diff options
author | Thomas <> | 2022-06-03 15:24:01 +0200 |
---|---|---|
committer | Thomas <> | 2022-06-03 15:24:01 +0200 |
commit | 7f0a925a72dc9841280e66fcba1515af62b9efdf (patch) | |
tree | 87c47d50ef3e092d18d6de4ae15cf0cf60900a2a /ms_specific_proxyservice/src | |
parent | 38d7758281b9cb8ba0f1a7e8a8d10098bcf2dcb8 (diff) | |
download | National_eIDAS_Gateway-7f0a925a72dc9841280e66fcba1515af62b9efdf.tar.gz National_eIDAS_Gateway-7f0a925a72dc9841280e66fcba1515af62b9efdf.tar.bz2 National_eIDAS_Gateway-7f0a925a72dc9841280e66fcba1515af62b9efdf.zip |
test(core): add smoke test with full eIDAS OutGoing login and error-handling
Diffstat (limited to 'ms_specific_proxyservice/src')
27 files changed, 1860 insertions, 1 deletions
diff --git a/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/pvp/PvpEndPointConfiguration.java b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/pvp/PvpEndPointConfiguration.java new file mode 100644 index 00000000..20caf7e5 --- /dev/null +++ b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/pvp/PvpEndPointConfiguration.java @@ -0,0 +1,154 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.proxy.pvp; + +import java.util.Arrays; +import java.util.List; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml.saml2.metadata.ContactPerson; +import org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration; +import org.opensaml.saml.saml2.metadata.EmailAddress; +import org.opensaml.saml.saml2.metadata.GivenName; +import org.opensaml.saml.saml2.metadata.Organization; +import org.opensaml.saml.saml2.metadata.OrganizationDisplayName; +import org.opensaml.saml.saml2.metadata.OrganizationName; +import org.opensaml.saml.saml2.metadata.OrganizationURL; +import org.opensaml.saml.saml2.metadata.SurName; +import org.springframework.beans.factory.annotation.Autowired; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class PvpEndPointConfiguration implements IPvp2BasicConfiguration { + private static final String DEFAULT_XML_LANG = "en"; + + @Autowired(required = true) + IConfiguration basicConfiguration; + + @Override + public String getIdpEntityId(String authUrl) throws EaafException { + return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_METADATA; + + } + + @Override + public String getIdpSsoPostService(String authUrl) throws EaafException { + return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_POST; + + } + + @Override + public String getIdpSsoRedirectService(String authUrl) throws EaafException { + return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_REDIRECT; + + } + + @Override + public String getIdpSsoSoapService(String extractAuthUrlFromRequest) throws EaafException { + log.warn("PVP S-Profile End-Point does NOT support SOAP Binding"); + return null; + + } + + @Override + public List<ContactPerson> getIdpContacts() throws EaafException { + final ContactPerson contactPerson = Saml2Utils.createSamlObject(ContactPerson.class); + final GivenName givenName = Saml2Utils.createSamlObject(GivenName.class); + final SurName surname = Saml2Utils.createSamlObject(SurName.class); + final EmailAddress emailAddress = Saml2Utils.createSamlObject(EmailAddress.class); + + givenName.setValue(getAndVerifyFromConfiguration( + MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_GIVENNAME)); + surname.setValue(getAndVerifyFromConfiguration( + MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_SURNAME)); + emailAddress.setURI(getAndVerifyFromConfiguration( + MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_EMAIL)); + + contactPerson.setType(ContactPersonTypeEnumeration.TECHNICAL); + contactPerson.setGivenName(givenName); + contactPerson.setSurName(surname); + contactPerson.getEmailAddresses().add(emailAddress); + + return Arrays.asList(contactPerson); + + } + + @Override + public Organization getIdpOrganisation() throws EaafException { + final Organization organisation = Saml2Utils.createSamlObject(Organization.class); + final OrganizationName orgName = Saml2Utils.createSamlObject(OrganizationName.class); + final OrganizationDisplayName orgDisplayName = Saml2Utils.createSamlObject(OrganizationDisplayName.class); + final OrganizationURL orgUrl = Saml2Utils.createSamlObject(OrganizationURL.class); + + orgName.setXMLLang(DEFAULT_XML_LANG); + orgName.setValue(getAndVerifyFromConfiguration( + MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_NAME)); + + orgDisplayName.setXMLLang(DEFAULT_XML_LANG); + orgDisplayName.setValue(getAndVerifyFromConfiguration( + MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME)); + + orgUrl.setXMLLang(DEFAULT_XML_LANG); + orgUrl.setURI(getAndVerifyFromConfiguration( + MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_URL)); + + + organisation.getOrganizationNames().add(orgName); + organisation.getDisplayNames().add(orgDisplayName); + organisation.getURLs().add(orgUrl); + + return organisation; + } + + @Override + public IConfiguration getBasicConfiguration() { + return basicConfiguration; + } + + private String removePostFix(String url) { + if (url != null && url.endsWith("/")) { + return url.substring(0, url.length() - 1); + } else { + return url; + } + } + + private String getAndVerifyFromConfiguration(String configKey) throws EaafConfigurationException { + final String value = basicConfiguration.getBasicConfiguration(configKey); + if (StringUtils.isEmpty(value)) { + throw new EaafConfigurationException("config.08", + new Object[] {configKey}); + + } + + return value; + } +} diff --git a/ms_specific_proxyservice/src/main/resources/application.properties b/ms_specific_proxyservice/src/main/resources/application.properties index 9f1b68e2..7d8c199f 100644 --- a/ms_specific_proxyservice/src/main/resources/application.properties +++ b/ms_specific_proxyservice/src/main/resources/application.properties @@ -73,6 +73,7 @@ eidas.ms.configuration.pvp.enable.entitycategories=false #### eIDAS ms-specific Proxy-Service configuration eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy #eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint= +eidas.ms.auth.eIDAS.node_v2.forward.method=POST # Mandate configuration eidas.ms.auth.eIDAS.proxy.mandates.enabled=false diff --git a/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml b/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml index c5312751..5633cb0e 100644 --- a/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml +++ b/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml @@ -12,6 +12,8 @@ http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> <import resource="specific_eIDAS_core.beans.xml"/> - + + <bean id="pvpEndpointConfig" + class="at.asitplus.eidas.specific.proxy.pvp.PvpEndPointConfiguration" /> </beans>
\ No newline at end of file diff --git a/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java new file mode 100644 index 00000000..bc6f5317 --- /dev/null +++ b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java @@ -0,0 +1,480 @@ +package at.asitplus.eidas.specific.proxy.test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.lang.reflect.Field; +import java.text.SimpleDateFormat; +import java.time.Instant; +import java.util.Base64; +import java.util.Map; +import java.util.TimeZone; +import java.util.Timer; +import java.util.UUID; + +import org.apache.commons.lang3.RandomStringUtils; +import org.apache.ignite.Ignition; +import org.joda.time.DateTime; +import org.joda.time.DateTimeZone; +import org.junit.AfterClass; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.config.InitializationException; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.UnmarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.metadata.resolver.impl.ResourceBackedMetadataResolver; +import org.opensaml.saml.saml2.core.Issuer; +import org.opensaml.saml.saml2.core.RequestAbstractType; +import org.opensaml.saml.saml2.core.Response; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.core.io.ResourceLoader; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ActiveProfiles; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.web.servlet.setup.DefaultMockMvcBuilder; +import org.springframework.test.web.servlet.setup.MockMvcBuilders; +import org.springframework.util.Base64Utils; +import org.springframework.web.context.WebApplicationContext; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import com.google.common.collect.ImmutableSet; + +import at.asitplus.eidas.specific.modules.auth.idaustria.controller.IdAustriaAuthSignalController; +import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider; +import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; +import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.msproxyservice.protocol.EidasProxyServiceController; +import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer; +import at.gv.egiz.eaaf.core.api.IStatusMessenger; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController; +import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication; +import eu.eidas.auth.commons.EidasParameterKeys; +import eu.eidas.auth.commons.attribute.AttributeValue; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.auth.commons.light.impl.LightRequest; +import eu.eidas.auth.commons.tx.BinaryLightToken; +import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; +import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; +import lombok.SneakyThrows; +import net.shibboleth.utilities.java.support.component.ComponentInitializationException; +import net.shibboleth.utilities.java.support.xml.XMLParserException; + +@RunWith(SpringJUnit4ClassRunner.class) +@SpringBootTest +@ContextConfiguration(initializers = { + org.springframework.boot.context.config.DelegatingApplicationContextInitializer.class, + SpringBootApplicationContextInitializer.class + }) +@TestPropertySource(locations = { "file:src/test/resources/config/junit_config_1_springboot.properties" }) +@DirtiesContext(classMode = ClassMode.AFTER_CLASS) +@ActiveProfiles(profiles = {"JUNIT", "jUnitTestMode"}) +public class FullStartUpAndProcessTest { + + private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml"; + private static final String FINAL_REDIRECT = "https://localhost/ms_proxy/public/secure/finalizeAuthProtocol?pendingid="; + private static final String ERROR_REDIRECT = "https://localhost/ms_proxy/public/secure/errorHandling?errorid="; + + + @Autowired private WebApplicationContext wac; + + @Autowired private ResourceLoader resourceLoader; + @Autowired private EidasAttributeRegistry attrRegistry; + + @Autowired private IdAustriaAuthSignalController idAustriaEndpoint; + @Autowired private IdAustriaAuthMetadataProvider idAustriaMetadata; + @Autowired private IdAustriaAuthCredentialProvider credentialProvider; + + @Autowired private EidasProxyServiceController eidasProxyEndpoint; + @Autowired private ProtocolFinalizationController finalize; + + @Autowired private IStatusMessenger messager; + + /** + * jUnit class initializer. + * @throws InterruptedException In case of an error + * @throws ComponentInitializationException In case of an error + * @throws InitializationException In case of an error + * + */ + @BeforeClass + @SneakyThrows + public static void classInitializer() { + final String current = new java.io.File(".").toURI().toString(); + System.clearProperty("eidas.ms.configuration"); + + //eIDAS Ref. Impl. properties + System.setProperty("EIDAS_CONFIG_REPOSITORY", current.substring("file:".length()) + + "../basicConfig/eIDAS/"); + System.setProperty("SPECIFIC_CONNECTOR_CONFIG_REPOSITORY", current.substring("file:".length()) + + "../basicConfig/eIDAS/"); + System.setProperty("SPECIFIC_PROXY_SERVICE_CONFIG_REPOSITORY", current.substring("file:".length()) + + "../basicConfig/eIDAS/"); + + EaafOpenSaml3xInitializer.eaafInitialize(); + + } + + /** + * Test shut-down. + * + * @throws Exception In case of an error + */ + @AfterClass + @SneakyThrows + public static void closeIgniteNode() { + System.out.println("Closiong Ignite Node ... "); + Ignition.stopAll(true); + + //set Ignite-node holder to 'null' because static holders are shared between different tests + final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance"); + field.setAccessible(true); + field.set(null, null); + + } + + /** + * jUnit test set-up. + * + * + */ + @Before + public void setup() throws IOException { + DefaultMockMvcBuilder builder = MockMvcBuilders.webAppContextSetup(this.wac); + @SuppressWarnings("rawtypes") + Map<String, FilterRegistrationBean> filters = wac.getBeansOfType(FilterRegistrationBean.class); + for (FilterRegistrationBean<?> filter : filters.values()) { + if (filter.isEnabled()) { + builder.addFilter(filter.getFilter(), "/*"); + + } + } + + LogMessageProviderFactory.setStatusMessager(messager); + + } + + @Test + @SneakyThrows + public void simpleError() { + MockHttpServletRequest proxyHttpReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy"); + String spCountryCode = injectEidas2AuthnReq(proxyHttpReq); + MockHttpServletResponse proxyHttpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(proxyHttpReq, proxyHttpResp)); + + injectIdAustriaSaml2Metadata(); + + + // send eIDAS Proxy-Service process hand-over + eidasProxyEndpoint.receiveEidasAuthnRequest(proxyHttpReq, proxyHttpResp); + + + // extract SAML2 AuthnRequest to IDA system + assertEquals("forward to finalization", 200, proxyHttpResp.getStatus()); + assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", proxyHttpResp.getContentType()); + String saml2ReqPage = proxyHttpResp.getContentAsString(); + assertNotNull("selectionPage is null", saml2ReqPage); + assertFalse("selectionPage is empty", saml2ReqPage.isEmpty()); + + String saml2ReqB64 = extractRequestToken(saml2ReqPage, "<input type=\"hidden\" name=\"SAMLRequest\" value=\""); + String saml2RelayState = extractRequestToken(saml2ReqPage, "<input type=\"hidden\" name=\"RelayState\" value=\""); + assertNotNull("SAML2 request", saml2ReqB64); + assertNotNull("SAML2 relayState", saml2RelayState); + + + + // send WRONG response from IDA system to eIDAS Proxy-Service + final MockHttpServletRequest idaHttpReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy"); + idaHttpReq.setScheme("https"); + idaHttpReq.setServerPort(443); + idaHttpReq.setContextPath("/ms_proxy"); + idaHttpReq.addParameter(IdAustriaAuthSignalController.HTTP_PARAM_RELAYSTATE, RandomStringUtils.randomAlphanumeric(15)); + idaHttpReq.addParameter("SAMLResponse", RandomStringUtils.randomAlphabetic(25)); + final MockHttpServletResponse idaHttpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(idaHttpReq, idaHttpResp)); + + idAustriaEndpoint.performEidasAuthentication(idaHttpReq, idaHttpResp); + + + // validate forwarding to protocol finalization + assertEquals("forward to finalization", 302, idaHttpResp.getStatus()); + assertNotNull("missing redirect header", idaHttpResp.getHeader("Location")); + assertTrue("wrong redirect header", idaHttpResp.getHeader("Location").startsWith(ERROR_REDIRECT)); + String finalPendingReqId = idaHttpResp.getHeader("Location").substring(ERROR_REDIRECT.length()); + assertFalse("final errorId", finalPendingReqId.isEmpty()); + + // set-up error-handling request + MockHttpServletRequest finalizationReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy"); + finalizationReq.setParameter("errorid", finalPendingReqId); + MockHttpServletResponse respErrorPage = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(finalizationReq, respErrorPage)); + + // execute error-handling step + finalize.errorHandling(finalizationReq, respErrorPage); + + + // extract access-token for eIDAS node communication + assertEquals("errorPage", 200, respErrorPage.getStatus()); + assertEquals("errorPage", "text/html;charset=UTF-8", respErrorPage.getContentType()); + String errorPage = respErrorPage.getContentAsString(); + assertNotNull("errorPage is null", errorPage); + assertFalse("errorPage is empty", errorPage.isEmpty()); + assertTrue("Missing errorCode", errorPage.contains("auth.26")); + + } + + @Test + @SneakyThrows + public void simpleSuccess() { + MockHttpServletRequest proxyHttpReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy"); + String spCountryCode = injectEidas2AuthnReq(proxyHttpReq); + MockHttpServletResponse proxyHttpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(proxyHttpReq, proxyHttpResp)); + + injectIdAustriaSaml2Metadata(); + + + // send eIDAS Proxy-Service process hand-over + eidasProxyEndpoint.receiveEidasAuthnRequest(proxyHttpReq, proxyHttpResp); + + + // extract SAML2 AuthnRequest to IDA system + assertEquals("forward to finalization", 200, proxyHttpResp.getStatus()); + assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", proxyHttpResp.getContentType()); + String saml2ReqPage = proxyHttpResp.getContentAsString(); + assertNotNull("selectionPage is null", saml2ReqPage); + assertFalse("selectionPage is empty", saml2ReqPage.isEmpty()); + + String saml2ReqB64 = extractRequestToken(saml2ReqPage, "<input type=\"hidden\" name=\"SAMLRequest\" value=\""); + String saml2RelayState = extractRequestToken(saml2ReqPage, "<input type=\"hidden\" name=\"RelayState\" value=\""); + assertNotNull("SAML2 request", saml2ReqB64); + assertNotNull("SAML2 relayState", saml2RelayState); + + // validate SAML2 request to IDA system + String saml2ReqId = validateSaml2Request(saml2ReqB64, spCountryCode); + + // build SAML2 response from IDA system + String saml2RespB64 = buildSaml2Response(saml2ReqId); + + + // send response from IDA system to eIDAS Proxy-Service + final MockHttpServletRequest idaHttpReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy"); + idaHttpReq.setScheme("https"); + idaHttpReq.setServerPort(443); + idaHttpReq.setContextPath("/ms_proxy"); + idaHttpReq.addParameter(IdAustriaAuthSignalController.HTTP_PARAM_RELAYSTATE, saml2RelayState); + idaHttpReq.addParameter("SAMLResponse", saml2RespB64); + final MockHttpServletResponse idaHttpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(idaHttpReq, idaHttpResp)); + + idAustriaEndpoint.performEidasAuthentication(idaHttpReq, idaHttpResp); + + + // validate forwarding to protocol finalization + assertEquals("forward to finalization", 302, idaHttpResp.getStatus()); + assertNotNull("missing redirect header", idaHttpResp.getHeader("Location")); + assertTrue("wrong redirect header", idaHttpResp.getHeader("Location").startsWith(FINAL_REDIRECT)); + String finalPendingReqId = idaHttpResp.getHeader("Location").substring(FINAL_REDIRECT.length()); + assertFalse("final pendingRequestId", finalPendingReqId.isEmpty()); + + // set-up finalization request + MockHttpServletRequest finalizationReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy"); + finalizationReq.setParameter("pendingid", finalPendingReqId); + MockHttpServletResponse respToEidasProxy = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(finalizationReq, respToEidasProxy)); + + // exexcute finalization step + finalize.finalizeAuthProtocol(finalizationReq, respToEidasProxy); + + + // extract access-token for eIDAS node communication + assertEquals("forward to finalization", 200, respToEidasProxy.getStatus()); + assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", respToEidasProxy.getContentType()); + String forwardPage = respToEidasProxy.getContentAsString(); + assertNotNull("forward to eIDAS Node is null", forwardPage); + assertFalse("forward to eIDAS Node is empty", forwardPage.isEmpty()); + + String eidasNodeRespToken = extractRequestToken(forwardPage, "<input type=\"hidden\" name=\"token\" value=\""); + assertFalse("eidas req. token", eidasNodeRespToken.isEmpty()); + + // validate eIDAS light-response to eIDAS node + validateEidasLightResponse(eidasNodeRespToken); + + + } + + + @SneakyThrows + private void validateEidasLightResponse(String eidasNodeRespToken) { + final SpecificCommunicationService springManagedSpecificConnectorCommunicationService = + (SpecificCommunicationService) wac.getBean( + SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE.toString()); + + ILightResponse lightResp = springManagedSpecificConnectorCommunicationService.getAndRemoveResponse(eidasNodeRespToken, + attrRegistry.getCoreAttributeRegistry().getAttributes()); + + SimpleDateFormat dateTimeParser = new SimpleDateFormat("yyyy-MM-dd"); + dateTimeParser.setTimeZone(TimeZone.getTimeZone("UTC")); + + assertNotNull("ligth-response", lightResp); + assertEquals("eIDAS statusCode", "urn:oasis:names:tc:SAML:2.0:status:Success", lightResp.getStatus().getStatusCode()); + assertEquals("eIDAS LoA", "http://eidas.europa.eu/LoA/high", lightResp.getLevelOfAssurance()); + assertEquals("eIDAS attribute size", 4, lightResp.getAttributes().size()); + checkEidasAttribute(lightResp.getAttributes(), + "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", "QVGm48cqcM4UcyhDTNGYmVdrIoY="); + checkEidasAttribute(lightResp.getAttributes(), + "http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName", "Max"); + checkEidasAttribute(lightResp.getAttributes(), + "http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName", "Mustermann"); + checkEidasAttribute(lightResp.getAttributes(), + "http://eidas.europa.eu/attributes/naturalperson/DateOfBirth", + new DateTime(dateTimeParser.parse("1940-01-01").getTime(), DateTimeZone.UTC)); + + + + } + + private void checkEidasAttribute(ImmutableAttributeMap attributes, String attrName, Object expected) { + ImmutableSet<? extends AttributeValue<Object>> attr = attributes.getAttributeValuesByNameUri(attrName); + assertNotNull("Attribute: " + attrName, attr); + assertFalse("Empty AttributeValue: " + attrName, attr.isEmpty()); + assertNotNull("AttributeValue: " + attrName, attr.asList().get(0)); + assertEquals("Wrong AttributeValue: " + attrName, expected, attr.asList().get(0).getValue()); + + } + + @SneakyThrows + private String validateSaml2Request(String saml2ReqB64, String spCountryCode) { + final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + new ByteArrayInputStream(Base64Utils.decodeFromString(saml2ReqB64))); + + // check requested attributes + assertEquals("wrong number of extension elements", + 1, authnReq.getExtensions().getOrderedChildren().size()); + assertEquals("wrong number of requested attributes", + 4, authnReq.getExtensions().getOrderedChildren().get(0).getOrderedChildren().size()); + + return authnReq.getID(); + } + + @SneakyThrows + private String buildSaml2Response(String saml2ReqId) { + final Response response = initializeResponse( + "classpath:/data/idp_metadata_classpath_entity.xml", + "/data/Response_with_EID.xml", + credentialProvider.getMessageSigningCredential(), + true, saml2ReqId); + return Base64.getEncoder().encodeToString( + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8")); + + } + + private Response initializeResponse(String idpEntityId, String responsePath, EaafX509Credential credential, + boolean validConditions, String saml2ReqId) throws SamlSigningException, XMLParserException, UnmarshallingException, + Pvp2MetadataException { + + final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + FullStartUpAndProcessTest.class.getResourceAsStream(responsePath)); + response.setIssueInstant(Instant.now()); + final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class); + issuer.setValue(idpEntityId); + response.setIssuer(issuer); + response.setInResponseTo(saml2ReqId); + + if (validConditions) { + response.getAssertions().get(0).getConditions().setNotOnOrAfter(Instant.now().plusSeconds(5*60)); + + } + + return Saml2Utils.signSamlObject(response, credential, true); + } + + @SneakyThrows + private void injectIdAustriaSaml2Metadata() { + final org.springframework.core.io.Resource resource = resourceLoader.getResource(METADATA_PATH); + Timer timer = new Timer("PVP metadata-resolver refresh"); + ResourceBackedMetadataResolver fileSystemResolver = + new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource)); + fileSystemResolver.setId("test"); + fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool()); + fileSystemResolver.initialize(); + idAustriaMetadata.addMetadataResolverIntoChain(fileSystemResolver); + + + } + + private String extractRequestToken(String selectionPage, String selector) { + int start = selectionPage.indexOf(selector); + assertTrue("find no starting element of selector", start > 0); + int end = selectionPage.indexOf("\"", start + selector.length()); + assertTrue("find no end tag", end > 0); + return selectionPage.substring(start + selector.length(), end); + + } + + @SneakyThrows + private String injectEidas2AuthnReq(MockHttpServletRequest proxyHttpReq) { + String spCountryCode = "XX"; + LightRequest.Builder authnReqBuilder = LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .spCountryCode(spCountryCode) + .spType("public") + .requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first()) + .build()); + + final SpecificCommunicationService springManagedSpecificConnectorCommunicationService = + (SpecificCommunicationService) wac.getBean( + SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE.toString()); + BinaryLightToken token = springManagedSpecificConnectorCommunicationService.putRequest(authnReqBuilder.build()); + proxyHttpReq.addParameter(EidasParameterKeys.TOKEN.toString(), Base64Utils.encodeToString(token.getTokenBytes())); + + return spCountryCode; + + } + +} diff --git a/ms_specific_proxyservice/src/test/resources/config/eIDAS/additional-attributes.xml b/ms_specific_proxyservice/src/test/resources/config/eIDAS/additional-attributes.xml new file mode 100644 index 00000000..6510546e --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/eIDAS/additional-attributes.xml @@ -0,0 +1,39 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +# Copyright (c) 2017 European Commission +# Licensed under the EUPL, Version 1.2 or – as soon they will be +# approved by the European Commission - subsequent versions of the +# EUPL (the "Licence"); +# You may not use this work except in compliance with the Licence. +# You may obtain a copy of the Licence at: +# * https://joinup.ec.europa.eu/page/eupl-text-11-12 +# * +# Unless required by applicable law or agreed to in writing, software +# distributed under the Licence is distributed on an "AS IS" basis, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the Licence for the specific language governing permissions and limitations under the Licence. + --> + +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> +<properties> + <comment>Dynamic attributes</comment> + + <entry key="1.NameUri">http://eidas.europa.eu/attributes/naturalperson/AdditionalAttribute</entry> + <entry key="1.FriendlyName">AdditionalAttribute</entry> + <entry key="1.PersonType">NaturalPerson</entry> + <entry key="1.Required">false</entry> + <entry key="1.XmlType.NamespaceUri">http://www.w3.org/2001/XMLSchema</entry> + <entry key="1.XmlType.LocalPart">string</entry> + <entry key="1.XmlType.NamespacePrefix">xs</entry> + <entry key="1.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="2.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalAdditionalAttribute</entry> + <entry key="2.FriendlyName">LegalAdditionalAttribute</entry> + <entry key="2.PersonType">LegalPerson</entry> + <entry key="2.Required">false</entry> + <entry key="2.XmlType.NamespaceUri">http://www.w3.org/2001/XMLSchema</entry> + <entry key="2.XmlType.LocalPart">string</entry> + <entry key="2.XmlType.NamespacePrefix">xs</entry> + <entry key="2.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + +</properties> diff --git a/ms_specific_proxyservice/src/test/resources/config/eIDAS/eidas-attributes.xml b/ms_specific_proxyservice/src/test/resources/config/eIDAS/eidas-attributes.xml new file mode 100644 index 00000000..cbae35db --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/eIDAS/eidas-attributes.xml @@ -0,0 +1,376 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +# Copyright (c) 2017 European Commission +# Licensed under the EUPL, Version 1.2 or – as soon they will be +# approved by the European Commission - subsequent versions of the +# EUPL (the "Licence"); +# You may not use this work except in compliance with the Licence. +# You may obtain a copy of the Licence at: +# * https://joinup.ec.europa.eu/page/eupl-text-11-12 +# * +# Unless required by applicable law or agreed to in writing, software +# distributed under the Licence is distributed on an "AS IS" basis, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the Licence for the specific language governing permissions and limitations under the Licence. + --> + +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> +<properties> + <comment>eIDAS attributes</comment> + + <entry key="1.NameUri">http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier</entry> + <entry key="1.FriendlyName">PersonIdentifier</entry> + <entry key="1.PersonType">NaturalPerson</entry> + <entry key="1.Required">true</entry> + <entry key="1.UniqueIdentifier">true</entry> + <entry key="1.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="1.XmlType.LocalPart">PersonIdentifierType</entry> + <entry key="1.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="1.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="2.NameUri">http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName</entry> + <entry key="2.FriendlyName">FamilyName</entry> + <entry key="2.PersonType">NaturalPerson</entry> + <entry key="2.Required">true</entry> + <entry key="2.TransliterationMandatory">true</entry> + <entry key="2.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="2.XmlType.LocalPart">CurrentFamilyNameType</entry> + <entry key="2.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="2.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="3.NameUri">http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName</entry> + <entry key="3.FriendlyName">FirstName</entry> + <entry key="3.PersonType">NaturalPerson</entry> + <entry key="3.Required">true</entry> + <entry key="3.TransliterationMandatory">true</entry> + <entry key="3.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="3.XmlType.LocalPart">CurrentGivenNameType</entry> + <entry key="3.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="3.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="4.NameUri">http://eidas.europa.eu/attributes/naturalperson/DateOfBirth</entry> + <entry key="4.FriendlyName">DateOfBirth</entry> + <entry key="4.PersonType">NaturalPerson</entry> + <entry key="4.Required">true</entry> + <entry key="4.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="4.XmlType.LocalPart">DateOfBirthType</entry> + <entry key="4.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="4.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller</entry> + + <entry key="5.NameUri">http://eidas.europa.eu/attributes/naturalperson/BirthName</entry> + <entry key="5.FriendlyName">BirthName</entry> + <entry key="5.PersonType">NaturalPerson</entry> + <entry key="5.Required">false</entry> + <entry key="5.TransliterationMandatory">true</entry> + <entry key="5.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="5.XmlType.LocalPart">BirthNameType</entry> + <entry key="5.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="5.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="6.NameUri">http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth</entry> + <entry key="6.FriendlyName">PlaceOfBirth</entry> + <entry key="6.PersonType">NaturalPerson</entry> + <entry key="6.Required">false</entry> + <entry key="6.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="6.XmlType.LocalPart">PlaceOfBirthType</entry> + <entry key="6.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="6.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="7.NameUri">http://eidas.europa.eu/attributes/naturalperson/CurrentAddress</entry> + <entry key="7.FriendlyName">CurrentAddress</entry> + <entry key="7.PersonType">NaturalPerson</entry> + <entry key="7.Required">false</entry> + <entry key="7.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="7.XmlType.LocalPart">CurrentAddressType</entry> + <entry key="7.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="7.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller</entry> + + <entry key="8.NameUri">http://eidas.europa.eu/attributes/naturalperson/Gender</entry> + <entry key="8.FriendlyName">Gender</entry> + <entry key="8.PersonType">NaturalPerson</entry> + <entry key="8.Required">false</entry> + <entry key="8.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="8.XmlType.LocalPart">GenderType</entry> + <entry key="8.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="8.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.GenderAttributeValueMarshaller</entry> + + <entry key="9.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier</entry> + <entry key="9.FriendlyName">LegalPersonIdentifier</entry> + <entry key="9.PersonType">LegalPerson</entry> + <entry key="9.Required">true</entry> + <entry key="9.UniqueIdentifier">true</entry> + <entry key="9.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="9.XmlType.LocalPart">LegalPersonIdentifierType</entry> + <entry key="9.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="9.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="10.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalName</entry> + <entry key="10.FriendlyName">LegalName</entry> + <entry key="10.PersonType">LegalPerson</entry> + <entry key="10.Required">true</entry> + <entry key="10.TransliterationMandatory">true</entry> + <entry key="10.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="10.XmlType.LocalPart">LegalNameType</entry> + <entry key="10.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="10.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="11.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalPersonAddress</entry> + <entry key="11.FriendlyName">LegalAddress</entry> + <entry key="11.PersonType">LegalPerson</entry> + <entry key="11.Required">false</entry> + <entry key="11.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="11.XmlType.LocalPart">LegalPersonAddressType</entry> + <entry key="11.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="11.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.LegalAddressAttributeValueMarshaller</entry> + + <entry key="12.NameUri">http://eidas.europa.eu/attributes/legalperson/VATRegistrationNumber</entry> + <entry key="12.FriendlyName">VATRegistration</entry> + <entry key="12.PersonType">LegalPerson</entry> + <entry key="12.Required">false</entry> + <entry key="12.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="12.XmlType.LocalPart">VATRegistrationNumberType</entry> + <entry key="12.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="12.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="13.NameUri">http://eidas.europa.eu/attributes/legalperson/TaxReference</entry> + <entry key="13.FriendlyName">TaxReference</entry> + <entry key="13.PersonType">LegalPerson</entry> + <entry key="13.Required">false</entry> + <entry key="13.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="13.XmlType.LocalPart">TaxReferenceType</entry> + <entry key="13.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="13.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="14.NameUri">http://eidas.europa.eu/attributes/legalperson/D-2012-17-EUIdentifier</entry> + <entry key="14.FriendlyName">D-2012-17-EUIdentifier</entry> + <entry key="14.PersonType">LegalPerson</entry> + <entry key="14.Required">false</entry> + <entry key="14.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="14.XmlType.LocalPart">D-2012-17-EUIdentifierType</entry> + <entry key="14.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="14.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="15.NameUri">http://eidas.europa.eu/attributes/legalperson/LEI</entry> + <entry key="15.FriendlyName">LEI</entry> + <entry key="15.PersonType">LegalPerson</entry> + <entry key="15.Required">false</entry> + <entry key="15.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="15.XmlType.LocalPart">LEIType</entry> + <entry key="15.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="15.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="16.NameUri">http://eidas.europa.eu/attributes/legalperson/EORI</entry> + <entry key="16.FriendlyName">EORI</entry> + <entry key="16.PersonType">LegalPerson</entry> + <entry key="16.Required">false</entry> + <entry key="16.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="16.XmlType.LocalPart">EORIType</entry> + <entry key="16.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="16.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="17.NameUri">http://eidas.europa.eu/attributes/legalperson/SEED</entry> + <entry key="17.FriendlyName">SEED</entry> + <entry key="17.PersonType">LegalPerson</entry> + <entry key="17.Required">false</entry> + <entry key="17.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="17.XmlType.LocalPart">SEEDType</entry> + <entry key="17.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="17.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="18.NameUri">http://eidas.europa.eu/attributes/legalperson/SIC</entry> + <entry key="18.FriendlyName">SIC</entry> + <entry key="18.PersonType">LegalPerson</entry> + <entry key="18.Required">false</entry> + <entry key="18.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="18.XmlType.LocalPart">SICType</entry> + <entry key="18.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="18.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="19.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/PersonIdentifier</entry> + <entry key="19.FriendlyName">RepresentativePersonIdentifier</entry> + <entry key="19.PersonType">RepresentativeNaturalPerson</entry> + <entry key="19.Required">false</entry> + <entry key="19.UniqueIdentifier">true</entry> + <entry key="19.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="19.XmlType.LocalPart">PersonIdentifierType</entry> + <entry key="19.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="19.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="20.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/CurrentFamilyName</entry> + <entry key="20.FriendlyName">RepresentativeFamilyName</entry> + <entry key="20.PersonType">RepresentativeNaturalPerson</entry> + <entry key="20.Required">false</entry> + <entry key="20.TransliterationMandatory">true</entry> + <entry key="20.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="20.XmlType.LocalPart">CurrentFamilyNameType</entry> + <entry key="20.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="20.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="21.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/CurrentGivenName</entry> + <entry key="21.FriendlyName">RepresentativeFirstName</entry> + <entry key="21.PersonType">RepresentativeNaturalPerson</entry> + <entry key="21.Required">false</entry> + <entry key="21.TransliterationMandatory">true</entry> + <entry key="21.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="21.XmlType.LocalPart">CurrentGivenNameType</entry> + <entry key="21.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="21.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="22.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/DateOfBirth</entry> + <entry key="22.FriendlyName">RepresentativeDateOfBirth</entry> + <entry key="22.PersonType">RepresentativeNaturalPerson</entry> + <entry key="22.Required">false</entry> + <entry key="22.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="22.XmlType.LocalPart">DateOfBirthType</entry> + <entry key="22.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="22.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller</entry> + + <entry key="23.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/BirthName</entry> + <entry key="23.FriendlyName">RepresentativeBirthName</entry> + <entry key="23.PersonType">RepresentativeNaturalPerson</entry> + <entry key="23.Required">false</entry> + <entry key="23.TransliterationMandatory">true</entry> + <entry key="23.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="23.XmlType.LocalPart">BirthNameType</entry> + <entry key="23.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="23.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="24.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/PlaceOfBirth</entry> + <entry key="24.FriendlyName">RepresentativePlaceOfBirth</entry> + <entry key="24.PersonType">RepresentativeNaturalPerson</entry> + <entry key="24.Required">false</entry> + <entry key="24.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="24.XmlType.LocalPart">PlaceOfBirthType</entry> + <entry key="24.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="24.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="25.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/CurrentAddress</entry> + <entry key="25.FriendlyName">RepresentativeCurrentAddress</entry> + <entry key="25.PersonType">RepresentativeNaturalPerson</entry> + <entry key="25.Required">false</entry> + <entry key="25.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="25.XmlType.LocalPart">CurrentAddressType</entry> + <entry key="25.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="25.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.RepvCurrentAddressAttributeValueMarshaller</entry> + + <entry key="26.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/Gender</entry> + <entry key="26.FriendlyName">RepresentativeGender</entry> + <entry key="26.PersonType">RepresentativeNaturalPerson</entry> + <entry key="26.Required">false</entry> + <entry key="26.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="26.XmlType.LocalPart">GenderType</entry> + <entry key="26.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="26.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.GenderAttributeValueMarshaller</entry> + + <entry key="27.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonIdentifier</entry> + <entry key="27.FriendlyName">RepresentativeLegalPersonIdentifier</entry> + <entry key="27.PersonType">RepresentativeLegalPerson</entry> + <entry key="27.Required">false</entry> + <entry key="27.UniqueIdentifier">true</entry> + <entry key="27.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="27.XmlType.LocalPart">LegalPersonIdentifierType</entry> + <entry key="27.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="27.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="28.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalName</entry> + <entry key="28.FriendlyName">RepresentativeLegalName</entry> + <entry key="28.PersonType">RepresentativeLegalPerson</entry> + <entry key="28.Required">false</entry> + <entry key="28.TransliterationMandatory">true</entry> + <entry key="28.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="28.XmlType.LocalPart">LegalNameType</entry> + <entry key="28.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="28.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="29.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonAddress</entry> + <entry key="29.FriendlyName">RepresentativeLegalAddress</entry> + <entry key="29.PersonType">RepresentativeLegalPerson</entry> + <entry key="29.Required">false</entry> + <entry key="29.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="29.XmlType.LocalPart">LegalPersonAddressType</entry> + <entry key="29.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="29.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.RepvLegalAddressAttributeValueMarshaller</entry> + + <entry key="30.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/VATRegistrationNumber</entry> + <entry key="30.FriendlyName">RepresentativeVATRegistration</entry> + <entry key="30.PersonType">RepresentativeLegalPerson</entry> + <entry key="30.Required">false</entry> + <entry key="30.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="30.XmlType.LocalPart">VATRegistrationNumberType</entry> + <entry key="30.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="30.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="31.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/TaxReference</entry> + <entry key="31.FriendlyName">RepresentativeTaxReference</entry> + <entry key="31.PersonType">RepresentativeLegalPerson</entry> + <entry key="31.Required">false</entry> + <entry key="31.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="31.XmlType.LocalPart">TaxReferenceType</entry> + <entry key="31.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="31.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="32.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/D-2012-17-EUIdentifier</entry> + <entry key="32.FriendlyName">RepresentativeD-2012-17-EUIdentifier</entry> + <entry key="32.PersonType">RepresentativeLegalPerson</entry> + <entry key="32.Required">false</entry> + <entry key="32.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="32.XmlType.LocalPart">D-2012-17-EUIdentifierType</entry> + <entry key="32.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="32.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="33.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LEI</entry> + <entry key="33.FriendlyName">RepresentativeLEI</entry> + <entry key="33.PersonType">RepresentativeLegalPerson</entry> + <entry key="33.Required">false</entry> + <entry key="33.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="33.XmlType.LocalPart">LEIType</entry> + <entry key="33.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="33.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="34.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/EORI</entry> + <entry key="34.FriendlyName">RepresentativeEORI</entry> + <entry key="34.PersonType">RepresentativeLegalPerson</entry> + <entry key="34.Required">false</entry> + <entry key="34.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="34.XmlType.LocalPart">EORIType</entry> + <entry key="34.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="34.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="35.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/SEED</entry> + <entry key="35.FriendlyName">RepresentativeSEED</entry> + <entry key="35.PersonType">RepresentativeLegalPerson</entry> + <entry key="35.Required">false</entry> + <entry key="35.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="35.XmlType.LocalPart">SEEDType</entry> + <entry key="35.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="35.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="36.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/SIC</entry> + <entry key="36.FriendlyName">RepresentativeSIC</entry> + <entry key="36.PersonType">RepresentativeLegalPerson</entry> + <entry key="36.Required">false</entry> + <entry key="36.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="36.XmlType.LocalPart">SICType</entry> + <entry key="36.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="36.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="39.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonAddress</entry> + <entry key="39.FriendlyName">RepresentativeLegalAddress</entry> + <entry key="39.PersonType">RepresentativeLegalPerson</entry> + <entry key="39.Required">false</entry> + <entry key="39.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="39.XmlType.LocalPart">LegalPersonAddressType</entry> + <entry key="39.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="39.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.RepvLegalAddressAttributeValueMarshaller</entry> + + <entry key="40.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/VATRegistrationNumber</entry> + <entry key="40.FriendlyName">RepresentativeVATRegistration</entry> + <entry key="40.PersonType">RepresentativeLegalPerson</entry> + <entry key="40.Required">false</entry> + <entry key="40.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="40.XmlType.LocalPart">VATRegistrationNumberType</entry> + <entry key="40.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="40.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + +</properties> diff --git a/ms_specific_proxyservice/src/test/resources/config/eIDAS/igniteSpecificCommunication.xml b/ms_specific_proxyservice/src/test/resources/config/eIDAS/igniteSpecificCommunication.xml new file mode 100644 index 00000000..f817f5a4 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/eIDAS/igniteSpecificCommunication.xml @@ -0,0 +1,109 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<!-- + ~ Copyright (c) 2018 by European Commission + ~ + ~ Licensed under the EUPL, Version 1.2 or - as soon they will be + ~ approved by the European Commission - subsequent versions of the + ~ EUPL (the "Licence"); + ~ You may not use this work except in compliance with the Licence. + ~ You may obtain a copy of the Licence at: + ~ https://joinup.ec.europa.eu/page/eupl-text-11-12 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the Licence is distributed on an "AS IS" basis, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + ~ implied. + ~ See the Licence for the specific language governing permissions and + ~ limitations under the Licence. + --> + +<!-- + Ignite Spring configuration file to startup Ignite cache. + + This file demonstrates how to configure cache using Spring. Provided cache + will be created on node startup. + + Use this configuration file when running HTTP REST examples (see 'examples/rest' folder). + + When starting a standalone node, you need to execute the following command: + {IGNITE_HOME}/bin/ignite.{bat|sh} examples/config/ignite-cache.xml + + When starting Ignite from Java IDE, pass path to this file to Ignition: + Ignition.start("examples/config/ignite-cache.xml"); +--> + + +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation=" + http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans.xsd"> + + <bean id="igniteSpecificCommunication.cfg" class="org.apache.ignite.configuration.IgniteConfiguration"> + + <property name="igniteInstanceName" value="igniteSpecificCommunication"/> + + <property name="cacheConfiguration"> + <list> + + <!--Specific Communication Caches--> + <!-- Partitioned cache example configuration (Atomic mode). --> + <bean class="org.apache.ignite.configuration.CacheConfiguration"> + <property name="name" value="specificNodeConnectorRequestCache"/> + <property name="atomicityMode" value="ATOMIC"/> + <property name="backups" value="1"/> + </bean> + <!-- Partitioned cache example configuration (Atomic mode). --> + <bean class="org.apache.ignite.configuration.CacheConfiguration"> + <property name="name" value="nodeSpecificProxyserviceRequestCache"/> + <property name="atomicityMode" value="ATOMIC"/> + <property name="backups" value="1"/> + </bean> + <!-- Partitioned cache example configuration (Atomic mode). --> + <bean class="org.apache.ignite.configuration.CacheConfiguration"> + <property name="name" value="specificNodeProxyserviceResponseCache"/> + <property name="atomicityMode" value="ATOMIC"/> + <property name="backups" value="1"/> + </bean> + <!-- Partitioned cache example configuration (Atomic mode). --> + <bean class="org.apache.ignite.configuration.CacheConfiguration"> + <property name="name" value="nodeSpecificConnectorResponseCache"/> + <property name="atomicityMode" value="ATOMIC"/> + <property name="backups" value="1"/> + </bean> + <!-- Partitioned cache example configuration (Atomic mode). --> + <bean class="org.apache.ignite.configuration.CacheConfiguration"> + <property name="name" value="msConnectorCache"/> + <property name="atomicityMode" value="ATOMIC"/> + <property name="backups" value="1"/> + </bean> + + </list> + </property> + + <!--Multicast discover of other nodes in the grid configuration--> + <property name="discoverySpi"> + <bean class="org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi"> + <property name="ipFinder"> + <bean class="org.apache.ignite.spi.discovery.tcp.ipfinder.multicast.TcpDiscoveryMulticastIpFinder"> + <property name="multicastGroup" value="228.10.10.157"/> + </bean> + </property> + </bean> + </property> + + <!-- how frequently Ignite will output basic node metrics into the log--> + <property name="metricsLogFrequency" value="#{60 * 10 * 1000}"/> + + </bean> + + <!-- + Initialize property configurer so we can reference environment variables. + --> + <bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> + <property name="systemPropertiesModeName" value="SYSTEM_PROPERTIES_MODE_FALLBACK"/> + <property name="searchSystemEnvironment" value="true"/> + </bean> + +</beans> diff --git a/ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionConnector.xml b/ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionConnector.xml new file mode 100644 index 00000000..d1fc042d --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionConnector.xml @@ -0,0 +1,37 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +# Copyright (c) 2017 European Commission +# Licensed under the EUPL, Version 1.2 or – as soon they will be +# approved by the European Commission - subsequent versions of the +# EUPL (the "Licence"); +# You may not use this work except in compliance with the Licence. +# You may obtain a copy of the Licence at: +# * https://joinup.ec.europa.eu/page/eupl-text-11-12 +# * +# Unless required by applicable law or agreed to in writing, software +# distributed under the Licence is distributed on an "AS IS" basis, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the Licence for the specific language governing permissions and limitations under the Licence. + --> + +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> +<properties> + <!-- issuer name --> + <entry key="lightToken.connector.request.issuer.name">specificCommunicationDefinitionConnectorRequest</entry> + <entry key="lightToken.connector.request.node.id">specificConnector</entry> + + <!--secrets and algorithms for request consent token--> + <entry key="lightToken.connector.request.secret">mySecretConnectorRequest</entry> + <entry key="lightToken.connector.request.algorithm">SHA-256</entry> + + <!-- issuer name --> + <entry key="lightToken.connector.response.issuer.name">specificCommunicationDefinitionConnectorResponse</entry> + <entry key="lightToken.connector.response.node.id">specificConnector</entry> + + <!--secrets and algorithms for response consent token--> + <entry key="lightToken.connector.response.secret">mySecretConnectorResponse</entry> + <entry key="lightToken.connector.response.algorithm">SHA-256</entry> + + <!--The value of incoming lightRequest maximum number characters allowed--> + <entry key="incoming.lightRequest.max.number.characters">65535</entry> +</properties> diff --git a/ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionProxyservice.xml b/ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionProxyservice.xml new file mode 100644 index 00000000..c8caf16b --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionProxyservice.xml @@ -0,0 +1,37 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +# Copyright (c) 2017 European Commission +# Licensed under the EUPL, Version 1.2 or – as soon they will be +# approved by the European Commission - subsequent versions of the +# EUPL (the "Licence"); +# You may not use this work except in compliance with the Licence. +# You may obtain a copy of the Licence at: +# * https://joinup.ec.europa.eu/page/eupl-text-11-12 +# * +# Unless required by applicable law or agreed to in writing, software +# distributed under the Licence is distributed on an "AS IS" basis, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the Licence for the specific language governing permissions and limitations under the Licence. + --> + +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> +<properties> + <entry key="distributedCommunicationMaps">true</entry> + + <!-- issuer name --> + <entry key="lightToken.proxyservice.request.issuer.name">specificCommunicationDefinitionProxyserviceRequest</entry> + <entry key="lightToken.proxyservice.request.node.id">specificProxyService</entry> + <!--secrets and algorithms for request consent token--> + <entry key="lightToken.proxyservice.request.secret">mySecretProxyserviceRequest</entry> + <entry key="lightToken.proxyservice.request.algorithm">SHA-256</entry> + + <!-- issuer name --> + <entry key="lightToken.proxyservice.response.issuer.name">specificCommunicationDefinitionProxyserviceResponse</entry> + <entry key="lightToken.proxyservice.response.node.id">specificProxyService</entry> + <!--secrets and algorithms for response consent token--> + <entry key="lightToken.proxyservice.response.secret">mySecretProxyserviceResponse</entry> + <entry key="lightToken.proxyservice.response.algorithm">SHA-256</entry> + + <!--The value of incoming Light Response maximum number characters allowed--> + <entry key="incoming.lightResponse.max.number.characters">65535</entry> +</properties> diff --git a/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties b/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties new file mode 100644 index 00000000..8cd77046 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties @@ -0,0 +1,116 @@ +## Set Spring-Boot profile-configuration to 2.3 style +spring.config.use-legacy-processing=true + +## ApplicationServer configuration +server.servlet.contextPath=/ms_proxyservice +#server.port=7080 + +app.build.artifactId=ms_proxyservice + + + +############################################################################# +## SpringBoot Admin client +spring.boot.admin.client.enabled=false + +############################################################################# +## SpringBoot Actuator +management.endpoints.web.exposure.include=health,info + +############################################################################# +## Common parts of MS-speccific eIDAS application configuration + +eidas.ms.context.url.prefix=https://localhost/ms_proxy/ +eidas.ms.context.url.request.validation=false +eidas.ms.core.configRootDir=file:./src/test/resources/config/ +eidas.ms.context.use.clustermode=true +eidas.ms.core.logging.level.info.errorcodes=auth.21 + +##Monitoring +eidas.ms.monitoring.eIDASNode.metadata.url= + + +##Specific logger configuration +eidas.ms.technicallog.write.MDS.into.techlog=true +eidas.ms.revisionlog.write.MDS.into.revisionlog=true +eidas.ms.revisionlog.logIPAddressOfUser=true + + +##Directory for static Web content +eidas.ms.webcontent.static.directory=webcontent/ +eidas.ms.webcontent.templates=templates/ +eidas.ms.webcontent.properties=properties/messages + + +## extended validation of pending-request Id's +eidas.ms.core.pendingrequestid.maxlifetime=300 +eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256 +eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret + + +## HTTP-client defaults +eidas.ms.client.http.connection.timeout.socket=15 +eidas.ms.client.http.connection.timeout.connection=15 +eidas.ms.client.http.connection.timeout.request=15 + + +## Common PVP2 S-Profile (SAML2) configuration +eidas.ms.pvp2.metadata.organisation.name=JUnit +eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.pvp2.metadata.organisation.url=http://junit.test +eidas.ms.pvp2.metadata.contact.givenname=Max +eidas.ms.pvp2.metadata.contact.surname=Mustermann +eidas.ms.pvp2.metadata.contact.email=max@junit.test + +##only for advanced config +eidas.ms.configuration.pvp.scheme.validation=true +eidas.ms.configuration.pvp.enable.entitycategories=false + + +############################################################################# +## MS-speccific eIDAS-Proxy-Service configuration + + +#### eIDAS ms-specific Proxy-Service configuration +eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy +eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://localhost/EidasNode +eidas.ms.auth.eIDAS.node_v2.forward.method=POST + +# Mandate configuration +eidas.ms.auth.eIDAS.proxy.mandates.enabled=false +#eidas.ms.auth.eIDAS.proxy.mandates.profiles.natural.default= +#eidas.ms.auth.eIDAS.proxy.mandates.profiles.legal.default= + + +## special foreign eIDAS-Connector configuration +#eidas.ms.connector.0.uniqueID=https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata +#eidas.ms.connector.0.countryCode=CC +#eidas.ms.connector.0.mandates.enabled=false +#eidas.ms.connector.0.mandates.natural= +#eidas.ms.connector.0.mandates.legal= +#eidas.ms.connector.0.auth.idaustria.entityId= + + +## PVP2 S-Profile communication with ID Austria System +# EntityId and optional metadata of ID Austria System +eidas.ms.modules.idaustriaauth.idp.entityId=classpath:/data/idp_metadata_classpath_entity.xml +#eidas.ms.modules.idaustriaauth.idp.metadataUrl= + +# SAML2 client configuration +eidas.ms.modules.idaustriaauth.keystore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaauth.keystore.password=password +eidas.ms.modules.idaustriaauth.keystore.type=jks + +eidas.ms.modules.idaustriaauth.metadata.sign.alias=meta +eidas.ms.modules.idaustriaauth.metadata.sign.password=password +eidas.ms.modules.idaustriaauth.request.sign.alias=sig +eidas.ms.modules.idaustriaauth.request.sign.password=password +eidas.ms.modules.idaustriaauth.response.encryption.alias=enc +eidas.ms.modules.idaustriaauth.response.encryption.password=password + +eidas.ms.modules.idaustriaauth.truststore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaauth.truststore.password=password +eidas.ms.modules.idaustriaauth.truststore.type=jks + + + diff --git a/ms_specific_proxyservice/src/test/resources/config/keys/Metadata.pem b/ms_specific_proxyservice/src/test/resources/config/keys/Metadata.pem new file mode 100644 index 00000000..b544c194 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/keys/Metadata.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC+jCCAeKgAwIBAgIEXjF+fTANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJB +VDENMAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxETAPBgNVBAMMCE1ldGFk +YXRhMB4XDTIwMDEyOTEyNDU0OVoXDTI2MDEyODEyNDU0OVowPzELMAkGA1UEBhMC +QVQxDTALBgNVBAcMBEVHSVoxDjAMBgNVBAoMBWpVbml0MREwDwYDVQQDDAhNZXRh +ZGF0YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK230G3dxNbNlSYA +O5Kx/Js0aBAgxMt7q9m+dA35fK/dOvF/GjrqjWsMCnax+no9gLnq6x0gXiJclz6H +rp/YDOfLrJjMpNL/r0FWT947vbnEj7eT8TdY5d6Yi8AZulZmjiCI5nbZh2zwrP4+ +WqRroLoPhXQj8mDyp26M4xHBBUhLMRc2HV4S+XH4uNZ/vTmb8vBg31XGHCY33gl7 +/KA54JNGxJdN8Dxv6yHYsm91ZfVrX39W0iYLUNhUCkolwuQmjDVfrExM8BTLIONb +f+erJoCm3A9ghZyDYRQ/e69/UEUqDa6XOzykr88INkQscEiAXCDS+EBPMpKo+t3l +PIA9r7kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAh/2mg4S03bdZy1OVtEAudBT9 +YZb9OF34hxPtNbkB/V04wSIg1d4TBr5KDhV7CdiUOxPZzHpS8LUCgfGX306FB6NX +zh/b67uTOPaE72AB4VIT/Np0fsM7k5WhG9k9NoprIGiqCz2lXcfpZiT+LtSO1vWS +YI87wR9KOSWjcw/5i5qZIAJuwvLCQj5JtUsmrhHK75222J3TJf4dS/gfN4xfY2rW +9vcXtH6//8WdWp/zx9V7Z1ZsDb8TDKtBCEGuFDgVeU5ScKtVq8qRoUKD3Ve76cZi +purO3KrRrVAuZP2EfLkZdHEHqe8GPigNnZ5kTn8V2VJ3iRAQ73hpJRR98tFd0A== +-----END CERTIFICATE----- diff --git a/ms_specific_proxyservice/src/test/resources/config/keys/junit.jks b/ms_specific_proxyservice/src/test/resources/config/keys/junit.jks Binary files differnew file mode 100644 index 00000000..59e6ad13 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/keys/junit.jks diff --git a/ms_specific_proxyservice/src/test/resources/config/keys/junit_test.jks b/ms_specific_proxyservice/src/test/resources/config/keys/junit_test.jks Binary files differnew file mode 100644 index 00000000..ee6254a9 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/keys/junit_test.jks diff --git a/ms_specific_proxyservice/src/test/resources/config/keys/teststore.jks b/ms_specific_proxyservice/src/test/resources/config/keys/teststore.jks Binary files differnew file mode 100644 index 00000000..fcc6400c --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/keys/teststore.jks diff --git a/ms_specific_proxyservice/src/test/resources/config/logback_config.xml b/ms_specific_proxyservice/src/test/resources/config/logback_config.xml new file mode 100644 index 00000000..bb3de3e8 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/logback_config.xml @@ -0,0 +1,102 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<!-- For assistance related to logback-translator or configuration --> +<!-- files in general, please contact the logback user mailing list --> +<!-- at http://www.qos.ch/mailman/listinfo/logback-user --> +<!-- --> +<!-- For professional support please see --> +<!-- http://www.qos.ch/shop/products/professionalSupport --> +<!-- --> +<configuration> + <appender name="EIDASNODE" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <File>${catalina.base}/logs/eIDAS_node.log</File> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern> + </encoder> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <maxIndex>9999</maxIndex> + <FileNamePattern>${catalina.base}/logs/eIDAS_node.log.%i</FileNamePattern> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <MaxFileSize>10000KB</MaxFileSize> + </triggeringPolicy> + </appender> + <appender name="msnode" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <File>${catalina.base}/logs/eidas-ms-reversion.log</File> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern> + </encoder> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <maxIndex>9999</maxIndex> + <FileNamePattern>${catalina.base}/logs/eidas-ms-reversion.log.%i</FileNamePattern> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <MaxFileSize>10000KB</MaxFileSize> + </triggeringPolicy> + </appender> + <appender name="reversion" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <File>${catalina.base}/logs/eidas-ms-reversion.log</File> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern> + </encoder> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <maxIndex>9999</maxIndex> + <FileNamePattern>${catalina.base}/logs/eidas-ms-reversion.log.%i</FileNamePattern> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <MaxFileSize>10000KB</MaxFileSize> + </triggeringPolicy> + </appender> + <appender name="statistic" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <File>${catalina.base}/logs/eidas-ms-statistic.log</File> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern> + </encoder> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <maxIndex>9999</maxIndex> + <FileNamePattern>${catalina.base}/logs/eidas-ms-statistic.log.%i</FileNamePattern> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <MaxFileSize>10000KB</MaxFileSize> + </triggeringPolicy> + </appender> + <appender name="stdout" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <File>${catalina.base}/logs/console.log</File> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern> + </encoder> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <maxIndex>9999</maxIndex> + <FileNamePattern>${catalina.base}/logs/console.log.%i</FileNamePattern> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <MaxFileSize>10000KB</MaxFileSize> + </triggeringPolicy> + </appender> + <appender name="console" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n</pattern> + </encoder> + </appender> + <logger name="eu.eidas" additivity="false" level="info"> + <appender-ref ref="EIDASNODE"/> + </logger> + <logger name="at.gv.egiz.eidas.specific" additivity="false" level="info"> + <appender-ref ref="msnode"/> + </logger> + <logger name="at.gv.egiz.eidas.specific.core.logger.RevisionLogger" additivity="false" level="info"> + <appender-ref ref="reversion"/> + </logger> + <logger name="at.gv.egiz.eidas.specific.core.logger.StatisticLogger" additivity="false" level="info"> + <appender-ref ref="statistic"/> + </logger> + <root level="warn"> + <appender-ref ref="stdout"/> + <appender-ref ref="console"/> + </root> +</configuration> diff --git a/ms_specific_proxyservice/src/test/resources/config/properties/messages.properties b/ms_specific_proxyservice/src/test/resources/config/properties/messages.properties new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/properties/messages.properties diff --git a/ms_specific_proxyservice/src/test/resources/config/properties/messages_de.properties b/ms_specific_proxyservice/src/test/resources/config/properties/messages_de.properties new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/properties/messages_de.properties diff --git a/ms_specific_proxyservice/src/test/resources/config/properties/messages_en.properties b/ms_specific_proxyservice/src/test/resources/config/properties/messages_en.properties new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/properties/messages_en.properties diff --git a/ms_specific_proxyservice/src/test/resources/config/templates/eidas_node_forward.html b/ms_specific_proxyservice/src/test/resources/config/templates/eidas_node_forward.html new file mode 100644 index 00000000..6dffa34b --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/templates/eidas_node_forward.html @@ -0,0 +1,36 @@ +<!DOCTYPE html> +<html xmlns:th="http://www.thymeleaf.org" + xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout" + layout:decorator="fragments/base" + th:with="lang=${#locale.language}" th:lang="${lang}"> +<head> + <script src="../webcontent/autocommit.js" + th:attr="src=@{/autocommit.js}"></script> +</head> +<body> + <noscript> + <p> + <strong>Note:</strong> Since your browser does not support + JavaScript, you must press the Continue button once to proceed. + </p> + </noscript> + + <div id="alert">Your login is being processed. Thank you for + waiting.</div> + + <form action="${endPoint}" method="post" target="_parent" + th:attr="action=@{${endPoint}}"> + <div> + <input type="hidden" name="${tokenName}" value="${tokenValue}" + th:attr="value=${tokenValue},name=${tokenName}" /> + </div> + <noscript> + <div> + <p>Your browser does not support JavaScript. Click the button to continuing the process .</p> + <input type="submit" value="Continue" /> + </div> + </noscript> + </form> + +</body> +</html>
\ No newline at end of file diff --git a/ms_specific_proxyservice/src/test/resources/config/templates/error.html b/ms_specific_proxyservice/src/test/resources/config/templates/error.html new file mode 100644 index 00000000..21f589cd --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/templates/error.html @@ -0,0 +1,53 @@ +<!DOCTYPE HTML> +<html xmlns:th="http://www.thymeleaf.org" + xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout" + layout:decorator="fragments/base" + th:with="lang=${#locale.language}" th:lang="${lang}"> + +<meta content="text/html; charset=utf-8" http-equiv="Content-Type"> +<link rel="stylesheet" href="../webcontent/css/css_error.css" th:href="@{/css/css_error.css}"/> + +<title th:text="#{gui.errorpage.msg.title}">An error arise ... </title> +</head> + +<body> +<div id="page"> + <div id="page1" class="case selected-case" role="main"> + <div class="hell" role="application"> + <h2 class="OA_header" role="heading" th:text="#{gui.errorpage.msg.title}">Error Header</h2> + + <div id="alert_area" class="hell" role="application"> + <p th:text="#{gui.errorpage.msg.information}">Error Information</p> + <br/> + <p><b th:text="#{gui.errorpage.msg.errorcode}">Code :</b> <span th:text="${errorCode}"></span></p> + <p><b th:text="#{gui.errorpage.msg.errormsg}">Msg :</b> <span + th:text="${#messages.msgWithParams('__${errorCode}__', '__${errorParams}__')}"></span></p> + </div> + </div> + + <div th:if="${timestamp}"> + <p><b>Timestamp:</b> <span th:text="${timestamp}"></span></p> + </div> + <div th:if="${error}"> + <p><b>Error:</b> <span th:text="${error}"></span></p> + </div> + <div th:if="${status}"> + <p><b>Status:</b> <span th:text="${status}"></span></p> + </div> + <div th:if="${message}"> + <p><b>Message:</b> <span th:text="${message}"></span></p> + </div> + <div th:if="${exception}"> + <p><b>Exception:</b> <span th:text="${exception}"></span></p> + </div> + <div th:if="${trace}"> + <p><b>Trace:</b> <span th:text="${trace}"></span></p> + </div> + <div th:if="${Stacktrace}"> + <p><b>Stacktrace:</b> <span th:text="${stacktrace}"></span></p> + </div> + + </div> +</div> +</body> +</html>
\ No newline at end of file diff --git a/ms_specific_proxyservice/src/test/resources/config/templates/error_message.html b/ms_specific_proxyservice/src/test/resources/config/templates/error_message.html new file mode 100644 index 00000000..caaf7136 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/templates/error_message.html @@ -0,0 +1,37 @@ +<!DOCTYPE HTML> +<html xmlns:th="http://www.thymeleaf.org" + xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout" + layout:decorator="fragments/base" + th:with="lang=${#locale.language}" th:lang="${lang}"> + + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <link rel="stylesheet" href="../webcontent/css/css_error.css" th:href="@{/css/css_error.css}" /> + + <title th:text="#{gui.errorpage.msg.title}">An error arise ... </title> +</head> + +<body> + <div id="page"> + <div id="page1" class="case selected-case" role="main"> + <h2 class="OA_header" role="heading">Authentication error arise</h2> + + <div class="hell" role="application" > + <h2 class="OA_header" role="heading" th:text="#{gui.errorpage.msg.title}">Error Header</h2> + + <div id="alert_area" class="hell" role="application" > + <p th:text="#{gui.errorpage.msg.information}">Error Information</p> + <br/> + <p><b th:text="#{gui.errorpage.msg.errorcode}">Code :</b> <span th:text="${errorCode}"></span></p> + <p><b th:text="#{gui.errorpage.msg.errormsg}">Msg :</b > <span th:text="${#messages.msgWithParams('__${errorCode}__', '__${errorParams}__')}"></span></p> + </div> + <!-- errorMsg --> + </div> + + <div th:if="${stacktrace}"> + <p><b th:text="#{gui.errorpage.msg.stacktrace}">fullError</b> <span th:text="${stacktrace}"></span></p> + </div> + + </div> + </div> +</body> +</html>
\ No newline at end of file diff --git a/ms_specific_proxyservice/src/test/resources/config/templates/pvp2_post_binding.html b/ms_specific_proxyservice/src/test/resources/config/templates/pvp2_post_binding.html new file mode 100644 index 00000000..06b9b494 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/templates/pvp2_post_binding.html @@ -0,0 +1,36 @@ +## ## Velocity Template for SAML 2 HTTP-POST binding ## ## Velocity +##context may contain the following properties ## action - String - the +##action URL for the form ## RelayState - String - the relay state for the +##message ## SAMLRequest - String - the Base64 encoded SAML Request ## +##SAMLResponse - String - the Base64 encoded SAML Response +<!DOCTYPE html> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> +<head> + <script src="/autocommit.js"></script> +</head> +<body> + <noscript> + <p> + <strong>Note:</strong> Since your browser does not support + JavaScript, you must press the Continue button once to proceed. + </p> + </noscript> + + <div id="alert">Your login is being processed. Thank you for + waiting.</div> + + <form action="${action}" method="post" target="_parent"> + <div> + #if($RelayState) <input type="hidden" name="RelayState" value="${RelayState}"/> #end + #if($SAMLRequest) <input type="hidden" name="SAMLRequest" value="${SAMLRequest}" /> #end + #if($SAMLResponse) <input type="hidden" name="SAMLResponse" value="${SAMLResponse}" /> #end + </div> + <noscript> + <div> + <input type="submit" value="Continue" /> + </div> + </noscript> + </form> + +</body> +</html>
\ No newline at end of file diff --git a/ms_specific_proxyservice/src/test/resources/config/webcontent/autocommit.js b/ms_specific_proxyservice/src/test/resources/config/webcontent/autocommit.js new file mode 100644 index 00000000..d21a5651 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/webcontent/autocommit.js @@ -0,0 +1,5 @@ +function autoCommmit() { + document.forms[0].submit(); +} + +document.addEventListener('DOMContentLoaded', autoCommmit);
\ No newline at end of file diff --git a/ms_specific_proxyservice/src/test/resources/config/webcontent/css/css_error.css b/ms_specific_proxyservice/src/test/resources/config/webcontent/css/css_error.css new file mode 100644 index 00000000..d772df43 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/webcontent/css/css_error.css @@ -0,0 +1,26 @@ +@charset "utf-8"; + body { + padding-left: 5%; + background-color: #F9F9F9; + } + #page { + padding-top: 2%; + padding-right: 10%; + padding-left: 5%; + } + + .OA_header { + font-size: 2.1em; + padding-top:1%; + margin-bottom: 1%; + margin-top: 1%; + + } + + #alert_area { + float:left; + width: 100%; + } + + + diff --git a/ms_specific_proxyservice/src/test/resources/config/webcontent/img/ajax-loader.gif b/ms_specific_proxyservice/src/test/resources/config/webcontent/img/ajax-loader.gif Binary files differnew file mode 100644 index 00000000..f2a1bc0c --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/webcontent/img/ajax-loader.gif diff --git a/ms_specific_proxyservice/src/test/resources/data/Response_with_EID.xml b/ms_specific_proxyservice/src/test/resources/data/Response_with_EID.xml new file mode 100644 index 00000000..cf37a235 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/data/Response_with_EID.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="UTF-8"?> +<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/ms_proxy/sp/idaustria/eidas/post" ID="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema"> + <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer> + <saml2p:Status> + <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> + </saml2p:Status> + <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_602c3236bffaf71ac3ac88674e76ff9f" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0"> + <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer> + <saml2:Subject> + <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID> + <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> + <saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/ms_proxy/sp/eidas/post"/> + </saml2:SubjectConfirmation> + </saml2:Subject> + <saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2035-03-05T06:44:51.017Z"> + <saml2:AudienceRestriction> + <saml2:Audience>https://localhost/ms_proxy/sp/idaustria/eidas/metadata</saml2:Audience> + </saml2:AudienceRestriction> + </saml2:Conditions> + <saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406"> + <saml2:AuthnContext> + <saml2:AuthnContextClassRef>http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef> + </saml2:AuthnContext> + </saml2:AuthnStatement> + <saml2:AttributeStatement> + <saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> + <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">2.2</saml2:AttributeValue> + </saml2:Attribute> + <saml2:Attribute FriendlyName="EID-CITIZEN-QAA- EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> + <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">http://eidas.europa.eu/LoA/high</saml2:AttributeValue> + </saml2:Attribute> + <saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> + <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AT</saml2:AttributeValue> + </saml2:Attribute> + <saml2:Attribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> + <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Mustermann</saml2:AttributeValue> + </saml2:Attribute> + <saml2:Attribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> + <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Max</saml2:AttributeValue> + </saml2:Attribute> + <saml2:Attribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> + <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1940-01-01</saml2:AttributeValue> + </saml2:Attribute> + <saml2:Attribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> + <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AT+XX:QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:AttributeValue> + </saml2:Attribute> + </saml2:AttributeStatement> + </saml2:Assertion> +</saml2p:Response> diff --git a/ms_specific_proxyservice/src/test/resources/data/idp_metadata_classpath_entity.xml b/ms_specific_proxyservice/src/test/resources/data/idp_metadata_classpath_entity.xml new file mode 100644 index 00000000..de565887 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/data/idp_metadata_classpath_entity.xml @@ -0,0 +1,146 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + ID="_1a48ec3432f2f3ba6222724a5b06f873" + entityID="classpath:/data/idp_metadata_classpath_entity.xml" + validUntil="2045-02-06T08:47:26.211Z"> + <md:IDPSSODescriptor + WantAuthnRequestsSigned="true" + protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo + xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:X509Data> + <ds:X509Certificate>MIIDMzCCAhsCBFtIcPowDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH + SVoxJDAiBgNVBAsMG2NlbnRyYWwgbmF0aW9uYWwgZUlEQVMgbm9kZTEaMBgGA1UEAwwRQXNzZXJ0 + aW9uIHNpZ25pbmcwHhcNMTgwNzEzMDkyOTMwWhcNMjEwNDA3MDkyOTMwWjBeMQswCQYDVQQGEwJB + VDENMAsGA1UECgwERUdJWjEkMCIGA1UECwwbY2VudHJhbCBuYXRpb25hbCBlSURBUyBub2RlMRow + GAYDVQQDDBFBc3NlcnRpb24gc2lnbmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB + AJ5zDYxMPRcz6AHaev1tS46Tq8sdgbGFM56uxk6c7LmMDC+HTzNX/3Q5S/YwSzgL3ue5TSw1ltOf + yMXMZ6D0+buWWcsxGEkQ8M3adKRFdQrEwafzwTA7pguq5WiHOkr4qwR7dLMome9z5cc3LRcwdOPP + gq7ahb5jM3hRqc5xkMWIuvql0NFXPzlHrjDLwy5nIWPOhL5abhVt4YsXbpbjXxFSGkDEAZ32K3EU + LNBr9FSUmJfbrVX9AU2T+BKIwiqXP8e/3UJHgPHQ0l5ljWp5P6u5+tvM21o8sUM4eArRa8BkdRsP + C92GVuASSUz2ZJ3JhAK1cSM8bnvaZVLQtTvPMAcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAp7z + TubWXW6YMpyLSvWBdZiiQ3X66XpSZLZJDIAkoPzEY0DSBp8I5YASIx4JTR5XJt+6MI9acgNIAYW8 + DhtRwUMVaRWEtuCrfKhGLWm5KSxnhPcD3lzRZhY4ZcA7dUlirjf6hnqo2TFEmJ9fkM+rxwy1GkDD + 7j2YDSOFmSq9/Ud9/IbIfSnRu/lO0dh7iRrmg3y0Y/+plPxYmp4AHqehP11OchTz2FGGHVsSC2Vs + IVBQI6ANZYyOlicgfEEFHA06jP9OnA0EwEFr2P+di9caZg8vfibyzxMGeuf6CY0c0eLHokBCn2W8 + vkzvWiER3pozRvCmXFjCVZfRjUunaJf2ow== + </ds:X509Certificate> + </ds:X509Data> + <ds:X509Data> + <ds:X509Certificate>MIIC+DCCAeCgAwIBAgIEXh7TbTANBgkqhkiG9w0BAQsFADA+MQswCQYDVQQGEwJB + VDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxEDAOBgNVBAMMB3NpZ25p + bmcwHhcNMjAwMTE1MDg1NTA5WhcNMjkwMTE0MDg1NTA5WjA+MQswCQYDVQQGEwJB + VDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxEDAOBgNVBAMMB3NpZ25p + bmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUSiRjnDvPafZfhJ+L + 1wM86FKJX3VIAV/8TD9qJ6HOBkn5WwYfpheyCfRb6XVDyIGpO8qnMWAgC17Ngbmh + zj8d8HXNQ2l3uppMv24oUTfXyYhQfZWAghx0sTlRIx/ZmlnduJilx2S53Sa7ruJw + lQcBFXj9h9B8dtyegc86Sx6D9BumP1xU7+mEBk8Gv9rR5Khg0Y7qGfZWB0t4aikg + aupWveVwiGifOOSfR8czqIg9qUpMYfZiTEBTSRmN6sPiNWhd4J0GyAI9Rn5C9jz/ + sSlQrxpN+4DXzsqSU5F6gzq3yRux6wyOzDlt2birf21VPQ9HIy4YCjZXwgDWG7AO + 821pAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADnwdaxUtQU6SIpYwIb2c0ljTmQi + 7ryUcUpNHtK0M0E5Mw5Ex8zwrWbNQZ2sUyc4r07M66iOIqHsYZUQlRYvVKHifDpA + r8TCgD7iGGdB3By8Ou0RaNW+03w1fwmi98CufbHCGvpv0o2KxlejoHZminNdQ79i + bN+01nhocezJQATEQlnwHLiQSjilXpZeLYDk8HbrcUXNRxezN4ChdH+uU54vf+Ux + qcj9QHcmBe1+BM8EXfqS1DbTwZl+NTCnh5OYl8fvIFSOHMBxwFrI4pyY0faxg9Uc + rCogn/oQ+mV1gnVUDaDhvvEnVGZQtrlt7heVId2BeNellVgsrcmdW8j4U9U= + </ds:X509Certificate> + </ds:X509Data> + <ds:X509Data> + <ds:X509Certificate>MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDEN + MAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRh + MB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQx + DTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0 + YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SY + O4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYI + KoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImn + AiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA== + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + </md:NameIDFormat> + <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient + </md:NameIDFormat> + <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + </md:NameIDFormat> + <md:SingleSignOnService + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" + Location="https://vidp.gv.at/ms_connector/pvp/post" /> + <md:SingleSignOnService + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" + Location="https://vidp.gv.at/ms_connector/pvp/redirect" /> + <saml2:Attribute + xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" + FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" + NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /> + <saml2:Attribute + xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" + FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" + NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /> + <saml2:Attribute + xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" + FriendlyName="PRINCIPAL-NAME" + Name="urn:oid:1.2.40.0.10.2.1.1.261.20" + NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /> + <saml2:Attribute + xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" + FriendlyName="EID-CCS-URL" Name="urn:oid:1.2.40.0.10.2.1.1.261.64" + NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /> + <saml2:Attribute + xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" + FriendlyName="EID-ISSUING-NATION" + Name="urn:oid:1.2.40.0.10.2.1.1.261.32" + NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /> + <saml2:Attribute + xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" + FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" + NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /> + <saml2:Attribute + xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" + FriendlyName="EID-SOURCE-PIN" + Name="urn:oid:1.2.40.0.10.2.1.1.261.36" + NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /> + <saml2:Attribute + xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" + FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" + NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /> + <saml2:Attribute + xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" + FriendlyName="EID-SIGNER-CERTIFICATE" + Name="urn:oid:1.2.40.0.10.2.1.1.261.66" + NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /> + <saml2:Attribute + xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" + FriendlyName="EID-SECTOR-FOR-IDENTIFIER" + Name="urn:oid:1.2.40.0.10.2.1.1.261.34" + NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /> + <saml2:Attribute + xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" + FriendlyName="EID-SOURCE-PIN-TYPE" + Name="urn:oid:1.2.40.0.10.2.1.1.261.104" + NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /> + <saml2:Attribute + xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" + FriendlyName="EID-E-ID-TOKEN" + Name="urn:oid:1.2.40.0.10.2.1.1.261.39" + NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /> + <saml2:Attribute + xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" + FriendlyName="EID-IDENTITY-LINK" + Name="urn:oid:1.2.40.0.10.2.1.1.261.38" + NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /> + <saml2:Attribute + xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" + FriendlyName="EID-CITIZEN-QAA-EIDAS-LEVEL" + Name="urn:oid:1.2.40.0.10.2.1.1.261.108" + NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /> + <saml2:Attribute + xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" + FriendlyName="EID-IDENTITY-STATUS-LEVEL" + Name="urn:oid:1.2.40.0.10.2.1.1.261.109" + NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /> + </md:IDPSSODescriptor> +</md:EntityDescriptor> |