diff options
25 files changed, 873 insertions, 223 deletions
| diff --git a/connector/pom.xml b/connector/pom.xml index 36a6d9df..c2039ad7 100644 --- a/connector/pom.xml +++ b/connector/pom.xml @@ -43,6 +43,15 @@        <artifactId>authmodule-eIDAS-v2</artifactId>      </dependency> +    <dependency> +      <groupId>at.gv.egiz.eaaf</groupId> +      <artifactId>eaaf_module_pvp2_core</artifactId> +    </dependency> +    <dependency> +      <groupId>at.gv.egiz.eaaf</groupId> +      <artifactId>eaaf_module_pvp2_sp</artifactId> +    </dependency> +      <!-- Third party libs -->             <dependency>        <groupId>org.springframework.boot</groupId> diff --git a/connector/src/main/resources/properties/status_messages_en.properties b/connector/src/main/resources/properties/status_messages_en.properties index c430fc90..9dcbe1a1 100644 --- a/connector/src/main/resources/properties/status_messages_en.properties +++ b/connector/src/main/resources/properties/status_messages_en.properties @@ -8,6 +8,7 @@ eidas.06=LoA from eIDAS response-message {0} does not match to requested LoA  eidas.07=eIDAS Response attribute-validation FAILED. Attribute:{0} Reason: {1}  eidas.08=An unexpected error occurred.  eidas.09=An error occurred while loading your data from official registers. Please contact the support. +eidas.10=Invalid user input.  config.01=No configuration-file parameter found. Maybe Java SystemD parameter is missing diff --git a/connector_lib/pom.xml b/connector_lib/pom.xml index f24a2801..8ed561f3 100644 --- a/connector_lib/pom.xml +++ b/connector_lib/pom.xml @@ -62,6 +62,14 @@        <type>test-jar</type>      </dependency> +    <dependency> +      <groupId>at.gv.egiz.eaaf</groupId> +      <artifactId>eaaf_module_pvp2_core</artifactId> +    </dependency> +    <dependency> +      <groupId>at.gv.egiz.eaaf</groupId> +      <artifactId>eaaf_module_pvp2_sp</artifactId> +    </dependency>    </dependencies>    <build> diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml index f578c52d..6773cc41 100644 --- a/eidas_modules/authmodule-eIDAS-v2/pom.xml +++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml @@ -51,6 +51,15 @@      </dependency>      <dependency> +      <groupId>at.gv.egiz.eaaf</groupId> +      <artifactId>eaaf_module_pvp2_core</artifactId> +    </dependency> +    <dependency> +      <groupId>at.gv.egiz.eaaf</groupId> +      <artifactId>eaaf_module_pvp2_sp</artifactId> +    </dependency> + +    <dependency>        <groupId>iaik.prod</groupId>        <artifactId>iaik_jce_full</artifactId>        <version>5.52_moa</version> @@ -189,17 +198,7 @@        <artifactId>jose4j</artifactId>        <version>0.7.2</version>      </dependency> -      <dependency> -          <groupId>at.gv.egiz.eaaf</groupId> -          <artifactId>eaaf_module_pvp2_core</artifactId> -          <version>1.1.11</version> -          <scope>compile</scope> -      </dependency> -    <dependency> -      <groupId>at.gv.egiz.eaaf</groupId> -      <artifactId>eaaf_module_pvp2_sp</artifactId> -      <scope>compile</scope> -    </dependency> +    </dependencies>    <build> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 858637e9..ba57b28e 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -180,4 +180,12 @@ public class Constants {    public static final String COUNTRY_CODE_DE = "DE";    public static final String COUNTRY_CODE_IT = "IT"; + +  public static final String TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK = "TASK_CreateNewErnpEntryTask"; +  public static final String TRANSITION_TO_CREATE_GENERATE_GUI_TASK = "TASK_GenerateGuiTask"; +  public static final String TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK = +      "Task_GenerateGuiQueryAustrianResidenceTask"; +  public static final String TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK = +      "TASK_GenerateMobilePhoneSignatureRequestTask"; +  public static final String TRANSITION_TO_GENERATE_EIDAS_LOGIN = "TASK_TODO";  } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java new file mode 100644 index 00000000..f28d8afa --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java @@ -0,0 +1,33 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; + +public class InvalidUserInputException extends EidasSAuthenticationException { +  private static final long serialVersionUID = 1L; + +  public InvalidUserInputException() { +    super("eidas.10", null); +  } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java new file mode 100644 index 00000000..30c8b65f --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java @@ -0,0 +1,121 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml.saml2.metadata.ContactPerson; +import org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration; +import org.opensaml.saml.saml2.metadata.EmailAddress; +import org.opensaml.saml.saml2.metadata.GivenName; +import org.opensaml.saml.saml2.metadata.Organization; +import org.opensaml.saml.saml2.metadata.OrganizationDisplayName; +import org.opensaml.saml.saml2.metadata.OrganizationName; +import org.opensaml.saml.saml2.metadata.OrganizationURL; +import org.opensaml.saml.saml2.metadata.SurName; +import org.springframework.beans.factory.annotation.Autowired; + +import java.util.Arrays; +import java.util.List; + +public class IdAustriaAuthPvpConfiguration implements IPvp2BasicConfiguration { + +  private static final String DEFAULT_XML_LANG = "en"; + +  @Autowired +  private IConfiguration basicConfig; + +  @Override +  public String getIdpEntityId(String authUrl) throws EaafException { +    return authUrl + IdAustriaClientAuthConstants.ENDPOINT_METADATA; + +  } + +  @Override +  public String getIdpSsoPostService(String authUrl) throws EaafException { +    return null; + +  } + +  @Override +  public String getIdpSsoRedirectService(String authUrl) throws EaafException { +    return null; + +  } + +  @Override +  public String getIdpSsoSoapService(String extractAuthUrlFromRequest) throws EaafException { +    return null; + +  } + +  @Override +  public List<ContactPerson> getIdpContacts() throws EaafException { +    final ContactPerson contactPerson = Saml2Utils.createSamlObject(ContactPerson.class); +    final GivenName givenName = Saml2Utils.createSamlObject(GivenName.class); +    final SurName surname = Saml2Utils.createSamlObject(SurName.class); +    final EmailAddress emailAddress = Saml2Utils.createSamlObject(EmailAddress.class); + +    givenName.setName(getAndVerifyFromConfiguration( +        IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_GIVENNAME)); +    surname.setName(getAndVerifyFromConfiguration( +        IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_SURNAME)); +    emailAddress.setAddress(getAndVerifyFromConfiguration( +        IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_EMAIL)); + +    contactPerson.setType(ContactPersonTypeEnumeration.TECHNICAL); +    contactPerson.setGivenName(givenName); +    contactPerson.setSurName(surname); +    contactPerson.getEmailAddresses().add(emailAddress); + +    return Arrays.asList(contactPerson); + +  } + +  @Override +  public Organization getIdpOrganisation() throws EaafException { +    final Organization organisation = Saml2Utils.createSamlObject(Organization.class); +    final OrganizationName orgName = Saml2Utils.createSamlObject(OrganizationName.class); +    final OrganizationDisplayName orgDisplayName = Saml2Utils.createSamlObject(OrganizationDisplayName.class); +    final OrganizationURL orgUrl = Saml2Utils.createSamlObject(OrganizationURL.class); + +    orgName.setXMLLang(DEFAULT_XML_LANG); +    orgName.setValue(getAndVerifyFromConfiguration( +        IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_NAME)); + +    orgDisplayName.setXMLLang(DEFAULT_XML_LANG); +    orgDisplayName.setValue(getAndVerifyFromConfiguration( +        IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME)); + +    orgUrl.setXMLLang(DEFAULT_XML_LANG); +    orgUrl.setValue(getAndVerifyFromConfiguration( +        IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_URL)); + + +    organisation.getOrganizationNames().add(orgName); +    organisation.getDisplayNames().add(orgDisplayName); +    organisation.getURLs().add(orgUrl); + +    return organisation; +  } + + +  @Override +  public IConfiguration getBasicConfiguration() { +    return basicConfig; + +  } + +  private String getAndVerifyFromConfiguration(String configKey) throws EaafConfigurationException { +    final String value = basicConfig.getBasicConfiguration(configKey); +    if (StringUtils.isEmpty(value)) { +      throw new EaafConfigurationException("module.eidasauth.00", +          new Object[]{configKey}); + +    } + +    return value; +  } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java index 69386194..2608cad1 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java @@ -19,7 +19,7 @@ public class IdAustriaClientAuthCredentialProvider extends AbstractCredentialPro    @Autowired    IConfiguration authConfig; -  private static final String FRIENDLYNAME = "eIDAS centrial authentication"; +  private static final String FRIENDLYNAME = "ID Austria authentication";    @Override    public KeyStoreConfiguration getBasicKeyStoreConfig() throws EaafConfigurationException { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java index 546a2039..af1ef6f7 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java @@ -82,9 +82,6 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet        log.trace("Starting GenerateMobilePhoneSignatureRequestTask");        //step 15a -      //final IAhSpConfiguration spConfig = pendingReq.getServiceProviderConfiguration( -      //    IAhSpConfiguration.class); -        // get entityID for ms-specific eIDAS node        final String msNodeEntityID = "TODO"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index 99da21a1..2e754e14 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -207,13 +207,13 @@ public class InitialSearchTask extends AbstractAuthServletTask {      MergedRegisterSearchResult mdsSearchResult = new MergedRegisterSearchResult(resultsZmr, resultsErnp);      if (mdsSearchResult.getResultCount() == 0) { -      executionContext.put("TASK_CreateNewErnpEntryTask", true); +      executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK, true);      } else { -      executionContext.put("TASK_GenerateGuiTask", true); +      executionContext.put(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK, true);      }      //TODO implement next phase and return correct value -    return "TODO-Temporary-Endnode-105"; +    return null;    }    private MergedRegisterSearchResult searchInZmrAndErnp(String personIdentifier) { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java index 34fbf507..977262bb 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java @@ -23,7 +23,9 @@  package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient;  import at.gv.egiz.eaaf.core.api.data.EaafConstants;  import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;  import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; @@ -46,33 +48,70 @@ import java.util.Enumeration;  @Component("ReceiveGuiAustrianResidenceResponseTask")  public class ReceiveGuiAustrianResidenceResponseTask extends AbstractAuthServletTask { -  final String loginMethod = "loginSelection"; +  final String formerResidenceAvailableParameterName = "formerResidenceAvailable"; +  final String streetParameterName = "street"; +  final String zipCodeParameterName = "zipcode"; +  final String cityParameterName = "city"; +  private final IZmrClient zmrClient; + +  public ReceiveGuiAustrianResidenceResponseTask(IZmrClient zmrClient) { +    this.zmrClient = zmrClient; +  }    //TODO    @Override    public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)        throws TaskExecutionException { -    try { -      log.trace("Starting ReceiveGuiAustrianResidenceResponseTask"); -      // set parameter execution context -      final Enumeration<String> reqParamNames = request.getParameterNames(); -      while (reqParamNames.hasMoreElements()) { -        final String paramName = reqParamNames.nextElement(); -        if (StringUtils.isNotEmpty(paramName) -            && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) -            && loginMethod.equalsIgnoreCase(paramName)) { -          String value = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); -          SelectedLoginMethod selection = SelectedLoginMethod.valueOf(value); -          executionContext.put(loginMethod, selection); - -        } +    log.trace("Starting ReceiveGuiAustrianResidenceResponseTask"); +    // set parameter execution context +    final Enumeration<String> reqParamNames = request.getParameterNames(); +    String street = null; +    String city = null; +    String zipcode = null; +    Boolean formerResidenceAvailable = false; +    while (reqParamNames.hasMoreElements()) { +      final String paramName = reqParamNames.nextElement(); +      if (StringUtils.isNotEmpty(paramName) +          && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) +          && formerResidenceAvailableParameterName.equalsIgnoreCase(paramName)) { +        formerResidenceAvailable = +            Boolean.parseBoolean(StringEscapeUtils.escapeHtml(request.getParameter(paramName))); +      } +      if (StringUtils.isNotEmpty(paramName) +          && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) +          && streetParameterName.equalsIgnoreCase(paramName)) { +        street = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); +      } +      if (StringUtils.isNotEmpty(paramName) +          && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) +          && cityParameterName.equalsIgnoreCase(paramName)) { +        city = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); +      } +      if (StringUtils.isNotEmpty(paramName) +          && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) +          && zipCodeParameterName.equalsIgnoreCase(paramName)) { +        zipcode = StringEscapeUtils.escapeHtml(request.getParameter(paramName));        } - -    } catch (final Exception e) { -      log.error("Parsing selected login method FAILED.", e); -      throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.", e);      } +    if (formerResidenceAvailable) { +      //step 18 +      if (street.isEmpty() || city.isEmpty() || zipcode.isEmpty()) { +        //form should ensure that mandatory fields are field => +        //this can never happen, expect somebody manipulated the response +        throw new TaskExecutionException(pendingReq, "Invalid user input", new InvalidUserInputException()); +      } +      step18_RegisterSearch(street, city, zipcode);//TODO also MDS? +    } else { +      //step 20 or for now (phase 1) step 9 +      executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK, true); +    } + + +  } + +  private void step18_RegisterSearch(String street, String city, String zipcode) { +    System.out.println(street + city + zipcode + zmrClient);//TODO    }  } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java index fa787792..f8f22ce2 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java @@ -23,7 +23,9 @@  package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;  import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;  import at.gv.egiz.eaaf.core.api.data.EaafConstants;  import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;  import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; @@ -62,7 +64,19 @@ public class ReceiveGuiResponseTask extends AbstractAuthServletTask {            String value = StringEscapeUtils.escapeHtml(request.getParameter(paramName));            SelectedLoginMethod selection = SelectedLoginMethod.valueOf(value);            executionContext.put(loginMethod, selection); - +          switch (selection) { +            case EIDAS_LOGIN: +              executionContext.put(Constants.TRANSITION_TO_GENERATE_EIDAS_LOGIN, true); +              break; +            case MOBILE_PHONE_SIGNATURE_LOGIN: +              executionContext.put(Constants.TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK, true); +              break; +            case NO_OTHER_LOGIN: +              executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); +              break; +            default: +              throw new InvalidUserInputException(); +          }          }        }      } catch (final Exception e) { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java index 9d30b581..8b58f2e1 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java @@ -35,14 +35,13 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustri  import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider;  import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils;  import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;  import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;  import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;  import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;  import at.gv.egiz.eaaf.core.impl.data.Pair;  import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;  import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;  import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;  import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;  import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption; @@ -68,12 +67,13 @@ import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;  import org.springframework.beans.factory.annotation.Autowired;  import org.springframework.stereotype.Component; -import javax.naming.ConfigurationException;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse;  import javax.xml.transform.TransformerException;  import java.io.IOException; +import java.util.HashMap;  import java.util.List; +import java.util.Set;  /**   * Task that searches ErnB and ZMR before adding person to SZR. @@ -132,140 +132,120 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends        InboundMessage msg = null; -      try { +      IDecoder decoder = null; +      EaafUriCompare comperator = null; +      // select Response Binding +      if (request.getMethod().equalsIgnoreCase("POST")) { +        decoder = new PostBinding(); +        comperator = new EaafUriCompare(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_POST); +        log.trace("Receive PVP Response from 'ID Austria node', by using POST-Binding."); -        IDecoder decoder = null; -        EaafUriCompare comperator = null; -        // select Response Binding -        if (request.getMethod().equalsIgnoreCase("POST")) { -          decoder = new PostBinding(); -          comperator = new EaafUriCompare(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_POST); -          log.trace("Receive PVP Response from 'ID Austria node', by using POST-Binding."); +      } else if (request.getMethod().equalsIgnoreCase("GET")) { +        decoder = new RedirectBinding(); +        comperator = new EaafUriCompare(pendingReq.getAuthUrl() +            + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT); +        log.trace("Receive PVP Response from 'ID Austria node', by using Redirect-Binding."); -        } else if (request.getMethod().equalsIgnoreCase("GET")) { -          decoder = new RedirectBinding(); -          comperator = new EaafUriCompare(pendingReq.getAuthUrl() -              + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT); -          log.trace("Receive PVP Response from 'ID Austria node', by using Redirect-Binding."); - -        } else { -          log.warn("Receive PVP Response, but Binding (" -              + request.getMethod() + ") is not supported."); -          throw new AuthnResponseValidationException(ERROR_PVP_03, new Object[]{ -              IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}); - -        } - -        // decode PVP response object -        msg = (InboundMessage) decoder.decode( -            request, response, metadataProvider, IDPSSODescriptor.DEFAULT_ELEMENT_NAME, -            comperator); - -        // validate response signature -        if (!msg.isVerified()) { -          samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine( -              metadataProvider)); -          msg.setVerified(true); - -        } - -        // validate assertion -        final Pair<PvpSProfileResponse, Boolean> processedMsg = -            preProcessAuthResponse((PvpSProfileResponse) msg); - -        //check if SAML2 response contains user-stop decision -        if (processedMsg.getSecond()) { -          stopProcessFromUserDecision(executionContext, request, response); - -        } else { -          // validate entityId of response -          final String msNodeEntityID = authConfig.getBasicConfiguration( -              IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID); -          final String respEntityId = msg.getEntityID(); -          if (!msNodeEntityID.equals(respEntityId)) { -            log.warn("Response Issuer is not a 'ms-specific eIDAS node'. Stopping eIDAS authentication ..."); -            throw new AuthnResponseValidationException(ERROR_PVP_08, -                new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, -                    msg.getEntityID()}); - -          } +      } else { +        log.warn("Receive PVP Response, but Binding (" +            + request.getMethod() + ") is not supported."); +        throw new AuthnResponseValidationException(ERROR_PVP_03, new Object[]{ +            IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}); -          // initialize Attribute extractor -          final AssertionAttributeExtractor extractor = -              new AssertionAttributeExtractor(processedMsg.getFirst().getResponse()); +      } -          getAuthDataFromInterfederation(extractor); +      // decode PVP response object +      msg = (InboundMessage) decoder.decode( +          request, response, metadataProvider, IDPSSODescriptor.DEFAULT_ELEMENT_NAME, +          comperator); -          // set NeedConsent to false, because user gives consont during authentication -          pendingReq.setNeedUserConsent(false); +      // validate response signature +      if (!msg.isVerified()) { +        samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine( +            metadataProvider)); +        msg.setVerified(true); -          // store pending-request -          requestStoreage.storePendingRequest(pendingReq); +      } -          //set E-ID process flag to execution context -          //          final AhAuthProcessDataWrapper session = pendingReq.getSessionData( -          //              AhAuthProcessDataWrapper.class); -          //          executionContext.put(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS, session.isEidProcess()); -          //          executionContext.put(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES, session.isMandateUsed()); +      // validate assertion +      final Pair<PvpSProfileResponse, Boolean> processedMsg = +          preProcessAuthResponse((PvpSProfileResponse) msg); +      //check if SAML2 response contains user-stop decision +      if (processedMsg.getSecond()) { +        stopProcessFromUserDecision(executionContext, request, response); -          log.info("Receive a valid assertion from IDP " + msg.getEntityID()); +      } else { +        // validate entityId of response +        final String msNodeEntityID = authConfig.getBasicConfiguration( +            IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID); +        final String respEntityId = msg.getEntityID(); +        if (!msNodeEntityID.equals(respEntityId)) { +          log.warn("Response Issuer is not a 'ID Austria node'. Stopping eIDAS authentication ..."); +          throw new AuthnResponseValidationException(ERROR_PVP_08, +              new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, +                  msg.getEntityID()});          } -      } catch (final AuthnResponseValidationException e) { -        throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e); - -      } catch (MessageDecodingException | SecurityException | SamlSigningException e) { -        //final String samlRequest = request.getParameter("SAMLRequest"); -        //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}", -        //    samlRequest, null, e); -        throw new TaskExecutionException(pendingReq, ERROR_MSG_00, -            new AuthnResponseValidationException(ERROR_PVP_11, -                new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e)); - -      } catch (IOException | MarshallingException | TransformerException e) { -        log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); -        throw new TaskExecutionException(pendingReq, ERROR_MSG_01, -            new AuthnResponseValidationException(ERROR_PVP_12, -                new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, -                e)); - -      } catch (final CredentialsNotAvailableException e) { -        log.debug("PVP response decrytion FAILED. No credential found.", e); -        throw new TaskExecutionException(pendingReq, ERROR_MSG_02, -            new AuthnResponseValidationException(ERROR_PVP_10, -                new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e)); - -      } catch (final Exception e) { -        log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e); -        throw new TaskExecutionException(pendingReq, ERROR_MSG_03, -            new AuthnResponseValidationException(ERROR_PVP_12, -                new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); +        // initialize Attribute extractor +        final AssertionAttributeExtractor extractor = +            new AssertionAttributeExtractor(processedMsg.getFirst().getResponse()); + +        String bpkzp = getAuthDataFromInterfederation(extractor); + +        MergedRegisterSearchResult result = searchInZmrAndErnp(bpkzp); +        if (result.getResultCount() == 0) { +          //go to step 16 +          executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); +          return; +        } else if (result.getResultCount() == 1) { +          String bpk = +              Utils.step7aKittProcess(ernpClient, zmrClient, initialSearchResult, result, eidData, pendingReq); +          authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); +          //node 110 +        } else if (result.getResultCount() > 1) { +          throw new ManualFixNecessaryException("bpkzp:" + bpkzp);// node 108 +        } -      } +        // set NeedConsent to false, because user gives consont during authentication +        pendingReq.setNeedUserConsent(false); +        log.info("Receive a valid assertion from IDP " + msg.getEntityID()); -      //TODO extract bPK-ZP from response -      String bpkzp = "TODO"; -      MergedRegisterSearchResult result = searchInZmrAndErnp(bpkzp); -      if (result.getResultCount() == 0) { -        //go to step 16 -        //TODO set context variable -        return; -      } else if (result.getResultCount() == 1) { -        String bpk = Utils.step7aKittProcess(ernpClient, zmrClient, initialSearchResult, result, eidData, pendingReq); -        authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); -        //node 110 -        //TODO bpk vs bpkzp???? same? -      } else if (result.getResultCount() > 1) { -        throw new ManualFixNecessaryException("bpkzp:" + bpkzp);// node 108        } +    } catch (final AuthnResponseValidationException e) { +      throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e); + +    } catch (MessageDecodingException | SecurityException | SamlSigningException e) { +      //final String samlRequest = request.getParameter("SAMLRequest"); +      //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}", +      //    samlRequest, null, e); +      throw new TaskExecutionException(pendingReq, ERROR_MSG_00, +          new AuthnResponseValidationException(ERROR_PVP_11, +              new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e)); + +    } catch (IOException | MarshallingException | TransformerException e) { +      log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); +      throw new TaskExecutionException(pendingReq, ERROR_MSG_01, +          new AuthnResponseValidationException(ERROR_PVP_12, +              new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, +              e)); + +    } catch (final CredentialsNotAvailableException e) { +      log.debug("PVP response decrytion FAILED. No credential found.", e); +      throw new TaskExecutionException(pendingReq, ERROR_MSG_02, +          new AuthnResponseValidationException(ERROR_PVP_10, +              new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e)); +      } catch (final Exception e) { -      log.error("Initial search FAILED.", e); -      throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); +      log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e); +      throw new TaskExecutionException(pendingReq, ERROR_MSG_03, +          new AuthnResponseValidationException(ERROR_PVP_12, +              new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));      } +    }    private Pair<PvpSProfileResponse, Boolean> preProcessAuthResponse(PvpSProfileResponse msg) @@ -325,44 +305,47 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends      return null;    } -  private void getAuthDataFromInterfederation(AssertionAttributeExtractor extractor) -      throws EaafBuilderException, ConfigurationException { +  private String getAuthDataFromInterfederation(AssertionAttributeExtractor extractor) +      throws EaafBuilderException {      List<String> requiredEidasNodeAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES; - +    String bpk = null;      try {        // check if all attributes are include        if (!extractor.containsAllRequiredAttributes()            || !extractor.containsAllRequiredAttributes(            requiredEidasNodeAttributes)) { -        log.warn("PVP Response from 'ms-specific eIDAS node' contains not all requested attributes."); +        log.warn("PVP Response from 'ID Austria node' contains not all requested attributes.");          throw new AssertionValidationExeption(ERROR_PVP_06, new Object[]{              IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING});        } -      // copy attributes into MOASession -      //      final AhAuthProcessDataWrapper session = pendingReq.getSessionData( -      //          AhAuthProcessDataWrapper.class); -      //      final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames(); -      //      for (final String attrName : includedAttrNames) { -      //        injectAuthInfosIntoSession(session, attrName, -      //            extractor.getSingleAttributeValue(attrName)); -      // -      //      } - -      //set piiTransactionId from eIDAS Connector -      String piiTransactionId = extractor.getSingleAttributeValue( -          ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME); -      if (StringUtils.isNotEmpty(piiTransactionId) && pendingReq instanceof RequestImpl) { -        log.info("Receive piiTransactionId from Austrian eIDAS Connector. Use this for further processing"); -        ((RequestImpl) pendingReq).setUniquePiiTransactionIdentifier(piiTransactionId); +      HashMap<String, String> map = new HashMap<>(); +      final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames(); +      for (final String attrName : includedAttrNames) { +        map.put(attrName, extractor.getSingleAttributeValue(attrName)); -      } else { -        log.debug("Receive no piiTransactionId from Austrian eIDAS Connector."); +        if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) { +          bpk = extractor.getSingleAttributeValue(attrName); +        } +        //injectAuthInfosIntoSession(session, attrName, +        //    extractor.getSingleAttributeValue(attrName));        } +      //set piiTransactionId from eIDAS Connector +      //      String piiTransactionId = extractor.getSingleAttributeValue( +      //          ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME); +      //      if (StringUtils.isNotEmpty(piiTransactionId) && pendingReq instanceof RequestImpl) { +      //        log.info("Receive piiTransactionId from Austrian eIDAS Connector. Use this for further processing"); +      //        ((RequestImpl) pendingReq).setUniquePiiTransactionIdentifier(piiTransactionId); +      // +      //      } else { +      //        log.debug("Receive no piiTransactionId from Austrian eIDAS Connector."); +      // +      //      } +        // set foreigner flag        //      session.setForeigner(true); @@ -383,6 +366,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends        throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e);      } +    return bpk;    }    //  private void injectAuthInfosIntoSession(AhAuthProcessDataWrapper session, String attrName, String attrValue) @@ -404,7 +388,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends    //    } else if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) {    //      session.setQaaLevel(attrValue);    // -  //    //    } else if (ExtendedPvpAttributeDefinitions.EID_MIS_MANDATE_NAME.equals(attrName) +  //    //          } else if (ExtendedPvpAttributeDefinitions.EID_MIS_MANDATE_NAME.equals(attrName)    //    //        && authConfig.getBasicConfigurationBoolean(    //    //        IdAustriaClientAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) {    //    //      session.setMandateDate(new SignedMandateDao(attrValue)); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index 992ad766..6b67379c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -49,13 +49,14 @@                    to="receiveGuiResponseTask" />    <pd:Transition  from="receiveGuiResponseTask"                    to="generateMobilePhoneSignatureRequestTask" -                  conditionExpression="ctx['TASK_TODO']"/> +                  conditionExpression="ctx['TASK_GenerateMobilePhoneSignatureRequestTask']"/>    <pd:Transition  from="generateMobilePhoneSignatureRequestTask"                    to="receiveMobilePhoneSignatureResponseTask" />    <pd:Transition  from="receiveMobilePhoneSignatureResponseTask"                    to="createNewErnpEntryTask" />    <pd:Transition  from="receiveGuiResponseTask" -                  to="generateGuiQueryAustrianResidenceTask" /> +                  to="generateGuiQueryAustrianResidenceTask" +                  conditionExpression="ctx['Task_GenerateGuiQueryAustrianResidenceTask']"/>    <pd:Transition  from="generateGuiQueryAustrianResidenceTask"                    to="receiveGuiAustrianResidenceResponseTask" /> @@ -65,7 +66,8 @@                    conditionExpression="ctx['TASK_TODO']"/>    <pd:Transition  from="receiveGuiAustrianResidenceResponseTask" -                  to="createNewErnpEntryTask" /> +                  to="createNewErnpEntryTask" +                  conditionExpression="ctx['TASK_TODO']"/>    <pd:Transition  from="createNewErnpEntryTask" diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 680ec19c..5897fc78 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -134,14 +134,16 @@          class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveGuiAustrianResidenceResponseTask"          scope="prototype" /> -  <bean id="eidasCentralAuthCredentialProvider" +  <bean id="idAustriaClientAuthCredentialProvider"          class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider" /> -  <bean id="eidasCentralAuthMetadataProvider" -        class=" at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider" /> +  <bean id="idAustriaClientAuthMetadataProvider" +        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider" /> + +  <bean id="idAustriaClientAuthMetadataController" +        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController" /> + -  <bean id="eidasCentralAuthMetadataController" -        class=" at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController" />  </beans>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java new file mode 100644 index 00000000..c99c6e6a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java @@ -0,0 +1,169 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.List; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController; +import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.UnmarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.metadata.resolver.filter.FilterException; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml.saml2.metadata.SPSSODescriptor; +import org.opensaml.security.x509.BasicX509Credential; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; +import net.shibboleth.utilities.java.support.xml.XMLParserException; + + +@RunWith(SpringJUnit4ClassRunner.class) +//@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties"}) +@TestPropertySource(locations = { "classpath:/config/junit_config_1_springboot.properties" }) +@ContextConfiguration(locations = { +    "/SpringTest-context_tasks_test.xml", +    "/SpringTest-context_basic_mapConfig.xml" +}) +@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS) +@Ignore +public class IdAustriaClientAuthMetadataControllerTest { + +  private MockHttpServletRequest httpReq; +  private MockHttpServletResponse httpResp; + +  @Autowired private IdAustriaClientAuthMetadataController controller; +  @Autowired private IdAustriaClientAuthCredentialProvider credProvider; +  @Autowired private DummyAuthConfigMap config; + +  /** +   * JUnit class initializer. +   * +   * @throws Exception In case of an OpenSAML3 initialization error +   */ +  @BeforeClass +  public static void initialize() throws Exception { +    EaafOpenSaml3xInitializer.eaafInitialize(); + +  } + +  /** +   * Single jUnit-test set-up. +   */ +  @Before +  public void testSetup() { +    httpReq = new MockHttpServletRequest("GET", "http://localhost/authhandler"); +    httpReq.setContextPath("/authhandler"); +    httpResp = new MockHttpServletResponse(); + +    config.removeConfigValue("core.legacy.allowLegacyMode"); +    config.removeConfigValue("modules.eidascentralauth.semper.mandates.active"); +    config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.1"); +    config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.2"); +    config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.3"); +    config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.4"); +    config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.5"); +    config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.6"); + +  } + +  @Test +  public void buildMetadataValidInEidMode() throws IOException, EaafException, +      XMLParserException, UnmarshallingException, FilterException { +    config.putConfigValue("core.legacy.allowLegacyMode", "false"); +    config.putConfigValue("modules.eidascentralauth.semper.mandates.active", "false"); + +    //build metdata +    controller.getSpMetadata(httpReq, httpResp); + +    //check result +    validateResponse(6); + +  } + +  private void validateResponse(int numberOfRequestedAttributes) throws UnsupportedEncodingException, +      XMLParserException, UnmarshallingException, FilterException, CredentialsNotAvailableException { +    Assert.assertEquals("HTTP Statuscode", 200, httpResp.getStatus()); +    Assert.assertEquals("ContentType", "text/xml; charset=utf-8", httpResp.getContentType()); +    Assert.assertEquals("ContentEncoding", "UTF-8", httpResp.getCharacterEncoding()); + +    final String metadataXml = httpResp.getContentAsString(); +    Assert.assertNotNull("XML Metadata", metadataXml); + +    final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( +        XMLObjectProviderRegistrySupport.getParserPool(), new ByteArrayInputStream(metadataXml.getBytes("UTF-8"))); + +    Assert.assertEquals("EntityId", +        "http://localhost/authhandler" + IdAustriaClientAuthConstants.ENDPOINT_METADATA, +        metadata.getEntityID()); + +    //check XML scheme +    final SchemaValidationFilter schemaFilter = new SchemaValidationFilter(); +    schemaFilter.filter(metadata); + +    //check signature +    final SimpleMetadataSignatureVerificationFilter sigFilter = +        new SimpleMetadataSignatureVerificationFilter(credProvider.getKeyStore().getFirst(), +            metadata.getEntityID()); +    sigFilter.filter(metadata); + +    //check content +    final SPSSODescriptor spSsoDesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); +    Assert.assertNotNull("SPSSODescr.", spSsoDesc); + +    Assert.assertFalse("AssertionConsumerServices", +        spSsoDesc.getAssertionConsumerServices().isEmpty()); +    Assert.assertFalse("ContactPersons", +        metadata.getContactPersons().isEmpty()); +    Assert.assertNotNull("ContactPersons", +        metadata.getOrganization()); + +    Assert.assertFalse("KeyDescriptors", +        spSsoDesc.getKeyDescriptors().isEmpty()); +    Assert.assertEquals("#KeyDescriptors", 2, spSsoDesc.getKeyDescriptors().size()); + +    Assert.assertFalse("NameIDFormats", +        spSsoDesc.getNameIDFormats().isEmpty()); +    Assert.assertEquals("wrong NameIDFormats", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", +        spSsoDesc.getNameIDFormats().get(0).getFormat()); + +    Assert.assertFalse("AttributeConsumingServices", +        spSsoDesc.getAttributeConsumingServices().isEmpty()); +    Assert.assertEquals("#RequestAttributes", numberOfRequestedAttributes, +        spSsoDesc.getAttributeConsumingServices().get(0).getRequestAttributes().size()); + +  } + +  private List<BasicX509Credential> convertX509Certs(List<X509Certificate> certs) { +    final List<BasicX509Credential> result = new ArrayList<>(); +    for (final X509Certificate cert : certs) { +      result.add(new BasicX509Credential(cert)); + +    } +    return result; +  } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java index ac188cda..95986c49 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java @@ -46,7 +46,6 @@ import org.apache.commons.lang3.RandomStringUtils;  import org.jetbrains.annotations.NotNull;  import org.junit.Assert;  import org.junit.Before; -import org.junit.BeforeClass;  import org.junit.Test;  import org.junit.runner.RunWith;  import org.mockito.Mock; @@ -62,7 +61,6 @@ import org.springframework.web.context.request.RequestContextHolder;  import org.springframework.web.context.request.ServletRequestAttributes;  import javax.xml.namespace.QName; -import java.io.IOException;  import java.net.URI;  import java.net.URISyntaxException;  import java.util.ArrayList; @@ -97,7 +95,7 @@ public class InitialSearchTaskTest {    private final String randomGivenName = RandomStringUtils.randomAlphabetic(10);    private final String randomPlaceOfBirth = RandomStringUtils.randomAlphabetic(10);    private final String randomBirthName = RandomStringUtils.randomAlphabetic(10); -  private final String randomDate = "2011-01-" + (10 + new Random().nextInt(18)); +  private final String randomBirthDate = "2011-01-" + (10 + new Random().nextInt(18));  //  /**  //   * jUnit class initializer. @@ -138,7 +136,7 @@ public class InitialSearchTaskTest {    public void testNode100_UserIdentifiedUpdateNecessary_a() throws Exception {      String newFirstName = RandomStringUtils.randomAlphabetic(10);      Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList( -        new RegisterResult(randomBpk, randomIdentifier, newFirstName, randomFamilyName, randomDate))); +        new RegisterResult(randomBpk, randomIdentifier, newFirstName, randomFamilyName, randomBirthDate)));      Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());      task.execute(pendingReq, executionContext); @@ -158,7 +156,7 @@ public class InitialSearchTaskTest {      Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());      String newRandomGivenName = RandomStringUtils.randomAlphabetic(10);      Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList( -        new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomDate))); +        new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomBirthDate)));      task.execute(pendingReq, executionContext);      String bPk = (String) @@ -175,9 +173,9 @@ public class InitialSearchTaskTest {    @DirtiesContext    public void testNode101_ManualFixNecessary_a() {      ArrayList<RegisterResult> zmrResult = new ArrayList<>(); -    zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate)); +    zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate));      String newRandomGivenName = randomGivenName + RandomStringUtils.randomAlphabetic(2); -    zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomDate)); +    zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomBirthDate));      Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult);      Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); @@ -197,10 +195,10 @@ public class InitialSearchTaskTest {    public void testNode101_ManualFixNecessary_b() {      Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());      ArrayList<RegisterResult> ernpResult = new ArrayList<>(); -    ernpResult.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName, randomFamilyName, randomDate)); +    ernpResult.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName, randomFamilyName, randomBirthDate));      String newRandomGivenName = randomGivenName + RandomStringUtils.randomAlphabetic(2);      ernpResult.add( -        new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomDate)); +        new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomBirthDate));      Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult);      TaskExecutionException exception = assertThrows(TaskExecutionException.class, @@ -218,7 +216,7 @@ public class InitialSearchTaskTest {    public void testNode102_UserIdentified_a() throws Exception {      Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());      Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList( -        new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate))); +        new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate)));      task.execute(pendingReq, executionContext);      String bPk = (String) @@ -234,7 +232,7 @@ public class InitialSearchTaskTest {    @DirtiesContext    public void testNode102_UserIdentified_b() throws Exception {      Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList( -        new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate))); +        new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate)));      Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());      task.execute(pendingReq, executionContext); @@ -260,7 +258,7 @@ public class InitialSearchTaskTest {      String newRandomIdentifier = randomIdentifier + RandomStringUtils.randomNumeric(2);      Mockito.when(zmrClient.searchItSpecific(taxNumber)).thenReturn(Collections.singletonList(          new RegisterResult(randomBpk, newRandomIdentifier, randomGivenName, randomFamilyName, -            randomDate, null, null, taxNumber, null))); +            randomBirthDate, null, null, taxNumber, null)));      Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());      task = new InitialSearchTask(          Collections.singletonList(new ItSpecificDetailSearchProcessor(ernpClient, zmrClient)), @@ -282,15 +280,15 @@ public class InitialSearchTaskTest {    public void testNode103_UserIdentified_DE() throws Exception {      final AuthenticationResponse response = buildDummyAuthResponseDE(randomGivenName, randomFamilyName,          randomPseudonym, -        randomDate, randomPlaceOfBirth, randomBirthName); +        randomBirthDate, randomPlaceOfBirth, randomBirthName);      TestRequestImpl pendingReq1 = new TestRequestImpl();      pendingReq1.getSessionData(AuthProcessDataWrapper.class)          .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response);      Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); -    Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomDate, randomPlaceOfBirth, +    Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomBirthDate, randomPlaceOfBirth,          randomBirthName))          .thenReturn(Collections.singletonList(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, -            randomFamilyName, randomDate, randomPlaceOfBirth, randomBirthName, null, null))); +            randomFamilyName, randomBirthDate, randomPlaceOfBirth, randomBirthName, null, null)));      Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());      task = new InitialSearchTask(          Collections.singletonList(new DeSpecificDetailSearchProcessor(ernpClient, zmrClient)), @@ -314,18 +312,18 @@ public class InitialSearchTaskTest {      String newRandomBpk = randomBpk + RandomStringUtils.randomNumeric(6);      final AuthenticationResponse response = buildDummyAuthResponseDE(randomGivenName, randomFamilyName,          randomPseudonym, -        randomDate, randomPlaceOfBirth, randomBirthName); +        randomBirthDate, randomPlaceOfBirth, randomBirthName);      TestRequestImpl pendingReq1 = new TestRequestImpl();      pendingReq1.getSessionData(AuthProcessDataWrapper.class)          .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response);      Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());      ArrayList<RegisterResult> zmrResultSpecific = new ArrayList<>();      zmrResultSpecific.add( -        new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate, +        new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate,              randomPlaceOfBirth, randomBirthName, null, null)); -    zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName, randomFamilyName, randomDate, +    zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName, randomFamilyName, randomBirthDate,          randomPlaceOfBirth, randomBirthName, null, null)); -    Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomDate, randomPlaceOfBirth, +    Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomBirthDate, randomPlaceOfBirth,          randomBirthName)).thenReturn(zmrResultSpecific);      Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());      task = new InitialSearchTask( @@ -354,11 +352,11 @@ public class InitialSearchTaskTest {      ArrayList<RegisterResult> zmrResultSpecific = new ArrayList<>();      String randomPseudonym = IT_ST + randomIdentifier + "4";      zmrResultSpecific.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName, -        randomFamilyName, randomDate, null, null, randomTaxNumber, null)); +        randomFamilyName, randomBirthDate, null, null, randomTaxNumber, null));      String newRandomPseudonym = IT_ST + randomIdentifier + "5";      String newRandomBpk = RandomStringUtils.randomNumeric(6);      zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName, -        randomFamilyName, randomDate, null, null, randomTaxNumber, null)); +        randomFamilyName, randomBirthDate, null, null, randomTaxNumber, null));      Mockito.when(zmrClient.searchItSpecific(randomTaxNumber)).thenReturn(zmrResultSpecific);      Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());      task = new InitialSearchTask( @@ -373,11 +371,11 @@ public class InitialSearchTaskTest {    }    /** -   * NO match found in ZMR and ErnP with Initial search +   * NO match found in ZMR and ErnP with Initial and MDS search     */    @Test    @DirtiesContext -  public void testNode105_TemporaryEnd() throws TaskExecutionException { +  public void testNode505_TransitionToErnbTask() throws TaskExecutionException {      Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());      Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); @@ -386,18 +384,99 @@ public class InitialSearchTaskTest {      String bPk = (String)          pendingReq.getSessionData(AuthProcessDataWrapper.class)              .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); -    Assert.assertEquals("Wrong bpk", "TODO-Temporary-Endnode-105", bPk); +    Assert.assertEquals("Wrong bpk", null, bPk); + +    Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK); +    Assert.assertEquals("Wrong transition", null, transitionGUI); +    Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK); +    Assert.assertEquals("Wrong transition", true, transitionErnb); +  } + +  /** +   * NO match found in ZMR and ErnP with Initial search, one match with MDS search in Ernb +   */ +  @Test +  @DirtiesContext +  public void testNode505_TransitionToGUI_Ernb() throws TaskExecutionException { +    Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); +    Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); + +    Mockito.when(ernpClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn( +        Collections.singletonList( +        new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate))); + +    task.execute(pendingReq, executionContext); + +    String bPk = (String) +        pendingReq.getSessionData(AuthProcessDataWrapper.class) +            .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); +    Assert.assertEquals("Wrong bpk", null, bPk); +    Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK); +    Assert.assertEquals("Wrong transition", true, transitionGUI); +    Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK); +    Assert.assertEquals("Wrong transition", null, transitionErnb); +  } + +  /** +   * NO match found in ZMR and ErnP with Initial search, one match with MDS search in ZMR +   */ +  @Test +  @DirtiesContext +  public void testNode505_TransitionToGUI_Zmr() throws TaskExecutionException { +    Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); +    Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); + +    Mockito.when(zmrClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn( +        Collections.singletonList( +            new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate))); + +    task.execute(pendingReq, executionContext); + +    String bPk = (String) +        pendingReq.getSessionData(AuthProcessDataWrapper.class) +            .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); +    Assert.assertEquals("Wrong bpk", null, bPk); +    Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK); +    Assert.assertEquals("Wrong transition", true, transitionGUI); +    Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK); +    Assert.assertEquals("Wrong transition", null, transitionErnb);    } +  /** +   * NO match found in ZMR and ErnP with Initial search, multiple matches found with MDS search +   */ +  @Test +  @DirtiesContext +  public void testNode505_TransitionToGUI_Ernb_multi() throws TaskExecutionException { +    Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); +    Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); +    ArrayList<RegisterResult> ernbResult = new ArrayList<>(); +    ernbResult.add(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, +        randomBirthDate)); +    ernbResult.add(new RegisterResult(randomBpk+"1", randomIdentifier, randomGivenName, randomFamilyName, +        randomBirthDate)); +    Mockito.when(ernpClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn(ernbResult); + +    task.execute(pendingReq, executionContext); + +    String bPk = (String) +        pendingReq.getSessionData(AuthProcessDataWrapper.class) +            .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); +    Assert.assertEquals("Wrong bpk", null, bPk); +    Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK); +    Assert.assertEquals("Wrong transition", true, transitionGUI); +    Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK); +    Assert.assertEquals("Wrong transition", null, transitionErnb); +  }    @NotNull    private AuthenticationResponse buildDummyAuthResponseRandomPerson() throws URISyntaxException { -    return buildDummyAuthResponse(randomGivenName, randomFamilyName, DE_ST + randomIdentifier, randomDate); +    return buildDummyAuthResponse(randomGivenName, randomFamilyName, DE_ST + randomIdentifier, randomBirthDate);    }    private AuthenticationResponse buildDummyAuthResponseRandomPersonIT_Tax(String taxNumber)        throws URISyntaxException { -    return buildDummyAuthResponse(randomGivenName, randomFamilyName, IT_ST + randomIdentifier, randomDate, +    return buildDummyAuthResponse(randomGivenName, randomFamilyName, IT_ST + randomIdentifier, randomBirthDate,          taxNumber, null, null);    } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java index d0ab50f4..35f1a91b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java @@ -54,8 +54,11 @@ import eu.eidas.auth.commons.light.impl.LightRequest.Builder;  @RunWith(SpringJUnit4ClassRunner.class)  @ContextConfiguration(locations = {      "/SpringTest-context_tasks_test.xml", -    "/SpringTest-context_basic_realConfig.xml"}) -@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties"}) +    "/SpringTest-context_basic_realConfig.xml", +    //"/SpringTest-context_basic_mapConfig.xml" +    }) +@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties", "classpath:/config" + +    "/junit_config_1_springboot.properties"})  @DirtiesContext(classMode = ClassMode.AFTER_CLASS)  public class EidasRequestPreProcessingFirstTest { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml index 5a7f4161..ed636eed 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml @@ -102,4 +102,31 @@          class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask"          scope="prototype" /> +  <bean id="GenerateGuiQueryAustrianResidenceTask" +        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateGuiQueryAustrianResidenceTask" +        scope="prototype" /> + +  <bean id="ReceiveGuiAustrianResidenceResponseTask" +        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveGuiAustrianResidenceResponseTask" +        scope="prototype" /> + +  <bean id="idAustriaClientAuthCredentialProvider" +        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider" /> + +  <bean id="idAustriaClientAuthMetadataProvider" +        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider" /> + +  <bean id="idAustriaClientAuthMetadataController" +        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController" /> + +  <bean id="idAustriaClientPvpMetadataResolverFactory" +        class="at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory" /> + +  <bean id="pvpMetadataBuilder" +        class="at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder" /> + +  <bean id="idAustriaAuthPvpConfiguration" +        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaAuthPvpConfiguration" /> + +  </beans>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties index a662379c..df64b494 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties @@ -114,4 +114,36 @@ eidas.ms.configuration.sp.disableRegistrationRequirement=  eidas.ms.configuration.restrictions.baseID.spTransmission=  eidas.ms.configuration.auth.default.countrycode=  eidas.ms.configuration.pvp.scheme.validation= -eidas.ms.configuration.pvp.enable.entitycategories=
\ No newline at end of file +eidas.ms.configuration.pvp.enable.entitycategories= + + + + +## PVP2 S-Profile ID Austria client configuration + +eidas.ms.modules.idaustriaclient.keystore.path=../keystore/junit_test.jks +eidas.ms.modules.idaustriaclient.keystore.password=password +eidas.ms.modules.idaustriaclient.keystore.type=jks + +eidas.ms.modules.idaustriaclient.metadata.sign.alias=meta +eidas.ms.modules.idaustriaclient.metadata.sign.password=password +eidas.ms.modules.idaustriaclient.request.sign.alias=sig +eidas.ms.modules.idaustriaclient.request.sign.password=password +eidas.ms.modules.idaustriaclient.response.encryption.alias=enc +eidas.ms.modules.idaustriaclient.response.encryption.password=password + +eidas.ms.modules.idaustriaclient.truststore.path=../keystore/junit_test.jks +eidas.ms.modules.idaustriaclient.truststore.password=password +eidas.ms.modules.idaustriaclient.truststore.type=jks + +eidas.ms.modules.idaustriaclient.node.entityId= +eidas.ms.modules.idaustriaclient.sp.entityId= +eidas.ms.modules.idaustriaclient.node.metadataUrl= + +eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit +eidas.ms.modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.modules.idaustriaclient.metadata.organisation.url=http://junit.test +eidas.ms.modules.idaustriaclient.metadata.contact.givenname=Max +eidas.ms.modules.idaustriaclient.metadata.contact.surname=Mustermann +eidas.ms.modules.idaustriaclient.metadata.contact.email=max@junit.test + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties new file mode 100644 index 00000000..fc0c7241 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties @@ -0,0 +1,119 @@ +## embbeded Tomcat +tomcat.workingdir=./target/work +tomcat.ajp.enabled=true +tomcat.ajp.port=8009 +tomcat.ajp.networkAddress=127.0.0.1 +tomcat.ajp.additionalAttributes.secretrequired=true +tomcat.ajp.additionalAttributes.secret=junit + +## Basic service configuration +eidas.ms.context.url.prefix=http://localhost +eidas.ms.core.configRootDir=file:./src/test/resources/config/ + +eidas.ms.context.use.clustermode=true + +##Monitoring +eidas.ms.monitoring.eIDASNode.metadata.url=http://localhost:40900/mockup + +## extended validation of pending-request Id's +eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret + +## eIDAS Ref. Implementation connector ### +eidas.ms.auth.eIDAS.node_v2.forward.endpoint=http://eidas.node/junit + +eidas.ms.auth.eIDAS.szrclient.useTestService=true +eidas.ms.auth.eIDAS.szrclient.endpoint.prod= +eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/junit.jks +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password=password +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password= + +#tech. AuthBlock signing for E-ID process +eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s +eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair +eidas.ms.auth.eIDAS.authblock.keystore.path=keys/teststore.jks +eidas.ms.auth.eIDAS.authblock.keystore.type=jks +eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair +eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s + + +#Raw eIDAS Id data storage +eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true +eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false + + + +## PVP2 S-Profile end-point configuration +eidas.ms.pvp2.keystore.type=jks +eidas.ms.pvp2.keystore.path=keys/junit.jks +eidas.ms.pvp2.keystore.password=password +eidas.ms.pvp2.key.metadata.alias=meta +eidas.ms.pvp2.key.metadata.password=password +eidas.ms.pvp2.key.signing.alias=sig +eidas.ms.pvp2.key.signing.password=password +eidas.ms.pvp2.metadata.validity=24 + +eidas.ms.pvp2.metadata.organisation.name=JUnit +eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.pvp2.metadata.organisation.url=http://junit.test +eidas.ms.pvp2.metadata.contact.givenname=Max +eidas.ms.pvp2.metadata.contact.surname=Mustermann +eidas.ms.pvp2.metadata.contact.email=max@junit.test + +## Service Provider configuration +eidas.ms.sp.0.uniqueID=https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata +eidas.ms.sp.0.pvp2.metadata.truststore=keys/junit.jks +eidas.ms.sp.0.pvp2.metadata.truststore.password=password +eidas.ms.sp.0.friendlyName=jUnit test +eidas.ms.sp.0.newEidMode=true + +#eidas.ms.sp.0.pvp2.metadata.url= +#eidas.ms.sp.0.policy.allowed.requested.targets=.* +#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false + +## Service Provider configuration +eidas.ms.sp.1.uniqueID=https://demo.egiz.gv.at/junit_test +eidas.ms.sp.1.pvp2.metadata.truststore=keys/junit.jks +eidas.ms.sp.1.pvp2.metadata.truststore.password=password +eidas.ms.sp.1.friendlyName=jUnit test +eidas.ms.sp.1.pvp2.metadata.url=http://junit.test/metadata +eidas.ms.sp.1.policy.allowed.requested.targets=test +eidas.ms.sp.1.policy.hasBaseIdTransferRestriction=true + +## PVP2 S-Profile client configuration +#eidas.ms.modules.idaustriaclient.keystore.type=jks +#eidas.ms.modules.idaustriaclient.keystore.path=keys/junit.jks1 +#eidas.ms.modules.idaustriaclient.keystore.password=password +#eidas.ms.modules.idaustriaclient.key.metadata.alias=meta +#eidas.ms.modules.idaustriaclient.key.metadata.password=password +#eidas.ms.modules.idaustriaclient.key.signing.alias=sig +#eidas.ms.modules.idaustriaclient.key.signing.password=password +#eidas.ms.modules.idaustriaclient.metadata.validity=24 + +eidas.ms.modules.idaustriaclient.keystore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaclient.keystore.password=password +eidas.ms.modules.idaustriaclient.keystore.type=jks + +eidas.ms.modules.idaustriaclient.metadata.sign.alias=meta +eidas.ms.modules.idaustriaclient.metadata.sign.password=password +eidas.ms.modules.idaustriaclient.request.sign.alias=sig +eidas.ms.modules.idaustriaclient.request.sign.password=password +eidas.ms.modules.idaustriaclient.response.encryption.alias=enc +eidas.ms.modules.idaustriaclient.response.encryption.password=password + +eidas.ms.modules.idaustriaclient.truststore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaclient.truststore.password=password +eidas.ms.modules.idaustriaclient.truststore.type=jks + +eidas.ms.modules.idaustriaclient.node.entityId= +eidas.ms.modules.idaustriaclient.sp.entityId= +eidas.ms.modules.idaustriaclient.node.metadataUrl= + +eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit +eidas.ms.modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.modules.idaustriaclient.metadata.organisation.url=http://junit.test +eidas.ms.modules.idaustriaclient.metadata.contact.givenname=Max +eidas.ms.modules.idaustriaclient.metadata.contact.surname=Mustermann +eidas.ms.modules.idaustriaclient.metadata.contact.email=max@junit.test + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/junit_test.jks b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/junit_test.jksBinary files differ new file mode 100644 index 00000000..ee6254a9 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/junit_test.jks diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/teststore.jks b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/teststore.jksBinary files differ new file mode 100644 index 00000000..fcc6400c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/teststore.jks diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/junit_test.jks b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/junit_test.jksBinary files differ new file mode 100644 index 00000000..ee6254a9 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/junit_test.jks @@ -142,6 +142,16 @@          <version>${eaaf-core.version}</version>        </dependency>        <dependency> +        <groupId>at.gv.egiz.eaaf</groupId> +        <artifactId>eaaf_module_pvp2_core</artifactId> +        <version>${eaaf-core.version}</version> +      </dependency> +      <dependency> +        <groupId>at.gv.egiz.eaaf</groupId> +        <artifactId>eaaf_module_pvp2_sp</artifactId> +        <version>${eaaf-core.version}</version> +      </dependency> +      <dependency>          <groupId>at.asitplus.eidas.ms_specific</groupId>          <artifactId>ms_specific_connector</artifactId>          <type>war</type> @@ -345,12 +355,6 @@          <type>test-jar</type>        </dependency>        <dependency> -        <groupId>at.gv.egiz.eaaf</groupId> -        <artifactId>eaaf_module_pvp2_sp</artifactId> -        <version>${eaaf-core.version}</version> -        <scope>test</scope> -      </dependency> -      <dependency>          <groupId>at.asitplus.eidas.ms_specific</groupId>          <artifactId>connector_lib</artifactId>          <version>${egiz.eidas.version}</version> | 
