aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--basicConfig/default_config.properties2
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java26
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java114
-rw-r--r--connector/src/main/resources/application.properties2
-rw-r--r--connector/src/main/resources/specific_eIDAS_connector.beans.xml6
-rw-r--r--connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java19
-rw-r--r--connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java10
-rw-r--r--connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java7
-rw-r--r--connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java2
-rw-r--r--connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java18
-rw-r--r--connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java5
-rw-r--r--connector/src/test/resources/data/metadata_valid_without_encryption.xml1
-rw-r--r--connector/src/test/resources/data/pvp2_authn_3.xml3
-rw-r--r--connector/src/test/resources/spring/SpringTest_connector.beans.xml6
-rw-r--r--connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java3
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java12
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java9
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java25
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java34
-rw-r--r--infos/handbook-work_in_progress.docxbin44486 -> 44445 bytes
-rw-r--r--pom.xml2
23 files changed, 241 insertions, 69 deletions
diff --git a/basicConfig/default_config.properties b/basicConfig/default_config.properties
index 725fac7c..2ea12b17 100644
--- a/basicConfig/default_config.properties
+++ b/basicConfig/default_config.properties
@@ -18,6 +18,8 @@ eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret
## eIDAS Ref. Implementation connector ###
+eidas.ms.auth.eIDAS.eid.testidentity.default=false
+
eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector
eidas.ms.auth.eIDAS.node_v2.forward.endpoint=
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java
index c41660ce..3a93c1b8 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java
@@ -30,6 +30,7 @@ import org.springframework.stereotype.Service;
import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
@@ -37,8 +38,9 @@ import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
import lombok.extern.slf4j.Slf4j;
@Service("AuthenticationDataBuilder")
@@ -47,9 +49,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
@Override
protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException {
- final IAuthProcessDataContainer authProcessData =
- pendingReq.getSessionData(AuthProcessDataWrapper.class);
- AuthenticationData authData = new AuthenticationData();
+ final EidAuthProcessDataWrapper authProcessData =
+ pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
+ EidAuthenticationData authData = new EidAuthenticationData();
//set basis infos
super.generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData);
@@ -58,6 +60,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
authData.setSsoSessionValidTo(
new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
+ authData.setEidStatus(authProcessData.isTestIdentity()
+ ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY);
+
return authData;
}
@@ -65,16 +70,21 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
@Override
protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq)
throws EaafException {
- if (authData instanceof AuthenticationData) {
- ((AuthenticationData)authData).setGenericData(
+ if (authData instanceof EidAuthenticationData) {
+ ((EidAuthenticationData)authData).setGenericData(
ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME,
pendingReq.getUniquePiiTransactionIdentifier());
log.trace("Inject piiTransactionId: {} into AuthData", pendingReq.getUniquePiiTransactionIdentifier());
// set specific informations
- ((AuthenticationData)authData).setSsoSessionValidTo(
+ ((EidAuthenticationData)authData).setSsoSessionValidTo(
new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
+ //set E-ID status-level
+ final EidAuthProcessDataWrapper authProcessData =
+ pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
+ ((EidAuthenticationData)authData).setEidStatus(authProcessData.isTestIdentity()
+ ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY);
} else {
throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: "
@@ -86,7 +96,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
@Override
protected IAuthData getAuthDataInstance(IRequest arg0) throws EaafException {
- return new AuthenticationData();
+ return new EidAuthenticationData();
}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
index a9eb06be..881eeb8a 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
@@ -75,7 +75,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
if (nameIdPolicy != null) {
final String nameIdFormat = nameIdPolicy.getFormat();
if (nameIdFormat != null) {
- if (!(NameIDType.TRANSIENT.equals(nameIdFormat)
+ if (!(NameIDType.TRANSIENT.equals(nameIdFormat)
|| NameIDType.PERSISTENT.equals(nameIdFormat))) {
throw new NameIdFormatNotSupportedException(nameIdFormat);
@@ -114,10 +114,10 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
// post-process requested LoA comparison-level
pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setLoAMachtingMode(
extractComparisonLevel(authnReq));
-
- //extract information from requested attributes
+
+ // extract information from requested attributes
extractFromRequestedAttriutes(pendingReq, authnReq);
-
+
} catch (final EaafStorageException e) {
log.info("Can NOT store Authn. Req. data into pendingRequest.", e);
throw new AuthnRequestValidatorException("internal.02", null, e);
@@ -126,14 +126,14 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
}
- private void extractFromRequestedAttriutes(IRequest pendingReq, AuthnRequest authnReq)
- throws AuthnRequestValidatorException {
+ private void extractFromRequestedAttriutes(IRequest pendingReq, AuthnRequest authnReq)
+ throws AuthnRequestValidatorException, EaafStorageException {
// validate and process requested attributes
boolean sectorDetected = false;
-
+
final ServiceProviderConfiguration spConfig = pendingReq.getServiceProviderConfiguration(
ServiceProviderConfiguration.class);
-
+
if (authnReq.getExtensions() != null) {
final List<XMLObject> requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects();
for (final XMLObject reqAttrObj : requestedAttributes) {
@@ -143,77 +143,101 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
for (final EaafRequestedAttribute el : reqAttr.getAttributes()) {
log.trace("Processing req. attribute '" + el.getName() + "' ... ");
if (el.getName().equals(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
- sectorDetected = extractBpkTargetIdentifier(el, spConfig);
-
+ sectorDetected = extractBpkTargetIdentifier(el, spConfig);
+
} else if (el.getName().equals(ExtendedPvpAttributeDefinitions.EID_TRANSACTION_ID_NAME)) {
extractUniqueTransactionId(el, pendingReq);
-
+
+ } else if (el.getName().equals(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME)) {
+ extractBindingPublicKey(el, pendingReq);
+
} else {
log.debug("Ignore req. attribute: " + el.getName());
-
+
}
}
} else {
log.debug("No requested Attributes in Authn. Request");
-
+
}
} else {
log.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString());
-
+
}
}
}
-
+
if (!sectorDetected) {
log.warn("Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information.");
throw new AuthnRequestValidatorException("pvp2.22", new Object[] {
"NO or NO VALID target-sector information" });
}
-
+
+ }
+
+ private void extractBindingPublicKey(EaafRequestedAttribute el, IRequest pendingReq)
+ throws EaafStorageException {
+ if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
+ final String bindingPubKey = el.getAttributeValues().get(0).getDOM().getTextContent();
+ pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey);
+ log.info("Find Binding Public-Key. eIDAS authentication will be used to create an ID Austria Binding");
+
+ } else {
+ log.warn(
+ "Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute",
+ el.getName());
+
+ }
}
/**
* Extract unique transactionId from AuthnRequest.
- *
- * @param el Requested attribute from AuthnRequest
- * @param pendingReq Current pendingRequest object (has to be of type {@link RequestImpl})
- * @return <code>true</code> if transactionId extraction was successful, otherwise <code>false</code>
+ *
+ * @param el Requested attribute from AuthnRequest
+ * @param pendingReq Current pendingRequest object (has to be of type
+ * {@link RequestImpl})
+ * @return <code>true</code> if transactionId extraction was successful,
+ * otherwise <code>false</code>
*/
private boolean extractUniqueTransactionId(EaafRequestedAttribute el, IRequest pendingReq) {
if (!(pendingReq instanceof RequestImpl)) {
- log.warn("Can NOT set unique transactionId from AuthnRequest,because 'PendingRequest' is NOT from Type: {}",
+ log.warn(
+ "Can NOT set unique transactionId from AuthnRequest,because 'PendingRequest' is NOT from Type: {}",
RequestImpl.class.getName());
-
- } else {
+
+ } else {
if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
- final String transactionId = el.getAttributeValues().get(0).getDOM().getTextContent();
- ((RequestImpl)pendingReq).setUniqueTransactionIdentifier(transactionId);
+ final String transactionId = el.getAttributeValues().get(0).getDOM().getTextContent();
+ ((RequestImpl) pendingReq).setUniqueTransactionIdentifier(transactionId);
return true;
} else {
- log.warn("Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute",
+ log.warn(
+ "Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute",
el.getName());
-
+
}
-
+
}
-
+
return false;
}
/**
* Extract the bPK target from requested attribute.
- *
- * @param el Requested attribute from AuthnRequest
+ *
+ * @param el Requested attribute from AuthnRequest
* @param spConfig Service-Provider configuration for current process
- * @return <code>true</code> if bPK target extraction was successful, otherwise <code>false</code>
+ * @return <code>true</code> if bPK target extraction was successful, otherwise
+ * <code>false</code>
*/
- private boolean extractBpkTargetIdentifier(EaafRequestedAttribute el, ServiceProviderConfiguration spConfig) {
+ private boolean extractBpkTargetIdentifier(EaafRequestedAttribute el,
+ ServiceProviderConfiguration spConfig) {
if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
- final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent();
+ final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent();
try {
spConfig.setBpkTargetIdentifier(sectorId);
return true;
@@ -227,16 +251,16 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
log.warn("Req. attribute '" + el.getName()
+ "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute");
}
-
+
return false;
-
+
}
-
- private void postprocessLoaLevel(IRequest pendingReq, AuthnRequest authnReq)
+
+ private void postprocessLoaLevel(IRequest pendingReq, AuthnRequest authnReq)
throws AuthnRequestValidatorException {
final List<String> reqLoA = extractLoA(authnReq);
- log.trace("SP requests LoA with: {}", String.join(", ",reqLoA));
-
+ log.trace("SP requests LoA with: {}", String.join(", ", reqLoA));
+
LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration(
MsEidasNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL,
EaafConstants.EIDAS_LOA_HIGH));
@@ -246,15 +270,15 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
minimumLoAFromConfig = LevelOfAssurance.HIGH;
}
-
+
log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...",
- minimumLoAFromConfig);
+ minimumLoAFromConfig);
final List<String> allowedLoA = new ArrayList<>();
for (final String loa : reqLoA) {
try {
final LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa);
String selectedLoA = EaafConstants.EIDAS_LOA_HIGH;
- if (intLoa != null
+ if (intLoa != null
&& intLoa.numericValue() <= minimumLoAFromConfig.numericValue()) {
log.info("Client: {} requested LoA: {} will be upgraded to: {}",
pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(),
@@ -281,7 +305,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA(
allowedLoA);
-
+
}
private String extractComparisonLevel(AuthnRequest authnReq) {
@@ -335,7 +359,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
private String extractScopeRequsterId(AuthnRequest authnReq) {
if (authnReq.getScoping() != null) {
final Scoping scoping = authnReq.getScoping();
- if (scoping.getRequesterIDs() != null
+ if (scoping.getRequesterIDs() != null
&& scoping.getRequesterIDs().size() > 0) {
if (scoping.getRequesterIDs().size() == 1) {
return scoping.getRequesterIDs().get(0).getRequesterID();
diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties
index 9a4ae54f..2411fde3 100644
--- a/connector/src/main/resources/application.properties
+++ b/connector/src/main/resources/application.properties
@@ -48,6 +48,8 @@ eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256
## eIDAS Ref. Implementation connector ###
eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector
+eidas.ms.auth.eIDAS.eid.testidentity.default=false
+
#eidas.ms.auth.eIDAS.node_v2.forward.endpoint=
eidas.ms.auth.eIDAS.node_v2.forward.method=POST
eidas.ms.auth.eIDAS.node_v2.countrycode=AT
diff --git a/connector/src/main/resources/specific_eIDAS_connector.beans.xml b/connector/src/main/resources/specific_eIDAS_connector.beans.xml
index f6fdeefe..0f8511d5 100644
--- a/connector/src/main/resources/specific_eIDAS_connector.beans.xml
+++ b/connector/src/main/resources/specific_eIDAS_connector.beans.xml
@@ -49,6 +49,9 @@
<property name="pvpIdpCredentials">
<ref bean="PVPEndPointCredentialProvider" />
</property>
+ <property name="metadataProvider">
+ <ref bean="PVPMetadataProvider" />
+ </property>
</bean>
<bean id="AuthnRequestValidator"
@@ -69,6 +72,9 @@
<property name="pvpIdpCredentials">
<ref bean="PVPEndPointCredentialProvider" />
</property>
+ <property name="metadataProvider">
+ <ref bean="PVPMetadataProvider" />
+ </property>
</bean>
<bean id="eaafProtocolAuthenticationService"
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
index 77037415..f50829c7 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
@@ -6,6 +6,7 @@ import static org.powermock.api.mockito.PowerMockito.when;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
+import java.lang.reflect.Field;
import java.net.URISyntaxException;
import java.util.Map;
import java.util.Timer;
@@ -61,6 +62,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController;
import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
@@ -71,6 +73,7 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter;
import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
+import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication;
import eu.eidas.auth.commons.attribute.AttributeDefinition;
import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
import eu.eidas.auth.commons.light.ILightRequest;
@@ -97,7 +100,7 @@ import szrservices.SignContentResponseType;
@ActiveProfiles(profiles = {"JUNIT", "jUnitTestMode"})
public class FullStartUpAndProcessTest {
- private static final String FINAL_REDIRECT = "http://localhost/finalizeAuthProtocol?pendingid=";
+ private static final String FINAL_REDIRECT = "http://localhost/public/secure/finalizeAuthProtocol?pendingid=";
@Autowired private WebApplicationContext wac;
@Autowired private PvpEndPointCredentialProvider credentialProvider;
@@ -151,13 +154,19 @@ public class FullStartUpAndProcessTest {
/**
* Test shut-down.
*
- * @throws IOException In case of an error
+ * @throws Exception In case of an error
*/
@AfterClass
- public static void closeIgniteNode() throws IOException {
+ public static void closeIgniteNode() throws Exception {
System.out.println("Closiong Ignite Node ... ");
Ignition.stopAll(true);
+
+ //set Ignite-node holder to 'null' because static holders are shared between different tests
+ final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance");
+ field.setAccessible(true);
+ field.set(null, null);
+
}
/**
@@ -371,7 +380,7 @@ public class FullStartUpAndProcessTest {
Assert.assertEquals("SAML2 status", Constants.SUCCESS_URI, saml2.getStatus().getStatusCode().getValue());
final AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(saml2);
- Assert.assertEquals("wrong resp attr. size", 6, extractor.getAllIncludeAttributeNames().size());
+ Assert.assertEquals("wrong resp attr. size", 7, extractor.getAllIncludeAttributeNames().size());
Assert.assertEquals("Wrong attr: LoA ", "http://eidas.europa.eu/LoA/high",
extractor.getSingleAttributeValue("urn:oid:1.2.40.0.10.2.1.1.261.108"));
Assert.assertEquals("Wrong attr: PVP_VERSION ", "2.2",
@@ -384,6 +393,8 @@ public class FullStartUpAndProcessTest {
extractor.getSingleAttributeValue("urn:eidgvat:attributes.authblock.signed"));
Assert.assertNotNull("Wrong attr: piiTras.Id ",
extractor.getSingleAttributeValue("urn:eidgvat:attributes.piiTransactionId"));
+ Assert.assertEquals("Wrong attr:EID_STATUS_LEVEL ", "http://eid.gv.at/eID/status/identity",
+ extractor.getSingleAttributeValue(PvpAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_NAME));
}
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java
index 86df55df..708560b2 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java
@@ -22,6 +22,7 @@ import org.junit.runners.BlockJUnit4ClassRunner;
import at.asitplus.eidas.specific.connector.SpringBootApplicationInitializer;
import at.gv.egiz.eaaf.core.impl.logging.DummyStatusMessager;
import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory;
+import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication;
import lombok.extern.slf4j.Slf4j;
@Slf4j
@@ -50,17 +51,22 @@ public class MainClassExecutableModeTest {
/**
* Initializer.
- * @throws InterruptedException In case of an error
+ * @throws Exception In case of an error
*
*/
@AfterClass
- public static void closeIgniteNode() throws InterruptedException {
+ public static void closeIgniteNode() throws Exception {
System.out.println("Closing Ignite Node ... ");
log.info("Stopping already running Apache Ignite nodes ... ");
Ignition.stopAll(true);
Thread.sleep(1000);
+ //set Ignite-node holder to 'null' because static holders are shared between different tests
+ final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance");
+ field.setAccessible(true);
+ field.set(null, null);
+
}
/**
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java
index 07ef4968..79d062ae 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java
@@ -22,6 +22,7 @@ import org.junit.runners.BlockJUnit4ClassRunner;
import at.asitplus.eidas.specific.connector.SpringBootApplicationInitializer;
import at.gv.egiz.eaaf.core.impl.logging.DummyStatusMessager;
import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory;
+import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication;
@RunWith(BlockJUnit4ClassRunner.class)
public class MainClassWebAppModeTest {
@@ -68,6 +69,12 @@ public class MainClassWebAppModeTest {
System.clearProperty("eidas.ms.configuration");
SpringBootApplicationInitializer.exit();
+
+
+ //set Ignite-node holder to 'null' because static holders are shared between different tests
+ final Field field1 = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance");
+ field1.setAccessible(true);
+ field1.set(null, null);
}
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java
index d2c4aff2..5b612036 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java
@@ -69,7 +69,7 @@ public class ProcessEngineSignalControllerTest {
Assert.assertEquals("http StatusCode", 302, httpResp.getStatus());
Assert.assertNotNull("redirect header", httpResp.getHeaderValue("Location"));
Assert.assertTrue("wrong redirect header",
- httpResp.getHeader("Location").startsWith("http://localhost/errorHandling?errorid="));
+ httpResp.getHeader("Location").startsWith("http://localhost/public/secure/errorHandling?errorid="));
}
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java
index 5f1c5dcf..52932c8c 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java
@@ -11,6 +11,7 @@ import java.util.Map;
import javax.xml.transform.TransformerException;
import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang3.RandomUtils;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
@@ -35,6 +36,7 @@ import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
@@ -42,8 +44,10 @@ import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
import at.gv.egiz.eaaf.core.exceptions.EaafParserException;
import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder;
+import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
@@ -118,8 +122,10 @@ public class AuthenticationDataBuilderTest {
@Test
public void eidMode() throws EaafAuthenticationException {
// initialize state
+ boolean isTestIdentity = RandomUtils.nextBoolean();
pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
-
+ pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity);
+
// execute
IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
@@ -128,6 +134,9 @@ public class AuthenticationDataBuilderTest {
Assert.assertNotNull("authBlock null", authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class));
Assert.assertNotNull("eidasBind null", authData.getGenericData(Constants.EIDAS_BIND, String.class));
Assert.assertNotNull("LoA null", authData.getEidasQaaLevel());
+ Assert.assertEquals("testIdentity flag",
+ isTestIdentity ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY,
+ ((EidAuthenticationData)authData).getEidStatus());
String authBlock = authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class);
String eidasBind = authData.getGenericData(Constants.EIDAS_BIND, String.class);
@@ -159,6 +168,8 @@ public class AuthenticationDataBuilderTest {
@Test
public void moaIdMode() throws EaafAuthenticationException, EaafBuilderException {
//initialize state
+ boolean isTestIdentity = RandomUtils.nextBoolean();
+ pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(true);
pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(false);
IIdentityLink idl = buildDummyIdl();
pendingReq.getSessionData(AuthProcessDataWrapper.class).setIdentityLink(idl);
@@ -173,6 +184,9 @@ public class AuthenticationDataBuilderTest {
Assert.assertNull("piiTransactionId",
authData.getGenericData(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, String.class));
+ Assert.assertEquals("testIdentity flag",
+ isTestIdentity ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY,
+ ((EidAuthenticationData)authData).getEidStatus());
Assert.assertNotNull("assertion validTo", authData.getSsoSessionValidTo());
Assert.assertNotNull("LoA null", authData.getEidasQaaLevel());
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java
index 9aafb4b6..c57515a0 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java
@@ -214,6 +214,11 @@ public class AuthnRequestValidatorTest {
Assert.assertEquals("wrong transactionId", "transId_11223344556677aabbcc",
pendingReq.getUniqueTransactionIdentifier());
+
+ Assert.assertEquals("wrong binding pubkey", "binding_pubKey_1144225247125dsfasfasdf",
+ pendingReq.getRawData(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, String.class));
+
+
}
diff --git a/connector/src/test/resources/data/metadata_valid_without_encryption.xml b/connector/src/test/resources/data/metadata_valid_without_encryption.xml
index b224c336..32b24e91 100644
--- a/connector/src/test/resources/data/metadata_valid_without_encryption.xml
+++ b/connector/src/test/resources/data/metadata_valid_without_encryption.xml
@@ -71,6 +71,7 @@ ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L</ds:X509Certificate>
<md:RequestedAttribute FriendlyName="userAuthBlock" Name="urn:eidgvat:attributes.authblock.signed" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
<md:RequestedAttribute FriendlyName="eidBind" Name="urn:eidgvat:attributes.eidbind" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
<md:RequestedAttribute FriendlyName="piiTransactionId" Name="urn:eidgvat:attributes.piiTransactionId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+ <md:RequestedAttribute FriendlyName="EID-IDENTITY-STATUS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.109" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
</md:AttributeConsumingService>
</md:SPSSODescriptor>
<md:Organization>
diff --git a/connector/src/test/resources/data/pvp2_authn_3.xml b/connector/src/test/resources/data/pvp2_authn_3.xml
index 35e49b0f..5352c441 100644
--- a/connector/src/test/resources/data/pvp2_authn_3.xml
+++ b/connector/src/test/resources/data/pvp2_authn_3.xml
@@ -31,6 +31,9 @@
<eid:RequestedAttribute FriendlyName="transactionId" Name="urn:eidgvat:attributes.transactionId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
<eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">transId_11223344556677aabbcc</eid:AttributeValue>
</eid:RequestedAttribute>
+ <eid:RequestedAttribute FriendlyName="Binding-PublicKey" Name="urn:eidgvat:attributes.binding.pubkey" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+ <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">binding_pubKey_1144225247125dsfasfasdf</eid:AttributeValue>
+ </eid:RequestedAttribute>
</eid:RequestedAttributes>
</saml2p:Extensions>
<saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
diff --git a/connector/src/test/resources/spring/SpringTest_connector.beans.xml b/connector/src/test/resources/spring/SpringTest_connector.beans.xml
index ba385cb9..83acf445 100644
--- a/connector/src/test/resources/spring/SpringTest_connector.beans.xml
+++ b/connector/src/test/resources/spring/SpringTest_connector.beans.xml
@@ -41,6 +41,9 @@
<property name="pvpIdpCredentials">
<ref bean="PVPEndPointCredentialProvider" />
</property>
+ <property name="metadataProvider">
+ <ref bean="PVPMetadataProvider" />
+ </property>
</bean>
<bean id="AuthnRequestValidator"
@@ -61,6 +64,9 @@
<property name="pvpIdpCredentials">
<ref bean="PVPEndPointCredentialProvider" />
</property>
+ <property name="metadataProvider">
+ <ref bean="PVPMetadataProvider" />
+ </property>
</bean>
<bean id="eaafProtocolAuthenticationService"
diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java
index 133f104d..027d0832 100644
--- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java
+++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java
@@ -169,6 +169,9 @@ public class MsEidasNodeConstants {
public static final List<String> COUNTRY_SELECTION_PARAM_WHITELIST =
Arrays.asList(REQ_PARAM_SELECTED_COUNTRY, REQ_PARAM_SELECTED_ENVIRONMENT);
+
+ public static final String EID_BINDING_PUBLIC_KEY_NAME = "urn:eidgvat:attributes.binding.pubkey";
+
private MsEidasNodeConstants() {
//hidden Constructor for class with static values only.
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index c175d999..d13dd00f 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -41,6 +41,8 @@ public class Constants {
// configuration properties
public static final String CONIG_PROPS_EIDAS_PREFIX = "auth.eIDAS";
+ public static final String CONIG_PROPS_EIDAS_IS_TEST_IDENTITY = CONIG_PROPS_EIDAS_PREFIX
+ + ".eid.testidentity.default";
public static final String CONIG_PROPS_EIDAS_NODE = CONIG_PROPS_EIDAS_PREFIX + ".node_v2";
public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode";
public static final String CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS = CONIG_PROPS_EIDAS_NODE
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
index 234d52dd..a2af4342 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
@@ -18,6 +18,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.fasterxml.jackson.annotation.JsonFormat;
+import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
@@ -81,6 +82,14 @@ public class AuthBlockSigningService {
authBlock.setTimestamp(LocalDateTime.now().truncatedTo(ChronoUnit.SECONDS));
authBlock.setUniqueId(pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class));
authBlock.setPiiTransactionId(pendingReq.getUniquePiiTransactionIdentifier());
+
+ //set Binding PublicKey if available
+ Object bindingPubKey = pendingReq.getRawData(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME);
+ if (bindingPubKey instanceof String) {
+ authBlock.setBindingPublicKey((String) bindingPubKey);
+
+ }
+
String jwsPayload = mapper.writeValueAsString(authBlock);
log.debug("Building and sign authBlock with data: {}", jwsPayload);
@@ -172,6 +181,7 @@ public class AuthBlockSigningService {
*
*/
@Data
+ @JsonInclude(JsonInclude.Include.NON_NULL)
private static class EidasAuchBlock {
@JsonProperty("challenge")
@@ -189,6 +199,8 @@ public class AuthBlockSigningService {
@JsonProperty("piiTransactionId")
private String piiTransactionId;
+ @JsonProperty("bindingPublicKey")
+ private String bindingPublicKey;
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index b519354c..f4849b07 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -64,8 +64,8 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder;
import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
index 684546f7..6cab9214 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
@@ -39,7 +39,7 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import eu.eidas.auth.commons.light.ILightResponse;
import lombok.extern.slf4j.Slf4j;
@@ -99,10 +99,15 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
// update MOA-Session data with received information
log.debug("Store eIDAS response information into pending-request.");
- final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ final EidAuthProcessDataWrapper authProcessData = pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance());
authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
+
+ //inject set flag to inject
+ authProcessData.setTestIdentity(
+ basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_IS_TEST_IDENTITY, false));
+
// store MOA-session to database
requestStoreage.storePendingRequest(pendingReq);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
index 2e6790c5..0621081a 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -221,6 +221,7 @@ public class CreateIdentityLinkTaskEidNewTest {
Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText());
Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty());
Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty());
+ Assert.assertFalse("binding pubKey", authBlockJson.has("bindingPublicKey"));
// check vsz request
@@ -312,9 +313,11 @@ public class CreateIdentityLinkTaskEidNewTest {
signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10));
signContentResp.getOut().add(signContentEntry);
when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp);
-
+
String randomTestSp = RandomStringUtils.randomAlphabetic(10);
+ String bindingPubKey = RandomStringUtils.randomAlphabetic(10);
pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp);
+ pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey);
//perform test
task.execute(pendingReq, executionContext);
@@ -329,8 +332,28 @@ public class CreateIdentityLinkTaskEidNewTest {
Assert.assertNotNull("AuthProcessData", authProcessData);
Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class));
+ // check authblock signature
String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class);
Assert.assertNotNull("AuthBlock", authBlock);
+ final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT,
+ BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()]));
+ Pair<KeyStore, Provider> keyStore = getKeyStore();
+ X509Certificate[] trustedCerts = EaafKeyStoreUtils
+ .getPrivateKeyAndCertificates(keyStore.getFirst(), ALIAS, PW.toCharArray(), true, "junit").getSecond();
+ JwsResult result = JoseUtils.validateSignature(authBlock, Arrays.asList(trustedCerts), constraints);
+ Assert.assertTrue("AuthBlock not valid", result.isValid());
+ JsonNode authBlockJson = mapper.readTree(result.getPayLoad());
+ Assert.assertNotNull("deserialized AuthBlock", authBlockJson);
+
+ Assert.assertNotNull("no piiTransactionId in pendingRequesdt",
+ storedPendingReq.getUniquePiiTransactionIdentifier());
+ Assert.assertEquals("piiTransactionId", storedPendingReq.getUniquePiiTransactionIdentifier(),
+ authBlockJson.get("piiTransactionId").asText());
+ Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText());
+ Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty());
+ Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty());
+ Assert.assertTrue("binding pubKey", authBlockJson.has("bindingPublicKey"));
+ Assert.assertEquals("binding PubKey", bindingPubKey, authBlockJson.get("bindingPublicKey").asText());
Assert.assertTrue("EID process", authProcessData.isEidProcess());
Assert.assertTrue("foreigner process", authProcessData.isForeigner());
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java
index de9b2d3b..0e56e2b3 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java
@@ -39,7 +39,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
import at.gv.egiz.eaaf.core.impl.utils.Random;
@@ -84,6 +84,7 @@ public class ReceiveEidasResponseTaskTest {
RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false");
+ basicConfig.putConfigValue("eidas.ms.auth.eIDAS.eid.testidentity.default", "false");
final Map<String, String> spConfig = new HashMap<>();
spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp");
@@ -153,15 +154,44 @@ public class ReceiveEidasResponseTaskTest {
IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
Assert.assertNotNull("pendingReq not stored", storedReq);
- final AuthProcessDataWrapper authProcessData = storedReq.getSessionData(AuthProcessDataWrapper.class);
+ final EidAuthProcessDataWrapper authProcessData = storedReq.getSessionData(EidAuthProcessDataWrapper.class);
Assert.assertEquals("LoA", eidasResponse.getLevelOfAssurance(), authProcessData.getQaaLevel());
Assert.assertNotNull("eIDAS response",
authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
Assert.assertEquals("eIDAS response", eidasResponse,
authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
+ Assert.assertFalse("testIdentity flag", authProcessData.isTestIdentity());
}
+ @Test
+ public void successWithTestIdentity() throws URISyntaxException, TaskExecutionException, PendingReqIdValidationException {
+ basicConfig.putConfigValue("eidas.ms.auth.eIDAS.eid.testidentity.default", "true");
+
+ @NotNull
+ AuthenticationResponse eidasResponse = buildDummyAuthResponse(Constants.SUCCESS_URI);
+ httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
+ executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU");
+
+ //execute test
+ task.execute(pendingReq, executionContext);
+
+ //validate state
+ IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
+ Assert.assertNotNull("pendingReq not stored", storedReq);
+
+ final EidAuthProcessDataWrapper authProcessData = storedReq.getSessionData(EidAuthProcessDataWrapper.class);
+ Assert.assertEquals("LoA", eidasResponse.getLevelOfAssurance(), authProcessData.getQaaLevel());
+ Assert.assertNotNull("eIDAS response",
+ authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
+ Assert.assertEquals("eIDAS response", eidasResponse,
+ authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
+ Assert.assertTrue("testIdentity flag", authProcessData.isTestIdentity());
+
+ }
+
+
+
@NotNull
private AuthenticationResponse buildDummyAuthResponse(String statusCode) throws URISyntaxException {
final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
diff --git a/infos/handbook-work_in_progress.docx b/infos/handbook-work_in_progress.docx
index d311fa80..192db5d4 100644
--- a/infos/handbook-work_in_progress.docx
+++ b/infos/handbook-work_in_progress.docx
Binary files differ
diff --git a/pom.xml b/pom.xml
index 46d02706..808d71b9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
<!-- ===================================================================== -->
<egiz-spring-api>0.3</egiz-spring-api>
<egiz-eventlog-slf4jBackend>0.4</egiz-eventlog-slf4jBackend>
- <eaaf-core.version>1.1.11</eaaf-core.version>
+ <eaaf-core.version>1.1.13-SNAPSHOT</eaaf-core.version>
<spring-boot-starter-web.version>2.4.1</spring-boot-starter-web.version>
<spring-boot-admin-starter-client.version>2.3.1</spring-boot-admin-starter-client.version>