSignatureRequestTask"
- conditionExpression="ctx['TASK_TODO']"/>
+ conditionExpression="ctx['TASK_GenerateMobilePhoneSignatureRequestTask']"/>
<pd:Transition from="generateMobilePhoneSignatureRequestTask"
to="receiveMobilePhoneSignatureResponseTask" />
<pd:Transition from="receiveMobilePhoneSignatureResponseTask"
to="createNewErnpEntryTask" />
<pd:Transition from="receiveGuiResponseTask"
- to="generateGuiQueryAustrianResidenceTask" />
+ to="generateGuiQueryAustrianResidenceTask"
+ conditionExpression="ctx['Task_GenerateGuiQueryAustrianResidenceTask']"/>
<pd:Transition from="generateGuiQueryAustrianResidenceTask"
to="receiveGuiAustrianResidenceResponseTask" />
@@ -65,7 +66,8 @@
conditionExpression="ctx['TASK_TODO']"/>
<pd:Transition from="receiveGuiAustrianResidenceResponseTask"
- to="createNewErnpEntryTask" />
+ to="createNewErnpEntryTask"
+ conditionExpression="ctx['TASK_TODO']"/>
<pd:Transition from="createNewErnpEntryTask"
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
index 680ec19c..5897fc78 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
@@ -134,14 +134,16 @@
class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveGuiAustrianResidenceResponseTask"
scope="prototype" />
- <bean id="eidasCentralAuthCredentialProvider"
+ <bean id="idAustriaClientAuthCredentialProvider"
class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider" />
- <bean id="eidasCentralAuthMetadataProvider"
- class=" at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider" />
+ <bean id="idAustriaClientAuthMetadataProvider"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider" />
+
+ <bean id="idAustriaClientAuthMetadataController"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController" />
+
- <bean id="eidasCentralAuthMetadataController"
- class=" at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController" />
</beans> \ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java
new file mode 100644
index 00000000..c99c6e6a
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java
@@ -0,0 +1,169 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController;
+import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.metadata.resolver.filter.FilterException;
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.security.x509.BasicX509Credential;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter;
+import net.shibboleth.utilities.java.support.xml.XMLParserException;
+
+
+@RunWith(SpringJUnit4ClassRunner.class)
+//@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties"})
+@TestPropertySource(locations = { "classpath:/config/junit_config_1_springboot.properties" })
+@ContextConfiguration(locations = {
+ "/SpringTest-context_tasks_test.xml",
+ "/SpringTest-context_basic_mapConfig.xml"
+})
+@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS)
+@Ignore
+public class IdAustriaClientAuthMetadataControllerTest {
+
+ private MockHttpServletRequest httpReq;
+ private MockHttpServletResponse httpResp;
+
+ @Autowired private IdAustriaClientAuthMetadataController controller;
+ @Autowired private IdAustriaClientAuthCredentialProvider credProvider;
+ @Autowired private DummyAuthConfigMap config;
+
+ /**
+ * JUnit class initializer.
+ *
+ * @throws Exception In case of an OpenSAML3 initialization error
+ */
+ @BeforeClass
+ public static void initialize() throws Exception {
+ EaafOpenSaml3xInitializer.eaafInitialize();
+
+ }
+
+ /**
+ * Single jUnit-test set-up.
+ */
+ @Before
+ public void testSetup() {
+ httpReq = new MockHttpServletRequest("GET", "http://localhost/authhandler");
+ httpReq.setContextPath("/authhandler");
+ httpResp = new MockHttpServletResponse();
+
+ config.removeConfigValue("core.legacy.allowLegacyMode");
+ config.removeConfigValue("modules.eidascentralauth.semper.mandates.active");
+ config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.1");
+ config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.2");
+ config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.3");
+ config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.4");
+ config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.5");
+ config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.6");
+
+ }
+
+ @Test
+ public void buildMetadataValidInEidMode() throws IOException, EaafException,
+ XMLParserException, UnmarshallingException, FilterException {
+ config.putConfigValue("core.legacy.allowLegacyMode", "false");
+ config.putConfigValue("modules.eidascentralauth.semper.mandates.active", "false");
+
+ //build metdata
+ controller.getSpMetadata(httpReq, httpResp);
+
+ //check result
+ validateResponse(6);
+
+ }
+
+ private void validateResponse(int numberOfRequestedAttributes) throws UnsupportedEncodingException,
+ XMLParserException, UnmarshallingException, FilterException, CredentialsNotAvailableException {
+ Assert.assertEquals("HTTP Statuscode", 200, httpResp.getStatus());
+ Assert.assertEquals("ContentType", "text/xml; charset=utf-8", httpResp.getContentType());
+ Assert.assertEquals("ContentEncoding", "UTF-8", httpResp.getCharacterEncoding());
+
+ final String metadataXml = httpResp.getContentAsString();
+ Assert.assertNotNull("XML Metadata", metadataXml);
+
+ final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
+ XMLObjectProviderRegistrySupport.getParserPool(), new ByteArrayInputStream(metadataXml.getBytes("UTF-8")));
+
+ Assert.assertEquals("EntityId",
+ "http://localhost/authhandler" + IdAustriaClientAuthConstants.ENDPOINT_METADATA,
+ metadata.getEntityID());
+
+ //check XML scheme
+ final SchemaValidationFilter schemaFilter = new SchemaValidationFilter();
+ schemaFilter.filter(metadata);
+
+ //check signature
+ final SimpleMetadataSignatureVerificationFilter sigFilter =
+ new SimpleMetadataSignatureVerificationFilter(credProvider.getKeyStore().getFirst(),
+ metadata.getEntityID());
+ sigFilter.filter(metadata);
+
+ //check content
+ final SPSSODescriptor spSsoDesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+ Assert.assertNotNull("SPSSODescr.", spSsoDesc);
+
+ Assert.assertFalse("AssertionConsumerServices",
+ spSsoDesc.getAssertionConsumerServices().isEmpty());
+ Assert.assertFalse("ContactPersons",
+ metadata.getContactPersons().isEmpty());
+ Assert.assertNotNull("ContactPersons",
+ metadata.getOrganization());
+
+ Assert.assertFalse("KeyDescriptors",
+ spSsoDesc.getKeyDescriptors().isEmpty());
+ Assert.assertEquals("#KeyDescriptors", 2, spSsoDesc.getKeyDescriptors().size());
+
+ Assert.assertFalse("NameIDFormats",
+ spSsoDesc.getNameIDFormats().isEmpty());
+ Assert.assertEquals("wrong NameIDFormats", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
+ spSsoDesc.getNameIDFormats().get(0).getFormat());
+
+ Assert.assertFalse("AttributeConsumingServices",
+ spSsoDesc.getAttributeConsumingServices().isEmpty());
+ Assert.assertEquals("#RequestAttributes", numberOfRequestedAttributes,
+ spSsoDesc.getAttributeConsumingServices().get(0).getRequestAttributes().size());
+
+ }
+
+ private List<BasicX509Credential> convertX509Certs(List<X509Certificate> certs) {
+ final List<BasicX509Credential> result = new ArrayList<>();
+ for (final X509Certificate cert : certs) {
+ result.add(new BasicX509Credential(cert));
+
+ }
+ return result;
+ }
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java
index ac188cda..95986c49 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java
@@ -46,7 +46,6 @@ import org.apache.commons.lang3.RandomStringUtils;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Before;
-import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
@@ -62,7 +61,6 @@ import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.xml.namespace.QName;
-import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
@@ -97,7 +95,7 @@ public class InitialSearchTaskTest {
private final String randomGivenName = RandomStringUtils.randomAlphabetic(10);
private final String randomPlaceOfBirth = RandomStringUtils.randomAlphabetic(10);
private final String randomBirthName = RandomStringUtils.randomAlphabetic(10);
- private final String randomDate = "2011-01-" + (10 + new Random().nextInt(18));
+ private final String randomBirthDate = "2011-01-" + (10 + new Random().nextInt(18));
// /**
// * jUnit class initializer.
@@ -138,7 +136,7 @@ public class InitialSearchTaskTest {
public void testNode100_UserIdentifiedUpdateNecessary_a() throws Exception {
String newFirstName = RandomStringUtils.randomAlphabetic(10);
Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList(
- new RegisterResult(randomBpk, randomIdentifier, newFirstName, randomFamilyName, randomDate)));
+ new RegisterResult(randomBpk, randomIdentifier, newFirstName, randomFamilyName, randomBirthDate)));
Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
task.execute(pendingReq, executionContext);
@@ -158,7 +156,7 @@ public class InitialSearchTaskTest {
Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
String newRandomGivenName = RandomStringUtils.randomAlphabetic(10);
Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList(
- new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomDate)));
+ new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomBirthDate)));
task.execute(pendingReq, executionContext);
String bPk = (String)
@@ -175,9 +173,9 @@ public class InitialSearchTaskTest {
@DirtiesContext
public void testNode101_ManualFixNecessary_a() {
ArrayList<RegisterResult> zmrResult = new ArrayList<>();
- zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate));
+ zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate));
String newRandomGivenName = randomGivenName + RandomStringUtils.randomAlphabetic(2);
- zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomDate));
+ zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomBirthDate));
Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult);
Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
@@ -197,10 +195,10 @@ public class InitialSearchTaskTest {
public void testNode101_ManualFixNecessary_b() {
Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
ArrayList<RegisterResult> ernpResult = new ArrayList<>();
- ernpResult.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName, randomFamilyName, randomDate));
+ ernpResult.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName, randomFamilyName, randomBirthDate));
String newRandomGivenName = randomGivenName + RandomStringUtils.randomAlphabetic(2);
ernpResult.add(
- new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomDate));
+ new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomBirthDate));
Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult);
TaskExecutionException exception = assertThrows(TaskExecutionException.class,
@@ -218,7 +216,7 @@ public class InitialSearchTaskTest {
public void testNode102_UserIdentified_a() throws Exception {
Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList(
- new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate)));
+ new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate)));
task.execute(pendingReq, executionContext);
String bPk = (String)
@@ -234,7 +232,7 @@ public class InitialSearchTaskTest {
@DirtiesContext
public void testNode102_UserIdentified_b() throws Exception {
Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList(
- new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate)));
+ new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate)));
Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
task.execute(pendingReq, executionContext);
@@ -260,7 +258,7 @@ public class InitialSearchTaskTest {
String newRandomIdentifier = randomIdentifier + RandomStringUtils.randomNumeric(2);
Mockito.when(zmrClient.searchItSpecific(taxNumber)).thenReturn(Collections.singletonList(
new RegisterResult(randomBpk, newRandomIdentifier, randomGivenName, randomFamilyName,
- randomDate, null, null, taxNumber, null)));
+ randomBirthDate, null, null, taxNumber, null)));
Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
task = new InitialSearchTask(
Collections.singletonList(new ItSpecificDetailSearchProcessor(ernpClient, zmrClient)),
@@ -282,15 +280,15 @@ public class InitialSearchTaskTest {
public void testNode103_UserIdentified_DE() throws Exception {
final AuthenticationResponse response = buildDummyAuthResponseDE(randomGivenName, randomFamilyName,
randomPseudonym,
- randomDate, randomPlaceOfBirth, randomBirthName);
+ randomBirthDate, randomPlaceOfBirth, randomBirthName);
TestRequestImpl pendingReq1 = new TestRequestImpl();
pendingReq1.getSessionData(AuthProcessDataWrapper.class)
.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response);
Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
- Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomDate, randomPlaceOfBirth,
+ Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomBirthDate, randomPlaceOfBirth,
randomBirthName))
.thenReturn(Collections.singletonList(new RegisterResult(randomBpk, randomIdentifier, randomGivenName,
- randomFamilyName, randomDate, randomPlaceOfBirth, randomBirthName, null, null)));
+ randomFamilyName, randomBirthDate, randomPlaceOfBirth, randomBirthName, null, null)));
Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
task = new InitialSearchTask(
Collections.singletonList(new DeSpecificDetailSearchProcessor(ernpClient, zmrClient)),
@@ -314,18 +312,18 @@ public class InitialSearchTaskTest {
String newRandomBpk = randomBpk + RandomStringUtils.randomNumeric(6);
final AuthenticationResponse response = buildDummyAuthResponseDE(randomGivenName, randomFamilyName,
randomPseudonym,
- randomDate, randomPlaceOfBirth, randomBirthName);
+ randomBirthDate, randomPlaceOfBirth, randomBirthName);
TestRequestImpl pendingReq1 = new TestRequestImpl();
pendingReq1.getSessionData(AuthProcessDataWrapper.class)
.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response);
Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
ArrayList<RegisterResult> zmrResultSpecific = new ArrayList<>();
zmrResultSpecific.add(
- new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate,
+ new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate,
randomPlaceOfBirth, randomBirthName, null, null));
- zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName, randomFamilyName, randomDate,
+ zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName, randomFamilyName, randomBirthDate,
randomPlaceOfBirth, randomBirthName, null, null));
- Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomDate, randomPlaceOfBirth,
+ Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomBirthDate, randomPlaceOfBirth,
randomBirthName)).thenReturn(zmrResultSpecific);
Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
task = new InitialSearchTask(
@@ -354,11 +352,11 @@ public class InitialSearchTaskTest {
ArrayList<RegisterResult> zmrResultSpecific = new ArrayList<>();
String randomPseudonym = IT_ST + randomIdentifier + "4";
zmrResultSpecific.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName,
- randomFamilyName, randomDate, null, null, randomTaxNumber, null));
+ randomFamilyName, randomBirthDate, null, null, randomTaxNumber, null));
String newRandomPseudonym = IT_ST + randomIdentifier + "5";
String newRandomBpk = RandomStringUtils.randomNumeric(6);
zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName,
- randomFamilyName, randomDate, null, null, randomTaxNumber, null));
+ randomFamilyName, randomBirthDate, null, null, randomTaxNumber, null));
Mockito.when(zmrClient.searchItSpecific(randomTaxNumber)).thenReturn(zmrResultSpecific);
Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
task = new InitialSearchTask(
@@ -373,11 +371,11 @@ public class InitialSearchTaskTest {
}
/**
- * NO match found in ZMR and ErnP with Initial search
+ * NO match found in ZMR and ErnP with Initial and MDS search
*/
@Test
@DirtiesContext
- public void testNode105_TemporaryEnd() throws TaskExecutionException {
+ public void testNode505_TransitionToErnbTask() throws TaskExecutionException {
Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
@@ -386,18 +384,99 @@ public class InitialSearchTaskTest {
String bPk = (String)
pendingReq.getSessionData(AuthProcessDataWrapper.class)
.getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK);
- Assert.assertEquals("Wrong bpk", "TODO-Temporary-Endnode-105", bPk);
+ Assert.assertEquals("Wrong bpk", null, bPk);
+
+ Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK);
+ Assert.assertEquals("Wrong transition", null, transitionGUI);
+ Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK);
+ Assert.assertEquals("Wrong transition", true, transitionErnb);
+ }
+
+ /**
+ * NO match found in ZMR and ErnP with Initial search, one match with MDS search in Ernb
+ */
+ @Test
+ @DirtiesContext
+ public void testNode505_TransitionToGUI_Ernb() throws TaskExecutionException {
+ Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
+ Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
+
+ Mockito.when(ernpClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn(
+ Collections.singletonList(
+ new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate)));
+
+ task.execute(pendingReq, executionContext);
+
+ String bPk = (String)
+ pendingReq.getSessionData(AuthProcessDataWrapper.class)
+ .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK);
+ Assert.assertEquals("Wrong bpk", null, bPk);
+ Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK);
+ Assert.assertEquals("Wrong transition", true, transitionGUI);
+ Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK);
+ Assert.assertEquals("Wrong transition", null, transitionErnb);
+ }
+
+ /**
+ * NO match found in ZMR and ErnP with Initial search, one match with MDS search in ZMR
+ */
+ @Test
+ @DirtiesContext
+ public void testNode505_TransitionToGUI_Zmr() throws TaskExecutionException {
+ Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
+ Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
+
+ Mockito.when(zmrClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn(
+ Collections.singletonList(
+ new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate)));
+
+ task.execute(pendingReq, executionContext);
+
+ String bPk = (String)
+ pendingReq.getSessionData(AuthProcessDataWrapper.class)
+ .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK);
+ Assert.assertEquals("Wrong bpk", null, bPk);
+ Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK);
+ Assert.assertEquals("Wrong transition", true, transitionGUI);
+ Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK);
+ Assert.assertEquals("Wrong transition", null, transitionErnb);
}
+ /**
+ * NO match found in ZMR and ErnP with Initial search, multiple matches found with MDS search
+ */
+ @Test
+ @DirtiesContext
+ public void testNode505_TransitionToGUI_Ernb_multi() throws TaskExecutionException {
+ Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
+ Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
+ ArrayList<RegisterResult> ernbResult = new ArrayList<>();
+ ernbResult.add(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName,
+ randomBirthDate));
+ ernbResult.add(new RegisterResult(randomBpk+"1", randomIdentifier, randomGivenName, randomFamilyName,
+ randomBirthDate));
+ Mockito.when(ernpClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn(ernbResult);
+
+ task.execute(pendingReq, executionContext);
+
+ String bPk = (String)
+ pendingReq.getSessionData(AuthProcessDataWrapper.class)
+ .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK);
+ Assert.assertEquals("Wrong bpk", null, bPk);
+ Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK);
+ Assert.assertEquals("Wrong transition", true, transitionGUI);
+ Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK);
+ Assert.assertEquals("Wrong transition", null, transitionErnb);
+ }
@NotNull
private AuthenticationResponse buildDummyAuthResponseRandomPerson() throws URISyntaxException {
- return buildDummyAuthResponse(randomGivenName, randomFamilyName, DE_ST + randomIdentifier, randomDate);
+ return buildDummyAuthResponse(randomGivenName, randomFamilyName, DE_ST + randomIdentifier, randomBirthDate);
}
private AuthenticationResponse buildDummyAuthResponseRandomPersonIT_Tax(String taxNumber)
throws URISyntaxException {
- return buildDummyAuthResponse(randomGivenName, randomFamilyName, IT_ST + randomIdentifier, randomDate,
+ return buildDummyAuthResponse(randomGivenName, randomFamilyName, IT_ST + randomIdentifier, randomBirthDate,
taxNumber, null, null);
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
index d0ab50f4..35f1a91b 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
@@ -54,8 +54,11 @@ import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = {
"/SpringTest-context_tasks_test.xml",
- "/SpringTest-context_basic_realConfig.xml"})
-@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties"})
+ "/SpringTest-context_basic_realConfig.xml",
+ //"/SpringTest-context_basic_mapConfig.xml"
+ })
+@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties", "classpath:/config" +
+ "/junit_config_1_springboot.properties"})
@DirtiesContext(classMode = ClassMode.AFTER_CLASS)
public class EidasRequestPreProcessingFirstTest {
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml
index 5a7f4161..ed636eed 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml
@@ -102,4 +102,31 @@
class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask"
scope="prototype" />
+ <bean id="GenerateGuiQueryAustrianResidenceTask"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateGuiQueryAustrianResidenceTask"
+ scope="prototype" />
+
+ <bean id="ReceiveGuiAustrianResidenceResponseTask"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveGuiAustrianResidenceResponseTask"
+ scope="prototype" />
+
+ <bean id="idAustriaClientAuthCredentialProvider"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider" />
+
+ <bean id="idAustriaClientAuthMetadataProvider"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider" />
+
+ <bean id="idAustriaClientAuthMetadataController"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController" />
+
+ <bean id="idAustriaClientPvpMetadataResolverFactory"
+ class="at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory" />
+
+ <bean id="pvpMetadataBuilder"
+ class="at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder" />
+
+ <bean id="idAustriaAuthPvpConfiguration"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaAuthPvpConfiguration" />
+
+
</beans> \ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties
index a662379c..df64b494 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties
@@ -114,4 +114,36 @@ eidas.ms.configuration.sp.disableRegistrationRequirement=
eidas.ms.configuration.restrictions.baseID.spTransmission=
eidas.ms.configuration.auth.default.countrycode=
eidas.ms.configuration.pvp.scheme.validation=
-eidas.ms.configuration.pvp.enable.entitycategories= \ No newline at end of file
+eidas.ms.configuration.pvp.enable.entitycategories=
+
+
+
+
+## PVP2 S-Profile ID Austria client configuration
+
+eidas.ms.modules.idaustriaclient.keystore.path=../keystore/junit_test.jks
+eidas.ms.modules.idaustriaclient.keystore.password=password
+eidas.ms.modules.idaustriaclient.keystore.type=jks
+
+eidas.ms.modules.idaustriaclient.metadata.sign.alias=meta
+eidas.ms.modules.idaustriaclient.metadata.sign.password=password
+eidas.ms.modules.idaustriaclient.request.sign.alias=sig
+eidas.ms.modules.idaustriaclient.request.sign.password=password
+eidas.ms.modules.idaustriaclient.response.encryption.alias=enc
+eidas.ms.modules.idaustriaclient.response.encryption.password=password
+
+eidas.ms.modules.idaustriaclient.truststore.path=../keystore/junit_test.jks
+eidas.ms.modules.idaustriaclient.truststore.password=password
+eidas.ms.modules.idaustriaclient.truststore.type=jks
+
+eidas.ms.modules.idaustriaclient.node.entityId=
+eidas.ms.modules.idaustriaclient.sp.entityId=
+eidas.ms.modules.idaustriaclient.node.metadataUrl=
+
+eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit
+eidas.ms.modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit
+eidas.ms.modules.idaustriaclient.metadata.organisation.url=http://junit.test
+eidas.ms.modules.idaustriaclient.metadata.contact.givenname=Max
+eidas.ms.modules.idaustriaclient.metadata.contact.surname=Mustermann
+eidas.ms.modules.idaustriaclient.metadata.contact.email=max@junit.test
+
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties
new file mode 100644
index 00000000..fc0c7241
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties
@@ -0,0 +1,119 @@
+## embbeded Tomcat
+tomcat.workingdir=./target/work
+tomcat.ajp.enabled=true
+tomcat.ajp.port=8009
+tomcat.ajp.networkAddress=127.0.0.1
+tomcat.ajp.additionalAttributes.secretrequired=true
+tomcat.ajp.additionalAttributes.secret=junit
+
+## Basic service configuration
+eidas.ms.context.url.prefix=http://localhost
+eidas.ms.core.configRootDir=file:./src/test/resources/config/
+
+eidas.ms.context.use.clustermode=true
+
+##Monitoring
+eidas.ms.monitoring.eIDASNode.metadata.url=http://localhost:40900/mockup
+
+## extended validation of pending-request Id's
+eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret
+
+## eIDAS Ref. Implementation connector ###
+eidas.ms.auth.eIDAS.node_v2.forward.endpoint=http://eidas.node/junit
+
+eidas.ms.auth.eIDAS.szrclient.useTestService=true
+eidas.ms.auth.eIDAS.szrclient.endpoint.prod=
+eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr
+eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/junit.jks
+eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password=password
+eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path=
+eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password=
+
+#tech. AuthBlock signing for E-ID process
+eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s
+eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair
+eidas.ms.auth.eIDAS.authblock.keystore.path=keys/teststore.jks
+eidas.ms.auth.eIDAS.authblock.keystore.type=jks
+eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair
+eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s
+
+
+#Raw eIDAS Id data storage
+eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true
+eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false
+
+
+
+## PVP2 S-Profile end-point configuration
+eidas.ms.pvp2.keystore.type=jks
+eidas.ms.pvp2.keystore.path=keys/junit.jks
+eidas.ms.pvp2.keystore.password=password
+eidas.ms.pvp2.key.metadata.alias=meta
+eidas.ms.pvp2.key.metadata.password=password
+eidas.ms.pvp2.key.signing.alias=sig
+eidas.ms.pvp2.key.signing.password=password
+eidas.ms.pvp2.metadata.validity=24
+
+eidas.ms.pvp2.metadata.organisation.name=JUnit
+eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit
+eidas.ms.pvp2.metadata.organisation.url=http://junit.test
+eidas.ms.pvp2.metadata.contact.givenname=Max
+eidas.ms.pvp2.metadata.contact.surname=Mustermann
+eidas.ms.pvp2.metadata.contact.email=max@junit.test
+
+## Service Provider configuration
+eidas.ms.sp.0.uniqueID=https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata
+eidas.ms.sp.0.pvp2.metadata.truststore=keys/junit.jks
+eidas.ms.sp.0.pvp2.metadata.truststore.password=password
+eidas.ms.sp.0.friendlyName=jUnit test
+eidas.ms.sp.0.newEidMode=true
+
+#eidas.ms.sp.0.pvp2.metadata.url=
+#eidas.ms.sp.0.policy.allowed.requested.targets=.*
+#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false
+
+## Service Provider configuration
+eidas.ms.sp.1.uniqueID=https://demo.egiz.gv.at/junit_test
+eidas.ms.sp.1.pvp2.metadata.truststore=keys/junit.jks
+eidas.ms.sp.1.pvp2.metadata.truststore.password=password
+eidas.ms.sp.1.friendlyName=jUnit test
+eidas.ms.sp.1.pvp2.metadata.url=http://junit.test/metadata
+eidas.ms.sp.1.policy.allowed.requested.targets=test
+eidas.ms.sp.1.policy.hasBaseIdTransferRestriction=true
+
+## PVP2 S-Profile client configuration
+#eidas.ms.modules.idaustriaclient.keystore.type=jks
+#eidas.ms.modules.idaustriaclient.keystore.path=keys/junit.jks1
+#eidas.ms.modules.idaustriaclient.keystore.password=password
+#eidas.ms.modules.idaustriaclient.key.metadata.alias=meta
+#eidas.ms.modules.idaustriaclient.key.metadata.password=password
+#eidas.ms.modules.idaustriaclient.key.signing.alias=sig
+#eidas.ms.modules.idaustriaclient.key.signing.password=password
+#eidas.ms.modules.idaustriaclient.metadata.validity=24
+
+eidas.ms.modules.idaustriaclient.keystore.path=keys/junit_test.jks
+eidas.ms.modules.idaustriaclient.keystore.password=password
+eidas.ms.modules.idaustriaclient.keystore.type=jks
+
+eidas.ms.modules.idaustriaclient.metadata.sign.alias=meta
+eidas.ms.modules.idaustriaclient.metadata.sign.password=password
+eidas.ms.modules.idaustriaclient.request.sign.alias=sig
+eidas.ms.modules.idaustriaclient.request.sign.password=password
+eidas.ms.modules.idaustriaclient.response.encryption.alias=enc
+eidas.ms.modules.idaustriaclient.response.encryption.password=password
+
+eidas.ms.modules.idaustriaclient.truststore.path=keys/junit_test.jks
+eidas.ms.modules.idaustriaclient.truststore.password=password
+eidas.ms.modules.idaustriaclient.truststore.type=jks
+
+eidas.ms.modules.idaustriaclient.node.entityId=
+eidas.ms.modules.idaustriaclient.sp.entityId=
+eidas.ms.modules.idaustriaclient.node.metadataUrl=
+
+eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit
+eidas.ms.modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit
+eidas.ms.modules.idaustriaclient.metadata.organisation.url=http://junit.test
+eidas.ms.modules.idaustriaclient.metadata.contact.givenname=Max
+eidas.ms.modules.idaustriaclient.metadata.contact.surname=Mustermann
+eidas.ms.modules.idaustriaclient.metadata.contact.email=max@junit.test
+
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/junit_test.jks b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/junit_test.jks
new file mode 100644
index 00000000..ee6254a9
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/junit_test.jks
Binary files differ
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/teststore.jks b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/teststore.jks
new file mode 100644
index 00000000..fcc6400c
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/teststore.jks
Binary files differ
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/junit_test.jks b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/junit_test.jks
new file mode 100644
index 00000000..ee6254a9
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/junit_test.jks
Binary files differ