aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2
diff options
context:
space:
mode:
authorThomas <>2021-09-02 08:58:17 +0200
committerThomas <>2021-09-02 08:58:17 +0200
commit34094edfbf91cf445dbeae12b1b63cbfef543244 (patch)
tree88e2bbd008a7fd9f3a425bbcfdb53cfac4e24079 /eidas_modules/authmodule-eIDAS-v2
parent847e690da4a2f6b08ca604538f1f42e6e6717d0b (diff)
parente0a9aad4a321bae3b9c9afe7ea178d93b258749a (diff)
downloadNational_eIDAS_Gateway-34094edfbf91cf445dbeae12b1b63cbfef543244.tar.gz
National_eIDAS_Gateway-34094edfbf91cf445dbeae12b1b63cbfef543244.tar.bz2
National_eIDAS_Gateway-34094edfbf91cf445dbeae12b1b63cbfef543244.zip
Merge branch 'master' into feature/matching_rebased
# Conflicts: # connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java # connector/src/main/resources/specific_eIDAS_connector.beans.xml # connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java # connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java # connector/src/test/resources/spring/SpringTest_connector.beans.xml # eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java # eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java # eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java # eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java # eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java # eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java # eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java # pom.xml
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/pom.xml6
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java18
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java138
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/LuEidProcessor.java61
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java12
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java7
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java25
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml5
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java75
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java36
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java163
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java42
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java3
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java48
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml5
16 files changed, 534 insertions, 112 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml
index 7bbf826a..49e4984c 100644
--- a/eidas_modules/authmodule-eIDAS-v2/pom.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml
@@ -6,7 +6,7 @@
<parent>
<groupId>at.asitplus.eidas.ms_specific</groupId>
<artifactId>modules</artifactId>
- <version>1.1.1-SNAPSHOT</version>
+ <version>1.2.2</version>
</parent>
<groupId>at.asitplus.eidas.ms_specific.modules</groupId>
<artifactId>authmodule-eIDAS-v2</artifactId>
@@ -132,6 +132,10 @@
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
</dependency>
<dependency>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index 70bade43..5dfc9e68 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -67,6 +67,8 @@ public class Constants {
// configuration properties
public static final String CONIG_PROPS_EIDAS_PREFIX = "auth.eIDAS";
+ public static final String CONIG_PROPS_EIDAS_IS_TEST_IDENTITY = CONIG_PROPS_EIDAS_PREFIX
+ + ".eid.testidentity.default";
public static final String CONIG_PROPS_EIDAS_NODE = CONIG_PROPS_EIDAS_PREFIX + ".node_v2";
public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode";
public static final String CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS = CONIG_PROPS_EIDAS_NODE
@@ -82,15 +84,23 @@ public class Constants {
CONIG_PROPS_EIDAS_NODE + ".attributes.requested.{0}.onlynatural";
public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_REPRESENTATION =
CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation";
+
+ public static final String CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION =
+ CONIG_PROPS_EIDAS_NODE + ".requesterId.useHashedForm";
+ public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_REQUESTERID_FOR_LUX =
+ CONIG_PROPS_EIDAS_NODE + ".requesterId.lu.useStaticRequesterForAll";
+
public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME =
- CONIG_PROPS_EIDAS_NODE + ".workarounds.addAlwaysProviderName";
+ CONIG_PROPS_EIDAS_NODE + ".workarounds.addAlwaysProviderName";
public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER =
CONIG_PROPS_EIDAS_NODE + ".workarounds.useRequestIdAsTransactionIdentifier";
- public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP =
- CONIG_PROPS_EIDAS_NODE + ".workarounds.useStaticProviderNameForPublicSPs";
+
+ public static final String CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT =
+ CONIG_PROPS_EIDAS_NODE + ".requested.nameIdFormat";
+
public static final String CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = CONIG_PROPS_EIDAS_NODE
+ ".staticProviderNameForPublicSPs";
- public static final String DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = "ERnP";
+ public static final String DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = "Austria";
public static final String FORWARD_METHOD_POST = "POST";
public static final String FORWARD_METHOD_GET = "GET";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
index 1050f8d9..64c6adeb 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
@@ -24,17 +24,20 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
+
import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processCountryCode;
import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processDateOfBirthToString;
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.lang.NonNull;
@@ -55,9 +58,10 @@ import eu.eidas.auth.commons.attribute.AttributeDefinition;
import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
import eu.eidas.auth.commons.protocol.eidas.SpType;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public abstract class AbstractEidProcessor implements INationalEidProcessor {
- private static final Logger log = LoggerFactory.getLogger(AbstractEidProcessor.class);
@Autowired
protected EidasAttributeRegistry attrRegistry;
@@ -68,7 +72,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
public final void preProcess(IRequest pendingReq, Builder authnRequestBuilder) {
buildLevelOfAssurance(pendingReq.getServiceProviderConfiguration(), authnRequestBuilder);
- buildProviderNameAttribute(pendingReq, authnRequestBuilder);
+ buildProviderNameAndRequesterIdAttribute(pendingReq, authnRequestBuilder);
buildRequestedAttributes(authnRequestBuilder);
}
@@ -200,6 +204,83 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
return EidasResponseUtils.processPseudonym(personalIdObj);
}
+ /**
+ * Set ProviderName and RequestId into eIDAS AuthnRequest.
+ *
+ * @param pendingReq Current pendingRequest
+ * @param authnRequestBuilder AuthnREquest builer
+ */
+ protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) {
+ final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+
+ // set correct SPType for requested target sector
+ final String publicSectorTargetSelector = basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS,
+ Constants.POLICY_DEFAULT_ALLOWED_TARGETS);
+ final Pattern p = Pattern.compile(publicSectorTargetSelector);
+ final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier());
+ if (m.matches()) {
+ log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'");
+ authnRequestBuilder.spType(SpType.PUBLIC.getValue());
+
+ final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
+ if (basicConfig.getBasicConfigurationBoolean(
+ Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME,
+ false)) {
+ //TODO: only for eIDAS ref. node 2.0 and 2.1 because it need 'Providername' for
+ if (StringUtils.isNotEmpty(providerName)) {
+ log.debug("Set 'providername' to: {}", providerName);
+ authnRequestBuilder.providerName(providerName);
+
+ } else {
+ authnRequestBuilder.providerName(basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP,
+ Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP));
+
+ }
+ }
+
+ } else {
+ log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PrivateSector'");
+ authnRequestBuilder.spType(SpType.PRIVATE.getValue());
+
+ // TODO: switch to RequesterId in further version
+ // set provider name for private sector applications
+ final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
+ if (StringUtils.isNotEmpty(providerName)) {
+ authnRequestBuilder.providerName(providerName);
+
+ }
+
+ authnRequestBuilder.requesterId(
+ generateRequesterId(pendingReq.getRawData(Constants.DATA_REQUESTERID, String.class)));
+
+ }
+ }
+
+ private String generateRequesterId(String requesterId) {
+ if (requesterId != null && basicConfig.getBasicConfigurationBoolean(
+ Constants.CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION, true)) {
+ try {
+ log.trace("Building hashed 'requesterId' for private SP ... ");
+ MessageDigest digest = MessageDigest.getInstance("SHA-256");
+ String encodedRequesterId = Base64.getEncoder().encodeToString(
+ digest.digest(requesterId.getBytes(StandardCharsets.UTF_8)));
+ log.debug("Set 'requesterId' for: {} to: {}", requesterId, encodedRequesterId);
+ return encodedRequesterId;
+
+ } catch (NoSuchAlgorithmException e) {
+ log.error("Can NOT generate hashed 'requesterId' from: {}. Use it as it is", requesterId, e);
+
+ }
+
+ }
+
+ return requesterId;
+
+ }
+
+
private void buildRequestedAttributes(Builder authnRequestBuilder) {
// build and add requested attribute set
final Map<String, Boolean> ccSpecificReqAttr = getCountrySpecificRequestedAttributes();
@@ -237,55 +318,6 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
}
- private void buildProviderNameAttribute(IRequest pendingReq, Builder authnRequestBuilder) {
- final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
-
- // set correct SPType for requested target sector
- final String publicSectorTargetSelector = basicConfig.getBasicConfiguration(
- Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS,
- Constants.POLICY_DEFAULT_ALLOWED_TARGETS);
- final Pattern p = Pattern.compile(publicSectorTargetSelector);
- final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier());
- if (m.matches()) {
- log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'");
- authnRequestBuilder.spType(SpType.PUBLIC.getValue());
-
- if (basicConfig.getBasicConfigurationBoolean(
- Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP,
- true)) {
- authnRequestBuilder.providerName(basicConfig.getBasicConfiguration(
- Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP,
- Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP));
-
- } else {
- // TODO: only for eIDAS ref. node 2.0 and 2.1 because it need 'Providername' for
- // any SPType
- final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
- if (StringUtils.isNotEmpty(providerName)
- && basicConfig.getBasicConfigurationBoolean(
- Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME,
- false)) {
- authnRequestBuilder.providerName(providerName);
-
- }
- }
-
- } else {
- log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PrivateSector'");
- authnRequestBuilder.spType(SpType.PRIVATE.getValue());
-
- // TODO: switch to RequesterId in further version
- // set provider name for private sector applications
- final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
- if (StringUtils.isNotEmpty(providerName)) {
- authnRequestBuilder.providerName(providerName);
- authnRequestBuilder.requesterId(providerName);
-
- }
-
- }
- }
-
private void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) {
// TODO: set matching mode if eIDAS ref. impl. support this method
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/LuEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/LuEidProcessor.java
new file mode 100644
index 00000000..8402457f
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/LuEidProcessor.java
@@ -0,0 +1,61 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class LuEidProcessor extends AbstractEidProcessor {
+
+
+
+ private static final String canHandleCC = "LU";
+
+ @Getter
+ @Setter
+ private int priority = 1;
+
+ @Override
+ public String getName() {
+ return "LU-PostProcessor";
+
+ }
+
+ @Override
+ public boolean canHandle(String countryCode) {
+ return countryCode != null && countryCode.equalsIgnoreCase(canHandleCC);
+
+ }
+
+ @Override
+ protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) {
+ super.buildProviderNameAndRequesterIdAttribute(pendingReq, authnRequestBuilder);
+ if (basicConfig.getBasicConfigurationBoolean(
+ Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_REQUESTERID_FOR_LUX, true)) {
+ String staticName = basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP,
+ Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP);
+ authnRequestBuilder.providerName(staticName);
+ authnRequestBuilder.requesterId(staticName);
+ log.debug("Use static name: {} as 'providerName' and 'RequesterId' for all 'LU' requests ", staticName);
+
+ } else {
+ log.info("Static 'providerName' and 'RequesterId' for country: LU is deactivated");
+
+ }
+
+ }
+
+ @Override
+ protected Map<String, Boolean> getCountrySpecificRequestedAttributes() {
+ return new HashMap<>();
+
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
index 234d52dd..a2af4342 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
@@ -18,6 +18,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.fasterxml.jackson.annotation.JsonFormat;
+import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
@@ -81,6 +82,14 @@ public class AuthBlockSigningService {
authBlock.setTimestamp(LocalDateTime.now().truncatedTo(ChronoUnit.SECONDS));
authBlock.setUniqueId(pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class));
authBlock.setPiiTransactionId(pendingReq.getUniquePiiTransactionIdentifier());
+
+ //set Binding PublicKey if available
+ Object bindingPubKey = pendingReq.getRawData(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME);
+ if (bindingPubKey instanceof String) {
+ authBlock.setBindingPublicKey((String) bindingPubKey);
+
+ }
+
String jwsPayload = mapper.writeValueAsString(authBlock);
log.debug("Building and sign authBlock with data: {}", jwsPayload);
@@ -172,6 +181,7 @@ public class AuthBlockSigningService {
*
*/
@Data
+ @JsonInclude(JsonInclude.Include.NON_NULL)
private static class EidasAuchBlock {
@JsonProperty("challenge")
@@ -189,6 +199,8 @@ public class AuthBlockSigningService {
@JsonProperty("piiTransactionId")
private String piiTransactionId;
+ @JsonProperty("bindingPublicKey")
+ private String bindingPublicKey;
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
index 2b3fabd9..74525e65 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
@@ -113,6 +113,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
final String environment = (String) executionContext.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT);
final String issuer = loadIssuerFromConfig();
final LightRequest lightAuthnReq = buildEidasAuthnRequest(citizenCountryCode, issuer);
+
final BinaryLightToken token = putRequestInCommunicationCache(lightAuthnReq);
final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token);
workaroundRelayState(lightAuthnReq);
@@ -165,7 +166,11 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
throws EidPostProcessingException {
final LightRequest.Builder builder = LightRequest.builder();
builder.id(UUID.randomUUID().toString());
- builder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT);
+
+ // set nameIDFormat
+ builder.nameIdFormat(
+ authConfig.getBasicConfiguration(Constants.CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT));
+
builder.citizenCountryCode(citizenCountryCode);
builder.issuer(issuer);
// Add country-specific information into eIDAS request
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
index ae582e91..86cd2164 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
@@ -23,6 +23,13 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jetbrains.annotations.NotNull;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
import at.asitplus.eidas.specific.connector.MsConnectorEventCodes;
import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
@@ -34,16 +41,10 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import eu.eidas.auth.commons.light.ILightResponse;
import lombok.extern.slf4j.Slf4j;
-import org.jetbrains.annotations.NotNull;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
/**
@@ -83,6 +84,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
checkStatusCode(eidasResponse);
validateMsSpecificResponse(executionContext, eidasResponse);
storeInSession(eidasResponse);
+
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_VALID);
} catch (final EaafException e) {
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_NOT_VALID);
@@ -129,10 +131,17 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
private void storeInSession(ILightResponse eidasResponse) throws EaafException {
log.debug("Store eIDAS response information into pending-request.");
- final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ final EidAuthProcessDataWrapper authProcessData = pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance());
+
+ //inject set flag to inject
+ authProcessData.setTestIdentity(
+ basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_IS_TEST_IDENTITY, false));
+
+
authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
requestStoreage.storePendingRequest(pendingReq);
+
}
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
index 5a113550..85b49186 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
@@ -61,6 +61,11 @@
<property name="priority" value="1" />
</bean>
+ <bean id="LU-Processor"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.LuEidProcessor">
+ <property name="priority" value="1" />
+ </bean>
+
<bean id="Default-Processor"
class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.GenericEidProcessor">
<property name="priority" value="0" />
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java
index 647e5d27..ee1ecf9f 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java
@@ -23,51 +23,69 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.clients;
-import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
-import at.gv.egiz.eaaf.core.api.data.EaafConstants;
-import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
-import at.gv.egiz.eaaf.core.exceptions.EaafParserException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
-import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
-import com.skjolberg.mockito.soap.SoapServiceRule;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyList;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.util.List;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.ws.soap.SOAPFaultException;
+
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.cxf.binding.soap.SoapFault;
-import org.junit.*;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Ignore;
+import org.junit.Rule;
+import org.junit.Test;
import org.junit.runner.RunWith;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
-import szrservices.*;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.ws.soap.SOAPFaultException;
-import java.io.IOException;
-import java.util.List;
+import com.github.skjolber.mockito.soap.SoapServiceRule;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.anyList;
-import static org.mockito.Mockito.when;
+import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EaafParserException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import lombok.extern.slf4j.Slf4j;
+import szrservices.GetBPKFromStammzahlEncryptedResponse;
+import szrservices.GetBPKFromStammzahlEncryptedResponseType;
+import szrservices.GetIdentityLinkEidasResponse;
+import szrservices.IdentityLinkType;
+import szrservices.PersonInfoType;
+import szrservices.SZR;
+import szrservices.SZRException_Exception;
+import szrservices.SignContentEntry;
+import szrservices.SignContentResponse;
+import szrservices.SignContentResponseType;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = {
"/SpringTest-context_tasks_test.xml",
"/SpringTest-context_basic_mapConfig.xml"})
+@DirtiesContext(classMode = ClassMode.AFTER_CLASS)
+@Slf4j
public class SzrClientTest {
- private static final Logger log = LoggerFactory.getLogger(SzrClientTest.class);
@Autowired SzrClient szrClient;
@Autowired MsConnectorDummyConfigMap basicConfig;
@@ -89,8 +107,11 @@ public class SzrClientTest {
}
basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject", "false");
+
}
+
+
@Test
public void getStammzahlenEcryptedTest() throws SZRException_Exception, SzrCommunicationException {
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
index 7af9706e..e3757c0d 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -41,9 +41,9 @@ import org.springframework.web.context.request.ServletRequestAttributes;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
+import com.github.skjolber.mockito.soap.SoapServiceRule;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
-import com.skjolberg.mockito.soap.SoapServiceRule;
import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
@@ -241,7 +241,9 @@ public class CreateIdentityLinkTaskEidNewTest {
Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText());
Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty());
Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty());
-
+ Assert.assertFalse("binding pubKey", authBlockJson.has("bindingPublicKey"));
+
+
// check vsz request
ArgumentCaptor<PersonInfoType> argument4 = ArgumentCaptor.forClass(PersonInfoType.class);
@@ -331,9 +333,12 @@ public class CreateIdentityLinkTaskEidNewTest {
final SignContentEntry signContentEntry = new SignContentEntry();
signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10));
signContentResp.getOut().add(signContentEntry);
+
when(szrMock.signContent(any(), any(), any())).thenReturn(signContentResp);
+
String randomTestSp = RandomStringUtils.randomAlphabetic(10);
+ String bindingPubKey = RandomStringUtils.randomAlphabetic(10);
pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp);
MatchedPersonResult matchingInfos = MatchedPersonResult.builder()
@@ -342,9 +347,11 @@ public class CreateIdentityLinkTaskEidNewTest {
.familyName(RandomStringUtils.randomAlphabetic(5))
.dateOfBirth(RandomStringUtils.randomAlphabetic(5))
.countryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
- .build();
-
+ .build();
MatchingTaskUtils.storeFinalMatchingResult(pendingReq, matchingInfos);
+
+ pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey);
+
//perform test
task.execute(pendingReq, executionContext);
@@ -360,9 +367,30 @@ public class CreateIdentityLinkTaskEidNewTest {
Assert.assertNotNull("AuthProcessData", authProcessData);
Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class));
+ // check authblock signature
String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class);
Assert.assertNotNull("AuthBlock", authBlock);
+ final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT,
+ BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()]));
+ Pair<KeyStore, Provider> keyStore = getKeyStore();
+ X509Certificate[] trustedCerts = EaafKeyStoreUtils
+ .getPrivateKeyAndCertificates(keyStore.getFirst(), ALIAS, PW.toCharArray(), true, "junit").getSecond();
+ JwsResult result = JoseUtils.validateSignature(authBlock, Arrays.asList(trustedCerts), constraints);
+ Assert.assertTrue("AuthBlock not valid", result.isValid());
+ JsonNode authBlockJson = mapper.readTree(result.getPayLoad());
+ Assert.assertNotNull("deserialized AuthBlock", authBlockJson);
+
+ Assert.assertNotNull("no piiTransactionId in pendingRequesdt",
+ storedPendingReq.getUniquePiiTransactionIdentifier());
+ Assert.assertEquals("piiTransactionId", storedPendingReq.getUniquePiiTransactionIdentifier(),
+ authBlockJson.get("piiTransactionId").asText());
+ Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText());
+ Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty());
+ Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty());
+ Assert.assertTrue("binding pubKey", authBlockJson.has("bindingPublicKey"));
+ Assert.assertEquals("binding PubKey", bindingPubKey, authBlockJson.get("bindingPublicKey").asText());
+
Assert.assertTrue("EID process", authProcessData.isEidProcess());
Assert.assertTrue("foreigner process", authProcessData.isForeigner());
Assert.assertEquals("EID-ISSUING_NATION", "LU",
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java
index 0a2d4271..7513501e 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java
@@ -30,9 +30,9 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
+import com.github.skjolber.mockito.soap.SoapServiceRule;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
-import com.skjolberg.mockito.soap.SoapServiceRule;
import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
index c416b515..4edfe32d 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
@@ -1,5 +1,7 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
+import static org.junit.Assert.assertNull;
+
import java.io.UnsupportedEncodingException;
import java.util.HashMap;
import java.util.Map;
@@ -83,6 +85,7 @@ public class GenerateAuthnRequestTaskTest {
pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue());
pendingReq.setAuthUrl("http://test.com/");
+ basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm", "true");
basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.entityId",
RandomStringUtils.randomAlphabetic(10));
basicConfig.putConfigValue(
@@ -90,7 +93,8 @@ public class GenerateAuthnRequestTaskTest {
"http://test/" + RandomStringUtils.randomAlphabetic(5));
basicConfig.putConfigValue(
"eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
-
+ basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat");
+
}
@Test
@@ -297,7 +301,7 @@ public class GenerateAuthnRequestTaskTest {
basicConfig.putConfigValue(
"eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
basicConfig.putConfigValue(
- "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true");
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderNames", "true");
basicConfig.putConfigValue(
"eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs", "myNode");
@@ -312,9 +316,8 @@ public class GenerateAuthnRequestTaskTest {
Assert.assertEquals("ProviderName is not Static", "myNode", eidasReq.getProviderName());
Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType());
Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance());
- Assert.assertEquals("wrong CC", cc, eidasReq.getCitizenCountryCode());
- Assert.assertEquals("NameIdFormat", Constants.eIDAS_REQ_NAMEID_FORMAT, eidasReq.getNameIdFormat());
-
+ Assert.assertEquals("wrong CC", cc, eidasReq.getCitizenCountryCode());
+ assertNull("NameIdPolicy not null", eidasReq.getNameIdFormat());
}
@@ -336,6 +339,10 @@ public class GenerateAuthnRequestTaskTest {
basicConfig.putConfigValue(
"eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false");
+ String nameIdFormat = RandomStringUtils.randomAlphabetic(10);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat", nameIdFormat);
+
String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
basicConfig.putConfigValue(
"eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);
@@ -362,6 +369,102 @@ public class GenerateAuthnRequestTaskTest {
eidasReq.getLevelOfAssurance());
Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size());
+ Assert.assertEquals("NameIdFormat", nameIdFormat, eidasReq.getNameIdFormat());
+
+ }
+
+ @Test
+ public void publicSpWithCountryLu() throws TaskExecutionException,
+ SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException {
+ //set-up test
+ executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU");
+ executionContext.put("selectedEnvironment", "prod");
+
+ String providerName = RandomStringUtils.randomAlphanumeric(10);
+ pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+
+ basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
+
+ String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
+
+ //execute test
+ task.execute(pendingReq, executionContext);
+
+ //validate state
+ Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus());
+ Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location"));
+ Assert.assertTrue("Wrong redirect endpoint",
+ ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint));
+
+
+ final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
+
+ Assert.assertEquals("PrividerName", "myNode", eidasReq.getProviderName());
+ Assert.assertEquals("RequesterId found", "myNode", eidasReq.getRequesterId());
+ Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType());
+ Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH,
+ eidasReq.getLevelOfAssurance());
+
+ Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size());
+
+ }
+
+ @Test
+ public void privateSpWithCountryLu() throws TaskExecutionException,
+ SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException {
+ //set-up test
+ executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU");
+ executionContext.put("selectedEnvironment", "prod");
+
+ String providerName = RandomStringUtils.randomAlphanumeric(10);
+ String requesterId = RandomStringUtils.randomAlphanumeric(10);
+ pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+ pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, requesterId);
+
+ spConfig.put("target",
+ EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6));
+
+ basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true");
+
+ String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
+
+ //execute test
+ task.execute(pendingReq, executionContext);
+
+ //validate state
+ Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus());
+ Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location"));
+ Assert.assertTrue("Wrong redirect endpoint",
+ ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint));
+
+
+ final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
+
+ Assert.assertEquals("PrividerName", "myNode", eidasReq.getProviderName());
+ Assert.assertEquals("RequesterId", "myNode", eidasReq.getRequesterId());
+ Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType());
+ Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH,
+ eidasReq.getLevelOfAssurance());
+
+ Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size());
}
@@ -409,6 +512,53 @@ public class GenerateAuthnRequestTaskTest {
EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6));
String providerName = RandomStringUtils.randomAlphanumeric(10);
pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+ pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, "http://junit.sp");
+
+ basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false");
+
+ String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
+
+
+ //perform test
+ task.execute(pendingReq, executionContext);
+
+ //validate state
+ Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus());
+ Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location"));
+ Assert.assertTrue("Wrong redirect endpoint",
+ ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint));
+
+
+ final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
+
+ Assert.assertEquals("PrividerName", providerName, eidasReq.getProviderName());
+ Assert.assertEquals("RequesterId", "Wr8LrrVf5SYneblOlZdZNaLQQCCgzklfKQvyeZjBx10=", eidasReq.getRequesterId());
+ Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType());
+ Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance());
+
+ }
+
+ @Test
+ public void privateSPWithoutRequestIdHashing() throws TaskExecutionException,
+ SpecificCommunicationException, EaafStorageException {
+ //set-up test
+ executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC");
+ spConfig.put("target",
+ EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6));
+ String providerName = RandomStringUtils.randomAlphanumeric(10);
+ String requesterId = RandomStringUtils.randomAlphanumeric(10);
+ pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+ pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, requesterId);
basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
basicConfig.putConfigValue(
@@ -417,6 +567,7 @@ public class GenerateAuthnRequestTaskTest {
"eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
basicConfig.putConfigValue(
"eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false");
+ basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm", "false");
String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
basicConfig.putConfigValue(
@@ -438,7 +589,7 @@ public class GenerateAuthnRequestTaskTest {
final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
Assert.assertEquals("PrividerName", providerName, eidasReq.getProviderName());
- Assert.assertEquals("RequesterId", providerName, eidasReq.getRequesterId());
+ Assert.assertEquals("RequesterId", requesterId, eidasReq.getRequesterId());
Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType());
Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance());
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java
index c8e00e72..ea2cda4b 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java
@@ -37,7 +37,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
import at.gv.egiz.eaaf.core.impl.utils.Random;
@@ -81,7 +81,8 @@ public class ReceiveAuthnResponseTaskTest {
RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false");
-
+ basicConfig.putConfigValue("eidas.ms.auth.eIDAS.eid.testidentity.default", "false");
+
final Map<String, String> spConfig = new HashMap<>();
spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp");
spConfig.put("target", "urn:publicid:gv.at:cdid+XX");
@@ -149,16 +150,45 @@ public class ReceiveAuthnResponseTaskTest {
//validate state
IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
Assert.assertNotNull("pendingReq not stored", storedReq);
-
- final AuthProcessDataWrapper authProcessData = storedReq.getSessionData(AuthProcessDataWrapper.class);
+ final EidAuthProcessDataWrapper authProcessData = storedReq.getSessionData(EidAuthProcessDataWrapper.class);
Assert.assertEquals("LoA", eidasResponse.getLevelOfAssurance(), authProcessData.getQaaLevel());
Assert.assertNotNull("eIDAS response",
authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
Assert.assertEquals("eIDAS response", eidasResponse,
authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
-
+
+ Assert.assertFalse("testIdentity flag", authProcessData.isTestIdentity());
+
}
-
+
+ @Test
+ public void successWithTestIdentity() throws URISyntaxException, TaskExecutionException, PendingReqIdValidationException {
+ basicConfig.putConfigValue("eidas.ms.auth.eIDAS.eid.testidentity.default", "true");
+
+ @NotNull
+ AuthenticationResponse eidasResponse = buildDummyAuthResponse(Constants.SUCCESS_URI);
+ httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
+ executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU");
+
+ //execute test
+ task.execute(pendingReq, executionContext);
+
+ //validate state
+ IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
+ Assert.assertNotNull("pendingReq not stored", storedReq);
+
+ final EidAuthProcessDataWrapper authProcessData = storedReq.getSessionData(EidAuthProcessDataWrapper.class);
+ Assert.assertEquals("LoA", eidasResponse.getLevelOfAssurance(), authProcessData.getQaaLevel());
+ Assert.assertNotNull("eIDAS response",
+ authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
+ Assert.assertEquals("eIDAS response", eidasResponse,
+ authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
+ Assert.assertTrue("testIdentity flag", authProcessData.isTestIdentity());
+
+ }
+
+
+
@NotNull
private AuthenticationResponse buildDummyAuthResponse(String statusCode) throws URISyntaxException {
final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
index 35f1a91b..84da2344 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
@@ -149,9 +149,10 @@ public class EidasRequestPreProcessingFirstTest {
Assert.assertEquals("ProviderName is not Static",
Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, lightReq.getProviderName());
+ Assert.assertNotSame("RequesterId was set", lightReq.getRequesterId());
Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
Assert.assertEquals("Requested attribute size not match", 8, lightReq.getRequestedAttributes().size());
}
-
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
index 23175a18..6fd4f8a5 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
@@ -86,6 +86,9 @@ public class EidasRequestPreProcessingSecondTest {
authnRequestBuilder.issuer("Test");
authnRequestBuilder.levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "true");
+
}
@Test
@@ -106,4 +109,49 @@ public class EidasRequestPreProcessingSecondTest {
}
+
+ /*
+ * Set ProviderName according to general configuration
+ */
+ @Test
+ public void prePreProcessLuPublicSpWithoutRequestId() throws EidPostProcessingException {
+
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "false");
+
+ final String testCountry = "LU";
+ authnRequestBuilder.citizenCountryCode(testCountry);
+ preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
+
+ final LightRequest lightReq = authnRequestBuilder.build();
+
+ Assert.assertEquals("ProviderName is not Static", "myNode", lightReq.getProviderName());
+ Assert.assertNull("RequesterId", lightReq.getRequesterId());
+ Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
+ Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size());
+
+ }
+
+ /*
+ * Always set requesterId and providername in case of country LU
+ */
+ @Test
+ public void prePreProcessLuPublicSpWithStaticRequesterId() throws EidPostProcessingException {
+
+
+ final String testCountry = "LU";
+ authnRequestBuilder.citizenCountryCode(testCountry);
+ preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
+
+ final LightRequest lightReq = authnRequestBuilder.build();
+
+ Assert.assertEquals("ProviderName is not Static",
+ "myNode", lightReq.getProviderName());
+ Assert.assertEquals("RequesterId is not Static",
+ "myNode", lightReq.getRequesterId());
+ Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
+ Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size());
+
+ }
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml
index d4783585..f4fc72a7 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml
@@ -53,6 +53,11 @@
<property name="priority" value="1" />
</bean>
+ <bean id="LU-PostProcessor"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.LuEidProcessor">
+ <property name="priority" value="1" />
+ </bean>
+
<bean id="eIDASAuthModule"
class="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasAuthenticationModulImpl">
<property name="priority" value="2" />