diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2022-01-13 07:05:50 +0000 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2022-01-13 07:05:50 +0000 |
commit | 07b71d26fb481859548b597aa43d7312608220d9 (patch) | |
tree | db44fed7baeb1ea15974e945f2fe0bf9fb6ad78f /eidas_modules/authmodule-eIDAS-v2 | |
parent | 29868d8000773c74c395891bebb685a3252e13ec (diff) | |
parent | 4de3e0f9c7874ddd7ac4028bfc53f9ee841cb475 (diff) | |
download | National_eIDAS_Gateway-07b71d26fb481859548b597aa43d7312608220d9.tar.gz National_eIDAS_Gateway-07b71d26fb481859548b597aa43d7312608220d9.tar.bz2 National_eIDAS_Gateway-07b71d26fb481859548b597aa43d7312608220d9.zip |
Merge branch 'feature/matching_base_rebase' into 'feature/matching_base'
Feature/matching base rebase
See merge request egiz/eidas_at_proxy!14
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2')
10 files changed, 85 insertions, 67 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml b/eidas_modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml index 15d62521..9b12a750 100644 --- a/eidas_modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml +++ b/eidas_modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml @@ -2,14 +2,9 @@ <FindBugsFilter> <Match> <!-- Do not check code generated by Apache CXF framework --> - <Or> - <Class name="~szrservices.SZRException"/> - <Package name="~at[.]gv[.]bmi[.]namespace[.]zmr_su.*?" /> - </Or> - </Match> - <Match> - <!-- Do not check code generated by Apache CXF framework --> - <Class name="~szrservices.SZRException"/> + <Class name="~szrservices.*"/> + <Class name="~at.gv.e_government.reference.namespace.persondata.*" /> + <Class name="~org.w3._2000._09.xmldsig.*" /> </Match> <Match> <!-- Logging of SAML2 responses in case of errors or for debugging is allowed --> @@ -40,5 +35,16 @@ <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask" /> <Method name="sendRedirect" /> <Bug pattern="UNVALIDATED_REDIRECT" /> - </Match> + </Match> + <Match> + <!-- Builder pattern does not expose date elements --> + <OR> + <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData" /> + <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils$JwsResult"/> + </OR> + <OR> + <Bug pattern="EI_EXPOSE_REP" /> + <Bug pattern="EI_EXPOSE_REP2" /> + </OR> + </Match> </FindBugsFilter> diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml index 976a4d9b..5a24b67f 100644 --- a/eidas_modules/authmodule-eIDAS-v2/pom.xml +++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml @@ -6,7 +6,7 @@ <parent> <groupId>at.asitplus.eidas.ms_specific</groupId> <artifactId>modules</artifactId> - <version>1.2.3-SNAPSHOT</version> + <version>1.2.4-SNAPSHOT</version> </parent> <groupId>at.asitplus.eidas.ms_specific.modules</groupId> <artifactId>authmodule-eIDAS-v2</artifactId> @@ -147,10 +147,8 @@ <dependency> <groupId>org.bitbucket.b_c</groupId> <artifactId>jose4j</artifactId> - <version>0.7.2</version> </dependency> - - + <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> @@ -183,7 +181,6 @@ <artifactId>mockito-soap-cxf</artifactId> <scope>test</scope> </dependency> - <dependency> <groupId>at.asitplus.eidas.ms_specific</groupId> <artifactId>connector_lib</artifactId> @@ -203,12 +200,14 @@ <scope>test</scope> <type>test-jar</type> </dependency> + <dependency> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_module_pvp2_core</artifactId> <scope>test</scope> <type>test-jar</type> </dependency> + <dependency> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_module_pvp2_idp</artifactId> @@ -220,7 +219,6 @@ <artifactId>mockwebserver</artifactId> <scope>test</scope> </dependency> - </dependencies> <build> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java index e6484e63..715d3672 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java @@ -23,6 +23,17 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import java.text.MessageFormat; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.jetbrains.annotations.NotNull; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthRequestBuilderConfiguration; @@ -40,16 +51,7 @@ import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PvpAuthnRequestBuilder; import lombok.extern.slf4j.Slf4j; import net.shibboleth.utilities.java.support.resolver.ResolverException; -import net.shibboleth.utilities.java.support.security.SecureRandomIdentifierGenerationStrategy; -import org.apache.commons.lang3.StringUtils; -import org.jetbrains.annotations.NotNull; -import org.opensaml.saml.saml2.metadata.EntityDescriptor; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.text.MessageFormat; +import net.shibboleth.utilities.java.support.security.impl.SecureRandomIdentifierGenerationStrategy; /** * Generate a SAML2 AuthnRequest to authenticate the user at ID Austria system. diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java index 4655d7ab..3e57ea24 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java @@ -316,7 +316,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet new Object[]{MODULE_NAME_FOR_LOGGING, response.getIssuer().getValue(), response.getStatus().getStatusCode().getValue(), - response.getStatus().getStatusMessage().getMessage()}); + response.getStatus().getStatusMessage().getValue()}); } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthHealthCheckTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthHealthCheckTest.java index a583ab2a..90e1b169 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthHealthCheckTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthHealthCheckTest.java @@ -1,6 +1,8 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient; -import org.joda.time.DateTime; +import java.time.Instant; +import java.time.temporal.ChronoUnit; + import org.junit.Assert; import org.junit.BeforeClass; import org.junit.Test; @@ -113,7 +115,7 @@ public class IdAustriaClientAuthHealthCheckTest { final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), IdAustriaClientAuthHealthCheckTest.class.getResourceAsStream("/data/idp_metadata_no_sig.xml")); - metadata.setValidUntil(DateTime.now().plusDays(1)); + metadata.setValidUntil(Instant.now().plus(1, ChronoUnit.DAYS)); metadata.setSignature(null); metadata.setEntityID(dynEntityId); Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java index 4671684f..095a020a 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java @@ -14,6 +14,7 @@ import org.opensaml.core.xml.io.UnmarshallingException; import org.opensaml.core.xml.util.XMLObjectSupport; import org.opensaml.saml.common.xml.SAMLConstants; import org.opensaml.saml.metadata.resolver.filter.FilterException; +import org.opensaml.saml.metadata.resolver.filter.MetadataFilterContext; import org.opensaml.saml.saml2.metadata.EntityDescriptor; import org.opensaml.saml.saml2.metadata.SPSSODescriptor; import org.springframework.beans.factory.annotation.Autowired; @@ -98,15 +99,17 @@ public class IdAustriaClientAuthMetadataControllerTest { "http://localhost/authhandler" + IdAustriaClientAuthConstants.ENDPOINT_METADATA, metadata.getEntityID()); + MetadataFilterContext filterContext = new MetadataFilterContext(); + //check XML scheme final SchemaValidationFilter schemaFilter = new SchemaValidationFilter(); - schemaFilter.filter(metadata); + schemaFilter.filter(metadata, filterContext); //check signature final SimpleMetadataSignatureVerificationFilter sigFilter = new SimpleMetadataSignatureVerificationFilter(credProvider.getKeyStore().getFirst(), metadata.getEntityID()); - sigFilter.filter(metadata); + sigFilter.filter(metadata, filterContext); //check content final SPSSODescriptor spSsoDesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); @@ -122,12 +125,12 @@ public class IdAustriaClientAuthMetadataControllerTest { Assert.assertFalse("NameIDFormats", spSsoDesc.getNameIDFormats().isEmpty()); Assert.assertEquals("wrong NameIDFormats", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - spSsoDesc.getNameIDFormats().get(0).getFormat()); + spSsoDesc.getNameIDFormats().get(0).getURI()); Assert.assertFalse("AttributeConsumingServices", spSsoDesc.getAttributeConsumingServices().isEmpty()); Assert.assertEquals("#RequestAttributes", numberOfRequestedAttributes, - spSsoDesc.getAttributeConsumingServices().get(0).getRequestAttributes().size()); + spSsoDesc.getAttributeConsumingServices().get(0).getRequestedAttributes().size()); } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderFirstTest.java index da10fc54..c4dd5d2e 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderFirstTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderFirstTest.java @@ -1,9 +1,10 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient; import java.io.IOException; +import java.time.Instant; +import java.time.temporal.ChronoUnit; import org.apache.commons.lang3.RandomStringUtils; -import org.joda.time.DateTime; import org.junit.Assert; import org.junit.Before; import org.junit.BeforeClass; @@ -216,7 +217,7 @@ public class IdAustriaClientAuthMetadataProviderFirstTest { final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), MetadataResolverTest.class.getResourceAsStream("/data/idp_metadata_no_sig.xml")); - metadata.setValidUntil(DateTime.now().plusDays(1)); + metadata.setValidUntil(Instant.now().plus(1, ChronoUnit.DAYS)); metadata.setSignature(null); metadata.setEntityID(dynEntityId); Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java index 8e5ecfe1..dccbfda6 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java @@ -1,5 +1,34 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; +import static org.springframework.util.Assert.isInstanceOf; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.util.Base64; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.saml2.core.AuthnRequest; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; @@ -22,34 +51,6 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xIniti import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; -import org.apache.commons.lang3.RandomStringUtils; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; -import org.opensaml.core.xml.util.XMLObjectSupport; -import org.opensaml.saml.common.xml.SAMLConstants; -import org.opensaml.saml.saml2.core.AuthnRequest; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; - -import java.io.ByteArrayInputStream; -import java.io.InputStream; -import java.util.Base64; -import java.util.Map; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertThrows; -import static org.junit.Assert.assertTrue; -import static org.springframework.util.Assert.isInstanceOf; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(locations = { @@ -273,6 +274,12 @@ public class GenerateMobilePhoneSignatureRequestTaskTest { return null; } + + @Override + public boolean isWriteAsynch() { + return false; + + } }; } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java index 8094ac1e..d5400695 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java @@ -9,6 +9,7 @@ import java.io.IOException; import java.io.InputStream; import java.math.BigInteger; import java.nio.charset.StandardCharsets; +import java.time.Instant; import java.util.Arrays; import java.util.Base64; import java.util.Collections; @@ -20,13 +21,11 @@ import javax.xml.transform.TransformerException; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.RandomStringUtils; import org.jetbrains.annotations.NotNull; -import org.joda.time.DateTime; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Ignore; import org.junit.Test; import org.junit.runner.RunWith; -import org.mockito.MockitoAnnotations; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; import org.opensaml.core.xml.io.MarshallingException; import org.opensaml.core.xml.util.XMLObjectSupport; @@ -455,12 +454,12 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest { InputStream inputStream = ReceiveMobilePhoneSignatureResponseTaskTest.class.getResourceAsStream(responsePath); ParserPool parserPool = Objects.requireNonNull(XMLObjectProviderRegistrySupport.getParserPool()); Response response = (Response) XMLObjectSupport.unmarshallFromInputStream(parserPool, inputStream); - response.setIssueInstant(DateTime.now()); + response.setIssueInstant(Instant.now()); Issuer issuer = Saml2Utils.createSamlObject(Issuer.class); issuer.setValue("classpath:/data/idp_metadata_classpath_entity.xml"); response.setIssuer(issuer); if (validConditions) { - response.getAssertions().get(0).getConditions().setNotOnOrAfter(DateTime.now().plusMinutes(5)); + response.getAssertions().get(0).getConditions().setNotOnOrAfter(Instant.now().plusSeconds(5*60)); } Response signedResponse = Saml2Utils.signSamlObject(response, credentialProvider.getMessageSigningCredential(), true); addSamlResponseToHttpReq(signedResponse); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml index f4463a3e..0afa0d7d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml @@ -22,7 +22,7 @@ <import resource="classpath:/eaaf_pvp.beans.xml" /> <bean id="mvcGUIBuilderImpl" - class="at.asitplus.eidas.specific.connector.gui.SpringMvcGuiFormBuilderImpl" /> + class="at.gv.egiz.eaaf.core.impl.gui.builder.SpringMvcGuiFormBuilderImpl" /> <bean id="springManagedSpecificConnectorCommunicationService" class="at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService" /> |