aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README.md112
-rw-r--r--basicConfig/default_config.properties6
-rw-r--r--basicConfig/eIDAS/igniteSpecificCommunication.xml19
-rw-r--r--basicConfig/properties/messages.properties2
-rw-r--r--basicConfig/templates/error_message.html10
-rw-r--r--build_reporting/pom.xml2
-rw-r--r--connector/pom.xml16
-rw-r--r--connector/src/assembly/assembly_dir.xml2
-rw-r--r--connector/src/assembly/assembly_zip.xml3
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java26
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java15
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java114
-rw-r--r--connector/src/main/resources/application.properties35
-rw-r--r--connector/src/main/resources/logback.xml107
-rw-r--r--connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java16
-rw-r--r--connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java16
-rw-r--r--connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java5
-rw-r--r--connector/src/test/resources/data/metadata_valid_without_encryption.xml1
-rw-r--r--connector/src/test/resources/data/pvp2_authn_3.xml3
-rw-r--r--connector_lib/pom.xml2
-rw-r--r--connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java3
-rw-r--r--connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/config/StaticResourceConfiguration.java17
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/pom.xml6
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java18
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java138
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/LuEidProcessor.java61
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java12
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java7
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java25
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml5
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java75
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java36
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java163
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java42
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java3
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java48
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml5
-rw-r--r--eidas_modules/authmodule_id-austria/pom.xml174
-rw-r--r--eidas_modules/eidas_proxy-sevice/pom.xml185
-rw-r--r--eidas_modules/pom.xml2
-rw-r--r--infos/Handbuch_MS-eIDAS-Node.docxbin0 -> 58160 bytes
-rw-r--r--infos/handbook/Handbuch_MS-eIDAS-Node.pdfbin0 -> 162244 bytes
-rw-r--r--infos/readme_1.2.0.md59
-rw-r--r--infos/readme_1.2.1.md57
-rw-r--r--infos/readme_1.2.2.md60
-rw-r--r--pom.xml33
47 files changed, 1426 insertions, 322 deletions
diff --git a/README.md b/README.md
new file mode 100644
index 00000000..e0914598
--- /dev/null
+++ b/README.md
@@ -0,0 +1,112 @@
+# Member-state specific eIDAS Application
+
+## Description
+
+The member-state specific eIDAS application (ms-specific eIDAS) implements the bridge between the eIDAS reference implementation provides by European commission and the national eID system. This application consists of two parts
+
+- **MS-specific Connector:** implements the bridge to connect a national service-provider to a foreign idenity-provider.
+
+- **MS-specific Proxy-Service:** implements the bridge to connect a foreign service-provider to national eID system (ID Austria). This feature is not implemented yet.
+
+
+
+### Building
+
+The application uses SpringBoot as core framework, but the default build-profile does not build an executable jar. There, the application has to be deployed into an application service, like Apache Tomcat
+
+The project can be build with :
+
+```
+mvn clean package
+```
+
+The resulting `war` file can be deployed into an application server
+
+Set Java System-Property _-Deidas.ms.configuration=/path/to/configuration..._ to set the configuration for this application
+
+
+
+If you like to build an executable SpringBoot application with embedded Tomcat then use:
+
+```
+mvn -P embbededTomcat clean package
+```
+
+The resulting `jar` file can be run with java:
+
+```
+java -jar ./connector/target/ms-connector.jar
+```
+
+But it is also directly executalbe
+
+```
+./connector/target/ms-connector.jar
+```
+
+In case of a executable application package, the configuration can be either set by Java System-Property _-Deidas.ms.configuration=/path/to/configuration..._ or by default SpringBoot configuration features.
+
+
+
+### Configuration
+
+A default configuration is located at _basicConfig/_
+
+
+
+## Generate a BM.I Release Package
+
+The full release packages for BM.I infrastructure will be automatically assembled by maven build-process. Before release build, all release related information have to added into infos folder. To add release informations follow the steps outlined below.
+
+Add a file with release informations to:
+```
+./infos/readme_{version}.txt
+```
+
+Add additional eIDAS Node related information into:
+
+```
+./infos/eIDAS_Ref_Impl/
+```
+
+Add, remove, or update the application description in the handbook and store the handbook for the current release version as pdf.
+
+```
+modify: ./infos/handbook-work_in_progress.docx
+store pdf to: ./infos/handbook/handbook-{version}.pdf
+```
+
+Generate a release package with:
+
+
+```
+mvn clean package
+```
+
+The full release package will be located add
+```
+./target/ms_specific_connector-{version}-dist.tar.gz
+```
+
+
+
+## Changelog
+
+**v1.2.0**
+
+- Anpassungen zur Anbindungen an das E-ID System
+- Update auf eIDAS Ref. Impl. 2.5.0 mit Apache Ignite Cache
+ https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS-Node+version+2.5
+- TODO:
+
+
+
+**v1.1.0**
+
+ - Update auf eIDAS Ref. Impl. 2.4.0 mit Apache Ignite Cache
+ https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS-Node+version+2.4
+ - Statischer Service-Provider Name für öffentliche Applikationen
+ - Mindest LoA, welche für Requests an eIDAS Proxy-Services verwendet wird.
+ - Requested Attributes je Land konfigurierbar
+ - Neue Template-Engine mit i18n Unterstützung
+ - Neuer Algorithmus zur Generierung von Sessiontokens \ No newline at end of file
diff --git a/basicConfig/default_config.properties b/basicConfig/default_config.properties
index 8a1bc3a0..2ea12b17 100644
--- a/basicConfig/default_config.properties
+++ b/basicConfig/default_config.properties
@@ -1,6 +1,5 @@
## Basic service configuration
eidas.ms.context.url.prefix=
-eidas.ms.context.url.request.validation=false
eidas.ms.core.configRootDir=file:./
@@ -19,6 +18,8 @@ eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret
## eIDAS Ref. Implementation connector ###
+eidas.ms.auth.eIDAS.eid.testidentity.default=false
+
eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector
eidas.ms.auth.eIDAS.node_v2.forward.endpoint=
@@ -31,6 +32,9 @@ eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password=
eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path=
eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password=
+## eIDAS Request configuration
+eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs=Austria
+
## E-AuthBlock configuration
eidas.ms.auth.eIDAS.authblock.keystore.type=jks
diff --git a/basicConfig/eIDAS/igniteSpecificCommunication.xml b/basicConfig/eIDAS/igniteSpecificCommunication.xml
index f817f5a4..da61cbf1 100644
--- a/basicConfig/eIDAS/igniteSpecificCommunication.xml
+++ b/basicConfig/eIDAS/igniteSpecificCommunication.xml
@@ -53,30 +53,35 @@
<property name="name" value="specificNodeConnectorRequestCache"/>
<property name="atomicityMode" value="ATOMIC"/>
<property name="backups" value="1"/>
+ <property name="expiryPolicyFactory" ref="7_minutes_duration"/>
</bean>
<!-- Partitioned cache example configuration (Atomic mode). -->
<bean class="org.apache.ignite.configuration.CacheConfiguration">
<property name="name" value="nodeSpecificProxyserviceRequestCache"/>
<property name="atomicityMode" value="ATOMIC"/>
<property name="backups" value="1"/>
+ <property name="expiryPolicyFactory" ref="7_minutes_duration"/>
</bean>
<!-- Partitioned cache example configuration (Atomic mode). -->
<bean class="org.apache.ignite.configuration.CacheConfiguration">
<property name="name" value="specificNodeProxyserviceResponseCache"/>
<property name="atomicityMode" value="ATOMIC"/>
<property name="backups" value="1"/>
- </bean>
+ <property name="expiryPolicyFactory" ref="7_minutes_duration"/>
+ </bean>
<!-- Partitioned cache example configuration (Atomic mode). -->
<bean class="org.apache.ignite.configuration.CacheConfiguration">
<property name="name" value="nodeSpecificConnectorResponseCache"/>
<property name="atomicityMode" value="ATOMIC"/>
<property name="backups" value="1"/>
+ <property name="expiryPolicyFactory" ref="7_minutes_duration"/>
</bean>
<!-- Partitioned cache example configuration (Atomic mode). -->
<bean class="org.apache.ignite.configuration.CacheConfiguration">
<property name="name" value="msConnectorCache"/>
<property name="atomicityMode" value="ATOMIC"/>
<property name="backups" value="1"/>
+ <property name="expiryPolicyFactory" ref="7_minutes_duration"/>
</bean>
</list>
@@ -106,4 +111,16 @@
<property name="searchSystemEnvironment" value="true"/>
</bean>
+ <!--
+ Defines expiry policy based on moment of creation for ignite cache.
+ -->
+ <bean id="7_minutes_duration" class="javax.cache.expiry.CreatedExpiryPolicy" factory-method="factoryOf" scope="prototype">
+ <constructor-arg>
+ <bean class="javax.cache.expiry.Duration">
+ <constructor-arg value="MINUTES"/>
+ <constructor-arg value="7"/>
+ </bean>
+ </constructor-arg>
+ </bean>
+
</beans>
diff --git a/basicConfig/properties/messages.properties b/basicConfig/properties/messages.properties
index 60ab474e..3ea204dd 100644
--- a/basicConfig/properties/messages.properties
+++ b/basicConfig/properties/messages.properties
@@ -87,6 +87,8 @@ gui.countryselection.country.lu=Luxembourg
gui.countryselection.country.lu.logo.alt=Luxembourg-eID
gui.countryselection.country.mt=Malta
gui.countryselection.country.mt.logo.alt=Malta-eID
+gui.countryselection.country.no=Norway
+gui.countryselection.country.no.logo.alt=Norway-eID
gui.countryselection.country.ro=Romania
gui.countryselection.country.ro.logo.alt=Romania-eID
gui.countryselection.country.sk=Slovakia
diff --git a/basicConfig/templates/error_message.html b/basicConfig/templates/error_message.html
index f9788f6a..b1367962 100644
--- a/basicConfig/templates/error_message.html
+++ b/basicConfig/templates/error_message.html
@@ -21,16 +21,12 @@
<div id="alert_area" class="hell" role="application" >
<p th:text="#{gui.errorpage.msg.information}">Error Information</p>
<br/>
- <p><b th:text="#{gui.errorpage.msg.errorcode}">Code :</b> <span th:text="${errorCode}"></span></p>
+ <p><b th:text="#{gui.errorpage.msg.errorcode}">Code :</b> <span th:text="${extErrorCode}"></span></p>
<p><b th:text="#{gui.errorpage.msg.errormsg}">Msg :</b > <span th:text="${#messages.msgWithParams('__${errorCode}__', '__${errorParams}__')}"></span></p>
</div>
</div>
-
- <div th:if="${msg.stacktrace}">
- <p><b th:text="#{gui.errorpage.msg.stacktrace}">fullError</b> <span th:text="${msg.stacktrace}"></span></p>
- </div>
-
+
</div>
</div>
</body>
-</html> \ No newline at end of file
+</html>
diff --git a/build_reporting/pom.xml b/build_reporting/pom.xml
index eca57a03..c4bf9f83 100644
--- a/build_reporting/pom.xml
+++ b/build_reporting/pom.xml
@@ -6,7 +6,7 @@
<parent>
<groupId>at.asitplus.eidas</groupId>
<artifactId>ms_specific</artifactId>
- <version>1.1.1-SNAPSHOT</version>
+ <version>1.2.2</version>
</parent>
<artifactId>build_reporting</artifactId>
<packaging>pom</packaging>
diff --git a/connector/pom.xml b/connector/pom.xml
index bbc54443..8b123cd4 100644
--- a/connector/pom.xml
+++ b/connector/pom.xml
@@ -6,7 +6,7 @@
<parent>
<groupId>at.asitplus.eidas</groupId>
<artifactId>ms_specific</artifactId>
- <version>1.1.1-SNAPSHOT</version>
+ <version>1.2.2</version>
</parent>
<groupId>at.asitplus.eidas.ms_specific</groupId>
@@ -139,6 +139,20 @@
<groupId>com.github.skjolber</groupId>
<artifactId>mockito-soap-cxf</artifactId>
<scope>test</scope>
+ <!--exclusions>
+ <exclusion>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-wsdl</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-bindings-soap</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-core</artifactId>
+ </exclusion>
+ </exclusions-->
</dependency>
<dependency>
<groupId>com.squareup.okhttp3</groupId>
diff --git a/connector/src/assembly/assembly_dir.xml b/connector/src/assembly/assembly_dir.xml
index 37e05390..59437be6 100644
--- a/connector/src/assembly/assembly_dir.xml
+++ b/connector/src/assembly/assembly_dir.xml
@@ -43,7 +43,9 @@
<includes>
<!-- include>README.md</include-->
<include>readme_${project.version}.txt</include>
+ <include>readme_${project.version}.md</include>
<include>eIDAS_Ref_Impl/*</include>
+ <include>handbook/*</include>
</includes>
</fileSet>
</fileSets>
diff --git a/connector/src/assembly/assembly_zip.xml b/connector/src/assembly/assembly_zip.xml
index 579da2e1..43877283 100644
--- a/connector/src/assembly/assembly_zip.xml
+++ b/connector/src/assembly/assembly_zip.xml
@@ -43,6 +43,9 @@
<includes>
<!-- include>README.md</include -->
<include>readme_${project.version}.txt</include>
+ <include>readme_${project.version}.md</include>
+ <include>eIDAS_Ref_Impl/*</include>
+ <include>handbook/*</include>
</includes>
</fileSet>
</fileSets>
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java
index c41660ce..3a93c1b8 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java
@@ -30,6 +30,7 @@ import org.springframework.stereotype.Service;
import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
@@ -37,8 +38,9 @@ import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
import lombok.extern.slf4j.Slf4j;
@Service("AuthenticationDataBuilder")
@@ -47,9 +49,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
@Override
protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException {
- final IAuthProcessDataContainer authProcessData =
- pendingReq.getSessionData(AuthProcessDataWrapper.class);
- AuthenticationData authData = new AuthenticationData();
+ final EidAuthProcessDataWrapper authProcessData =
+ pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
+ EidAuthenticationData authData = new EidAuthenticationData();
//set basis infos
super.generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData);
@@ -58,6 +60,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
authData.setSsoSessionValidTo(
new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
+ authData.setEidStatus(authProcessData.isTestIdentity()
+ ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY);
+
return authData;
}
@@ -65,16 +70,21 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
@Override
protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq)
throws EaafException {
- if (authData instanceof AuthenticationData) {
- ((AuthenticationData)authData).setGenericData(
+ if (authData instanceof EidAuthenticationData) {
+ ((EidAuthenticationData)authData).setGenericData(
ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME,
pendingReq.getUniquePiiTransactionIdentifier());
log.trace("Inject piiTransactionId: {} into AuthData", pendingReq.getUniquePiiTransactionIdentifier());
// set specific informations
- ((AuthenticationData)authData).setSsoSessionValidTo(
+ ((EidAuthenticationData)authData).setSsoSessionValidTo(
new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
+ //set E-ID status-level
+ final EidAuthProcessDataWrapper authProcessData =
+ pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
+ ((EidAuthenticationData)authData).setEidStatus(authProcessData.isTestIdentity()
+ ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY);
} else {
throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: "
@@ -86,7 +96,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
@Override
protected IAuthData getAuthDataInstance(IRequest arg0) throws EaafException {
- return new AuthenticationData();
+ return new EidAuthenticationData();
}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java
index 55ce044d..eef09b8d 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java
@@ -28,16 +28,16 @@ import java.util.Locale;
import java.util.MissingResourceException;
import java.util.ResourceBundle;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.apache.commons.lang3.StringUtils;
import org.springframework.stereotype.Service;
import at.gv.egiz.eaaf.core.api.IStatusMessenger;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import lombok.extern.slf4j.Slf4j;
@Service("StatusMessageProvider")
+@Slf4j
public class StatusMessageProvider implements IStatusMessenger {
- private static final Logger log = LoggerFactory.getLogger(StatusMessageProvider.class);
private static final String ERROR_MESSAGES_UNAVAILABLE =
"Error messages can NOT be load from application. Only errorCode: {0} is availabe";
@@ -96,7 +96,6 @@ public class StatusMessageProvider implements IStatusMessenger {
return ((EaafException) throwable).getErrorId();
}
-
return IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC;
}
@@ -118,7 +117,13 @@ public class StatusMessageProvider implements IStatusMessenger {
} else {
try {
- return externalError.getString(intErrorCode);
+ if (StringUtils.isNotEmpty(intErrorCode)) {
+ return externalError.getString(intErrorCode);
+
+ } else {
+ return IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC;
+
+ }
} catch (final MissingResourceException e2) {
log.info(MessageFormat.format(ERROR_NO_EXTERNALERROR_CODE, new Object[] { intErrorCode }));
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
index a9eb06be..881eeb8a 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
@@ -75,7 +75,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
if (nameIdPolicy != null) {
final String nameIdFormat = nameIdPolicy.getFormat();
if (nameIdFormat != null) {
- if (!(NameIDType.TRANSIENT.equals(nameIdFormat)
+ if (!(NameIDType.TRANSIENT.equals(nameIdFormat)
|| NameIDType.PERSISTENT.equals(nameIdFormat))) {
throw new NameIdFormatNotSupportedException(nameIdFormat);
@@ -114,10 +114,10 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
// post-process requested LoA comparison-level
pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setLoAMachtingMode(
extractComparisonLevel(authnReq));
-
- //extract information from requested attributes
+
+ // extract information from requested attributes
extractFromRequestedAttriutes(pendingReq, authnReq);
-
+
} catch (final EaafStorageException e) {
log.info("Can NOT store Authn. Req. data into pendingRequest.", e);
throw new AuthnRequestValidatorException("internal.02", null, e);
@@ -126,14 +126,14 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
}
- private void extractFromRequestedAttriutes(IRequest pendingReq, AuthnRequest authnReq)
- throws AuthnRequestValidatorException {
+ private void extractFromRequestedAttriutes(IRequest pendingReq, AuthnRequest authnReq)
+ throws AuthnRequestValidatorException, EaafStorageException {
// validate and process requested attributes
boolean sectorDetected = false;
-
+
final ServiceProviderConfiguration spConfig = pendingReq.getServiceProviderConfiguration(
ServiceProviderConfiguration.class);
-
+
if (authnReq.getExtensions() != null) {
final List<XMLObject> requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects();
for (final XMLObject reqAttrObj : requestedAttributes) {
@@ -143,77 +143,101 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
for (final EaafRequestedAttribute el : reqAttr.getAttributes()) {
log.trace("Processing req. attribute '" + el.getName() + "' ... ");
if (el.getName().equals(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
- sectorDetected = extractBpkTargetIdentifier(el, spConfig);
-
+ sectorDetected = extractBpkTargetIdentifier(el, spConfig);
+
} else if (el.getName().equals(ExtendedPvpAttributeDefinitions.EID_TRANSACTION_ID_NAME)) {
extractUniqueTransactionId(el, pendingReq);
-
+
+ } else if (el.getName().equals(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME)) {
+ extractBindingPublicKey(el, pendingReq);
+
} else {
log.debug("Ignore req. attribute: " + el.getName());
-
+
}
}
} else {
log.debug("No requested Attributes in Authn. Request");
-
+
}
} else {
log.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString());
-
+
}
}
}
-
+
if (!sectorDetected) {
log.warn("Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information.");
throw new AuthnRequestValidatorException("pvp2.22", new Object[] {
"NO or NO VALID target-sector information" });
}
-
+
+ }
+
+ private void extractBindingPublicKey(EaafRequestedAttribute el, IRequest pendingReq)
+ throws EaafStorageException {
+ if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
+ final String bindingPubKey = el.getAttributeValues().get(0).getDOM().getTextContent();
+ pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey);
+ log.info("Find Binding Public-Key. eIDAS authentication will be used to create an ID Austria Binding");
+
+ } else {
+ log.warn(
+ "Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute",
+ el.getName());
+
+ }
}
/**
* Extract unique transactionId from AuthnRequest.
- *
- * @param el Requested attribute from AuthnRequest
- * @param pendingReq Current pendingRequest object (has to be of type {@link RequestImpl})
- * @return <code>true</code> if transactionId extraction was successful, otherwise <code>false</code>
+ *
+ * @param el Requested attribute from AuthnRequest
+ * @param pendingReq Current pendingRequest object (has to be of type
+ * {@link RequestImpl})
+ * @return <code>true</code> if transactionId extraction was successful,
+ * otherwise <code>false</code>
*/
private boolean extractUniqueTransactionId(EaafRequestedAttribute el, IRequest pendingReq) {
if (!(pendingReq instanceof RequestImpl)) {
- log.warn("Can NOT set unique transactionId from AuthnRequest,because 'PendingRequest' is NOT from Type: {}",
+ log.warn(
+ "Can NOT set unique transactionId from AuthnRequest,because 'PendingRequest' is NOT from Type: {}",
RequestImpl.class.getName());
-
- } else {
+
+ } else {
if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
- final String transactionId = el.getAttributeValues().get(0).getDOM().getTextContent();
- ((RequestImpl)pendingReq).setUniqueTransactionIdentifier(transactionId);
+ final String transactionId = el.getAttributeValues().get(0).getDOM().getTextContent();
+ ((RequestImpl) pendingReq).setUniqueTransactionIdentifier(transactionId);
return true;
} else {
- log.warn("Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute",
+ log.warn(
+ "Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute",
el.getName());
-
+
}
-
+
}
-
+
return false;
}
/**
* Extract the bPK target from requested attribute.
- *
- * @param el Requested attribute from AuthnRequest
+ *
+ * @param el Requested attribute from AuthnRequest
* @param spConfig Service-Provider configuration for current process
- * @return <code>true</code> if bPK target extraction was successful, otherwise <code>false</code>
+ * @return <code>true</code> if bPK target extraction was successful, otherwise
+ * <code>false</code>
*/
- private boolean extractBpkTargetIdentifier(EaafRequestedAttribute el, ServiceProviderConfiguration spConfig) {
+ private boolean extractBpkTargetIdentifier(EaafRequestedAttribute el,
+ ServiceProviderConfiguration spConfig) {
if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
- final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent();
+ final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent();
try {
spConfig.setBpkTargetIdentifier(sectorId);
return true;
@@ -227,16 +251,16 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
log.warn("Req. attribute '" + el.getName()
+ "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute");
}
-
+
return false;
-
+
}
-
- private void postprocessLoaLevel(IRequest pendingReq, AuthnRequest authnReq)
+
+ private void postprocessLoaLevel(IRequest pendingReq, AuthnRequest authnReq)
throws AuthnRequestValidatorException {
final List<String> reqLoA = extractLoA(authnReq);
- log.trace("SP requests LoA with: {}", String.join(", ",reqLoA));
-
+ log.trace("SP requests LoA with: {}", String.join(", ", reqLoA));
+
LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration(
MsEidasNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL,
EaafConstants.EIDAS_LOA_HIGH));
@@ -246,15 +270,15 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
minimumLoAFromConfig = LevelOfAssurance.HIGH;
}
-
+
log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...",
- minimumLoAFromConfig);
+ minimumLoAFromConfig);
final List<String> allowedLoA = new ArrayList<>();
for (final String loa : reqLoA) {
try {
final LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa);
String selectedLoA = EaafConstants.EIDAS_LOA_HIGH;
- if (intLoa != null
+ if (intLoa != null
&& intLoa.numericValue() <= minimumLoAFromConfig.numericValue()) {
log.info("Client: {} requested LoA: {} will be upgraded to: {}",
pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(),
@@ -281,7 +305,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA(
allowedLoA);
-
+
}
private String extractComparisonLevel(AuthnRequest authnReq) {
@@ -335,7 +359,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
private String extractScopeRequsterId(AuthnRequest authnReq) {
if (authnReq.getScoping() != null) {
final Scoping scoping = authnReq.getScoping();
- if (scoping.getRequesterIDs() != null
+ if (scoping.getRequesterIDs() != null
&& scoping.getRequesterIDs().size() > 0) {
if (scoping.getRequesterIDs().size() == 1) {
return scoping.getRequesterIDs().get(0).getRequesterID();
diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties
index 8263ea82..e92099ab 100644
--- a/connector/src/main/resources/application.properties
+++ b/connector/src/main/resources/application.properties
@@ -17,9 +17,9 @@ spring.boot.admin.client.enabled=false
#############################################################################
## MS-speccific eIDAS-Connector configuration
-#proxy.context.url.prefix=
+#eidas.ms.context.url.prefix=
eidas.ms.context.url.request.validation=false
-#proxy.configRootDir=file:/.../config/
+#eidas.ms.configRootDir=file:/.../config/
eidas.ms.context.use.clustermode=true
eidas.ms.core.logging.level.info.errorcodes=auth.21
@@ -48,14 +48,28 @@ eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256
## eIDAS Ref. Implementation connector ###
eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector
+eidas.ms.auth.eIDAS.eid.testidentity.default=false
+
#eidas.ms.auth.eIDAS.node_v2.forward.endpoint=
eidas.ms.auth.eIDAS.node_v2.forward.method=POST
eidas.ms.auth.eIDAS.node_v2.countrycode=AT
-eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.*
-eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true
+eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=urn:publicid:gv.at:cdid\+.*
+
+## use SAML2 requestId as transactionIdentifier to mitigate problems with SAML2 relaystate
eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true
-eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true
+## use hashed version of unique SP-Identifier as requesterId
+eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm=true
+
+## user static requesterId for all SP's in case of LU
+eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll=true
+
+
+## set provider name for all public SPs
+eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=false
+
+
+#eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat=
eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high
#eidas.ms.auth.eIDAS.szrclient.useTestService=true
@@ -108,6 +122,7 @@ eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true
eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=false
eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false
+
##without mandates
eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true
eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true
@@ -136,7 +151,7 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true
#eidas.ms.pvp2.key.metadata.password=password
#eidas.ms.pvp2.key.signing.alias=sig
#eidas.ms.pvp2.key.signing.password=password
-#eidas.ms.pvp2.metadata.validity=24
+eidas.ms.pvp2.metadata.validity=24
#eidas.ms.pvp2.metadata.organisation.name=JUnit
#eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit
@@ -157,8 +172,6 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true
##only for advanced config
-eidas.ms.configuration.sp.disableRegistrationRequirement=
-#eidas.ms.configuration.restrictions.baseID.spTransmission=
-eidas.ms.configuration.auth.default.countrycode=
-eidas.ms.configuration.pvp.scheme.validation=
-eidas.ms.configuration.pvp.enable.entitycategories= \ No newline at end of file
+eidas.ms.configuration.sp.disableRegistrationRequirement=false
+eidas.ms.configuration.pvp.scheme.validation=true
+eidas.ms.configuration.pvp.enable.entitycategories=false \ No newline at end of file
diff --git a/connector/src/main/resources/logback.xml b/connector/src/main/resources/logback.xml
index 7aa2d0cc..9679d9e4 100644
--- a/connector/src/main/resources/logback.xml
+++ b/connector/src/main/resources/logback.xml
@@ -8,96 +8,6 @@
<!-- http://www.qos.ch/shop/products/professionalSupport -->
<!-- -->
<configuration>
- <appender name="msnode"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender -->
- <File>logs/eidas-ms-specific.log</File>
- <encoder>
- <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>9999</maxIndex>
- <FileNamePattern>logs/eidas-ms-specific.log.%i
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <MaxFileSize>10000KB</MaxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="EIDASNODE"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender -->
- <File>logs/eIDAS_node.log</File>
- <encoder>
- <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>9999</maxIndex>
- <FileNamePattern>logs/eIDAS_node.log.%i
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <MaxFileSize>10000KB</MaxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="reversion"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender -->
- <File>logs/eidas-ms-reversion.log</File>
- <encoder>
- <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>9999</maxIndex>
- <FileNamePattern>logs/eidas-ms-reversion.log.%i
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <MaxFileSize>10000KB</MaxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="statistic"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender -->
- <File>logs/eidas-ms-statistic.log</File>
- <encoder>
- <pattern>%m%n</pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>9999</maxIndex>
- <FileNamePattern>logs/eidas-ms-statistic.log.%i
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <MaxFileSize>10000KB</MaxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="stdout"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender -->
- <File>logs/console.log</File>
- <encoder>
- <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>9999</maxIndex>
- <FileNamePattern>logs/console.log.%i
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <MaxFileSize>10000KB</MaxFileSize>
- </triggeringPolicy>
- </appender>
<appender name="console"
class="ch.qos.logback.core.ConsoleAppender">
<encoder>
@@ -105,27 +15,16 @@
</encoder>
</appender>
<logger name="at.gv.egiz.eaaf" level="info">
- <appender-ref ref="msnode" />
+ <appender-ref ref="console" />
</logger>
<logger name="eu.eidas" additivity="false" level="info">
- <appender-ref ref="EIDASNODE" />
+ <appender-ref ref="console" />
</logger>
<logger name="at.gv.egiz.eidas.specific" additivity="false"
level="info">
- <appender-ref ref="msnode" />
- </logger>
- <logger
- name="at.gv.egiz.eidas.specific.connector.logger.RevisionLogger"
- additivity="false" level="info">
- <appender-ref ref="reversion" />
- </logger>
- <logger
- name="at.gv.egiz.eidas.specific.connector.logger.StatisticLogger"
- additivity="false" level="info">
- <appender-ref ref="statistic" />
+ <appender-ref ref="console" />
</logger>
<root level="info">
- <appender-ref ref="stdout" />
<appender-ref ref="console" />
</root>
</configuration>
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
index 1690016e..4e66d324 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
@@ -51,13 +51,12 @@ import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
-import com.skjolberg.mockito.soap.SoapServiceRule;
+import com.github.skjolber.mockito.soap.SoapServiceRule;
import at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalController;
import at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint;
import at.asitplus.eidas.specific.connector.provider.PvpEndPointCredentialProvider;
import at.asitplus.eidas.specific.connector.provider.PvpMetadataProvider;
-import at.asitplus.eidas.specific.connector.test.saml2.Pvp2SProfileEndPointTest;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
@@ -76,6 +75,7 @@ import at.gv.e_government.reference.namespace.persondata.de._20040201.Identifica
import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer;
import at.gv.egiz.eaaf.core.api.IStatusMessenger;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController;
import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory;
@@ -115,7 +115,7 @@ import szrservices.SignContentResponseType;
public class FullStartUpAndProcessTest {
private static final String FINAL_REDIRECT = "http://localhost/public/secure/finalizeAuthProtocol?pendingid=";
-
+
@Autowired private WebApplicationContext wac;
@Autowired private PvpEndPointCredentialProvider credentialProvider;
@Autowired private PvpMetadataProvider metadataProvider;
@@ -178,7 +178,6 @@ public class FullStartUpAndProcessTest {
System.out.println("Closiong Ignite Node ... ");
Ignition.stopAll(true);
-
//set Ignite-node holder to 'null' because static holders are shared between different tests
final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance");
field.setAccessible(true);
@@ -400,7 +399,8 @@ public class FullStartUpAndProcessTest {
Assert.assertEquals("SAML2 status", Constants.SUCCESS_URI, saml2.getStatus().getStatusCode().getValue());
final AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(saml2);
- Assert.assertEquals("wrong resp attr. size", 6, extractor.getAllIncludeAttributeNames().size());
+
+ Assert.assertEquals("wrong resp attr. size", 7, extractor.getAllIncludeAttributeNames().size());
Assert.assertEquals("Wrong attr: LoA ", "http://eidas.europa.eu/LoA/high",
extractor.getSingleAttributeValue("urn:oid:1.2.40.0.10.2.1.1.261.108"));
Assert.assertEquals("Wrong attr: PVP_VERSION ", "2.2",
@@ -413,7 +413,9 @@ public class FullStartUpAndProcessTest {
extractor.getSingleAttributeValue("urn:eidgvat:attributes.authblock.signed"));
Assert.assertNotNull("Wrong attr: piiTras.Id ",
extractor.getSingleAttributeValue("urn:eidgvat:attributes.piiTransactionId"));
-
+ Assert.assertEquals("Wrong attr:EID_STATUS_LEVEL ", "http://eid.gv.at/eID/status/identity",
+ extractor.getSingleAttributeValue(PvpAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_NAME));
+
}
private void injectSzrResponse() throws Exception {
@@ -538,7 +540,7 @@ public class FullStartUpAndProcessTest {
IOException, MarshallingException, ComponentInitializationException {
final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
- Pvp2SProfileEndPointTest.class.getResourceAsStream("/data/pvp2_authn_1.xml"));
+ FullStartUpAndProcessTest.class.getResourceAsStream("/data/pvp2_authn_1.xml"));
authnReq.setIssueInstant(DateTime.now());
RequestAbstractType signedAuthnReq =
Saml2Utils.signSamlObject(authnReq, credentialProvider.getMessageSigningCredential(), true);
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java
index f4b8e57c..17ecb2ca 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java
@@ -11,6 +11,7 @@ import java.util.Map;
import javax.xml.transform.TransformerException;
import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang3.RandomUtils;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
@@ -35,6 +36,7 @@ import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
@@ -43,7 +45,9 @@ import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
import at.gv.egiz.eaaf.core.exceptions.EaafParserException;
import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
@@ -118,8 +122,10 @@ public class AuthenticationDataBuilderTest {
@Test
public void eidMode() throws EaafAuthenticationException {
// initialize state
+ boolean isTestIdentity = RandomUtils.nextBoolean();
pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
-
+ pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity);
+
// execute
IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
@@ -128,6 +134,9 @@ public class AuthenticationDataBuilderTest {
Assert.assertNotNull("authBlock null", authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class));
Assert.assertNotNull("eidasBind null", authData.getGenericData(Constants.EIDAS_BIND, String.class));
Assert.assertNotNull("LoA null", authData.getEidasQaaLevel());
+ Assert.assertEquals("testIdentity flag",
+ isTestIdentity ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY,
+ ((EidAuthenticationData)authData).getEidStatus());
String authBlock = authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class);
String eidasBind = authData.getGenericData(Constants.EIDAS_BIND, String.class);
@@ -159,6 +168,8 @@ public class AuthenticationDataBuilderTest {
@Test
public void moaIdMode() throws EaafAuthenticationException, EaafBuilderException {
//initialize state
+ boolean isTestIdentity = RandomUtils.nextBoolean();
+ pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity);
pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(false);
IIdentityLink idl = buildDummyIdl();
pendingReq.getSessionData(AuthProcessDataWrapper.class).setIdentityLink(idl);
@@ -173,6 +184,9 @@ public class AuthenticationDataBuilderTest {
Assert.assertNull("piiTransactionId",
authData.getGenericData(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, String.class));
+ Assert.assertEquals("testIdentity flag",
+ isTestIdentity ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY,
+ ((EidAuthenticationData)authData).getEidStatus());
Assert.assertNotNull("assertion validTo", authData.getSsoSessionValidTo());
Assert.assertNotNull("LoA null", authData.getEidasQaaLevel());
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java
index 9aafb4b6..c57515a0 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java
@@ -214,6 +214,11 @@ public class AuthnRequestValidatorTest {
Assert.assertEquals("wrong transactionId", "transId_11223344556677aabbcc",
pendingReq.getUniqueTransactionIdentifier());
+
+ Assert.assertEquals("wrong binding pubkey", "binding_pubKey_1144225247125dsfasfasdf",
+ pendingReq.getRawData(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, String.class));
+
+
}
diff --git a/connector/src/test/resources/data/metadata_valid_without_encryption.xml b/connector/src/test/resources/data/metadata_valid_without_encryption.xml
index b224c336..32b24e91 100644
--- a/connector/src/test/resources/data/metadata_valid_without_encryption.xml
+++ b/connector/src/test/resources/data/metadata_valid_without_encryption.xml
@@ -71,6 +71,7 @@ ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L</ds:X509Certificate>
<md:RequestedAttribute FriendlyName="userAuthBlock" Name="urn:eidgvat:attributes.authblock.signed" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
<md:RequestedAttribute FriendlyName="eidBind" Name="urn:eidgvat:attributes.eidbind" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
<md:RequestedAttribute FriendlyName="piiTransactionId" Name="urn:eidgvat:attributes.piiTransactionId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+ <md:RequestedAttribute FriendlyName="EID-IDENTITY-STATUS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.109" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
</md:AttributeConsumingService>
</md:SPSSODescriptor>
<md:Organization>
diff --git a/connector/src/test/resources/data/pvp2_authn_3.xml b/connector/src/test/resources/data/pvp2_authn_3.xml
index 35e49b0f..5352c441 100644
--- a/connector/src/test/resources/data/pvp2_authn_3.xml
+++ b/connector/src/test/resources/data/pvp2_authn_3.xml
@@ -31,6 +31,9 @@
<eid:RequestedAttribute FriendlyName="transactionId" Name="urn:eidgvat:attributes.transactionId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
<eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">transId_11223344556677aabbcc</eid:AttributeValue>
</eid:RequestedAttribute>
+ <eid:RequestedAttribute FriendlyName="Binding-PublicKey" Name="urn:eidgvat:attributes.binding.pubkey" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+ <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">binding_pubKey_1144225247125dsfasfasdf</eid:AttributeValue>
+ </eid:RequestedAttribute>
</eid:RequestedAttributes>
</saml2p:Extensions>
<saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
diff --git a/connector_lib/pom.xml b/connector_lib/pom.xml
index a8a88e71..a834b991 100644
--- a/connector_lib/pom.xml
+++ b/connector_lib/pom.xml
@@ -7,7 +7,7 @@
<parent>
<groupId>at.asitplus.eidas</groupId>
<artifactId>ms_specific</artifactId>
- <version>1.1.1-SNAPSHOT</version>
+ <version>1.2.2</version>
</parent>
<groupId>at.asitplus.eidas.ms_specific</groupId>
<artifactId>connector_lib</artifactId>
diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java
index c6eb9bfa..28cbb0c5 100644
--- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java
+++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java
@@ -179,6 +179,9 @@ public class MsEidasNodeConstants {
public static final List<String> COUNTRY_SELECTION_PARAM_WHITELIST =
Arrays.asList(REQ_PARAM_SELECTED_COUNTRY, REQ_PARAM_SELECTED_ENVIRONMENT);
+
+ public static final String EID_BINDING_PUBLIC_KEY_NAME = "urn:eidgvat:attributes.binding.pubkey";
+
private MsEidasNodeConstants() {
//hidden Constructor for class with static values only.
}
diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/config/StaticResourceConfiguration.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/config/StaticResourceConfiguration.java
index 1f357674..a8cacea1 100644
--- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/config/StaticResourceConfiguration.java
+++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/config/StaticResourceConfiguration.java
@@ -33,9 +33,9 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.support.ReloadableResourceBundleMessageSource;
-import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.web.servlet.i18n.CookieLocaleResolver;
import org.thymeleaf.templateresolver.FileTemplateResolver;
import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
@@ -50,7 +50,6 @@ import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
*
*/
@Configuration
-@EnableWebMvc
public class StaticResourceConfiguration implements WebMvcConfigurer {
private static final Logger log = LoggerFactory.getLogger(StaticResourceConfiguration.class);
private static final String[] CLASSPATH_RESOURCE_LOCATIONS = {
@@ -160,6 +159,20 @@ public class StaticResourceConfiguration implements WebMvcConfigurer {
}
/**
+ * Get a i18n resolver based on cookies.
+ *
+ * @return
+ */
+ @Bean
+ public CookieLocaleResolver localeResolver() {
+ final CookieLocaleResolver localeResolver = new CookieLocaleResolver();
+ localeResolver.setCookieName("currentLanguage");
+ localeResolver.setCookieMaxAge(3600);
+ return localeResolver;
+
+ }
+
+ /**
* Get a Tyhmeleaf Template-Resolver with external configuration path.
*
* @return
diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml
index 7bbf826a..49e4984c 100644
--- a/eidas_modules/authmodule-eIDAS-v2/pom.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml
@@ -6,7 +6,7 @@
<parent>
<groupId>at.asitplus.eidas.ms_specific</groupId>
<artifactId>modules</artifactId>
- <version>1.1.1-SNAPSHOT</version>
+ <version>1.2.2</version>
</parent>
<groupId>at.asitplus.eidas.ms_specific.modules</groupId>
<artifactId>authmodule-eIDAS-v2</artifactId>
@@ -132,6 +132,10 @@
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
</dependency>
<dependency>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index 70bade43..5dfc9e68 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -67,6 +67,8 @@ public class Constants {
// configuration properties
public static final String CONIG_PROPS_EIDAS_PREFIX = "auth.eIDAS";
+ public static final String CONIG_PROPS_EIDAS_IS_TEST_IDENTITY = CONIG_PROPS_EIDAS_PREFIX
+ + ".eid.testidentity.default";
public static final String CONIG_PROPS_EIDAS_NODE = CONIG_PROPS_EIDAS_PREFIX + ".node_v2";
public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode";
public static final String CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS = CONIG_PROPS_EIDAS_NODE
@@ -82,15 +84,23 @@ public class Constants {
CONIG_PROPS_EIDAS_NODE + ".attributes.requested.{0}.onlynatural";
public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_REPRESENTATION =
CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation";
+
+ public static final String CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION =
+ CONIG_PROPS_EIDAS_NODE + ".requesterId.useHashedForm";
+ public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_REQUESTERID_FOR_LUX =
+ CONIG_PROPS_EIDAS_NODE + ".requesterId.lu.useStaticRequesterForAll";
+
public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME =
- CONIG_PROPS_EIDAS_NODE + ".workarounds.addAlwaysProviderName";
+ CONIG_PROPS_EIDAS_NODE + ".workarounds.addAlwaysProviderName";
public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER =
CONIG_PROPS_EIDAS_NODE + ".workarounds.useRequestIdAsTransactionIdentifier";
- public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP =
- CONIG_PROPS_EIDAS_NODE + ".workarounds.useStaticProviderNameForPublicSPs";
+
+ public static final String CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT =
+ CONIG_PROPS_EIDAS_NODE + ".requested.nameIdFormat";
+
public static final String CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = CONIG_PROPS_EIDAS_NODE
+ ".staticProviderNameForPublicSPs";
- public static final String DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = "ERnP";
+ public static final String DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = "Austria";
public static final String FORWARD_METHOD_POST = "POST";
public static final String FORWARD_METHOD_GET = "GET";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
index 1050f8d9..64c6adeb 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
@@ -24,17 +24,20 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
+
import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processCountryCode;
import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processDateOfBirthToString;
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.lang.NonNull;
@@ -55,9 +58,10 @@ import eu.eidas.auth.commons.attribute.AttributeDefinition;
import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
import eu.eidas.auth.commons.protocol.eidas.SpType;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public abstract class AbstractEidProcessor implements INationalEidProcessor {
- private static final Logger log = LoggerFactory.getLogger(AbstractEidProcessor.class);
@Autowired
protected EidasAttributeRegistry attrRegistry;
@@ -68,7 +72,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
public final void preProcess(IRequest pendingReq, Builder authnRequestBuilder) {
buildLevelOfAssurance(pendingReq.getServiceProviderConfiguration(), authnRequestBuilder);
- buildProviderNameAttribute(pendingReq, authnRequestBuilder);
+ buildProviderNameAndRequesterIdAttribute(pendingReq, authnRequestBuilder);
buildRequestedAttributes(authnRequestBuilder);
}
@@ -200,6 +204,83 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
return EidasResponseUtils.processPseudonym(personalIdObj);
}
+ /**
+ * Set ProviderName and RequestId into eIDAS AuthnRequest.
+ *
+ * @param pendingReq Current pendingRequest
+ * @param authnRequestBuilder AuthnREquest builer
+ */
+ protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) {
+ final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+
+ // set correct SPType for requested target sector
+ final String publicSectorTargetSelector = basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS,
+ Constants.POLICY_DEFAULT_ALLOWED_TARGETS);
+ final Pattern p = Pattern.compile(publicSectorTargetSelector);
+ final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier());
+ if (m.matches()) {
+ log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'");
+ authnRequestBuilder.spType(SpType.PUBLIC.getValue());
+
+ final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
+ if (basicConfig.getBasicConfigurationBoolean(
+ Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME,
+ false)) {
+ //TODO: only for eIDAS ref. node 2.0 and 2.1 because it need 'Providername' for
+ if (StringUtils.isNotEmpty(providerName)) {
+ log.debug("Set 'providername' to: {}", providerName);
+ authnRequestBuilder.providerName(providerName);
+
+ } else {
+ authnRequestBuilder.providerName(basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP,
+ Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP));
+
+ }
+ }
+
+ } else {
+ log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PrivateSector'");
+ authnRequestBuilder.spType(SpType.PRIVATE.getValue());
+
+ // TODO: switch to RequesterId in further version
+ // set provider name for private sector applications
+ final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
+ if (StringUtils.isNotEmpty(providerName)) {
+ authnRequestBuilder.providerName(providerName);
+
+ }
+
+ authnRequestBuilder.requesterId(
+ generateRequesterId(pendingReq.getRawData(Constants.DATA_REQUESTERID, String.class)));
+
+ }
+ }
+
+ private String generateRequesterId(String requesterId) {
+ if (requesterId != null && basicConfig.getBasicConfigurationBoolean(
+ Constants.CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION, true)) {
+ try {
+ log.trace("Building hashed 'requesterId' for private SP ... ");
+ MessageDigest digest = MessageDigest.getInstance("SHA-256");
+ String encodedRequesterId = Base64.getEncoder().encodeToString(
+ digest.digest(requesterId.getBytes(StandardCharsets.UTF_8)));
+ log.debug("Set 'requesterId' for: {} to: {}", requesterId, encodedRequesterId);
+ return encodedRequesterId;
+
+ } catch (NoSuchAlgorithmException e) {
+ log.error("Can NOT generate hashed 'requesterId' from: {}. Use it as it is", requesterId, e);
+
+ }
+
+ }
+
+ return requesterId;
+
+ }
+
+
private void buildRequestedAttributes(Builder authnRequestBuilder) {
// build and add requested attribute set
final Map<String, Boolean> ccSpecificReqAttr = getCountrySpecificRequestedAttributes();
@@ -237,55 +318,6 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
}
- private void buildProviderNameAttribute(IRequest pendingReq, Builder authnRequestBuilder) {
- final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
-
- // set correct SPType for requested target sector
- final String publicSectorTargetSelector = basicConfig.getBasicConfiguration(
- Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS,
- Constants.POLICY_DEFAULT_ALLOWED_TARGETS);
- final Pattern p = Pattern.compile(publicSectorTargetSelector);
- final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier());
- if (m.matches()) {
- log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'");
- authnRequestBuilder.spType(SpType.PUBLIC.getValue());
-
- if (basicConfig.getBasicConfigurationBoolean(
- Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP,
- true)) {
- authnRequestBuilder.providerName(basicConfig.getBasicConfiguration(
- Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP,
- Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP));
-
- } else {
- // TODO: only for eIDAS ref. node 2.0 and 2.1 because it need 'Providername' for
- // any SPType
- final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
- if (StringUtils.isNotEmpty(providerName)
- && basicConfig.getBasicConfigurationBoolean(
- Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME,
- false)) {
- authnRequestBuilder.providerName(providerName);
-
- }
- }
-
- } else {
- log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PrivateSector'");
- authnRequestBuilder.spType(SpType.PRIVATE.getValue());
-
- // TODO: switch to RequesterId in further version
- // set provider name for private sector applications
- final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
- if (StringUtils.isNotEmpty(providerName)) {
- authnRequestBuilder.providerName(providerName);
- authnRequestBuilder.requesterId(providerName);
-
- }
-
- }
- }
-
private void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) {
// TODO: set matching mode if eIDAS ref. impl. support this method
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/LuEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/LuEidProcessor.java
new file mode 100644
index 00000000..8402457f
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/LuEidProcessor.java
@@ -0,0 +1,61 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class LuEidProcessor extends AbstractEidProcessor {
+
+
+
+ private static final String canHandleCC = "LU";
+
+ @Getter
+ @Setter
+ private int priority = 1;
+
+ @Override
+ public String getName() {
+ return "LU-PostProcessor";
+
+ }
+
+ @Override
+ public boolean canHandle(String countryCode) {
+ return countryCode != null && countryCode.equalsIgnoreCase(canHandleCC);
+
+ }
+
+ @Override
+ protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) {
+ super.buildProviderNameAndRequesterIdAttribute(pendingReq, authnRequestBuilder);
+ if (basicConfig.getBasicConfigurationBoolean(
+ Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_REQUESTERID_FOR_LUX, true)) {
+ String staticName = basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP,
+ Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP);
+ authnRequestBuilder.providerName(staticName);
+ authnRequestBuilder.requesterId(staticName);
+ log.debug("Use static name: {} as 'providerName' and 'RequesterId' for all 'LU' requests ", staticName);
+
+ } else {
+ log.info("Static 'providerName' and 'RequesterId' for country: LU is deactivated");
+
+ }
+
+ }
+
+ @Override
+ protected Map<String, Boolean> getCountrySpecificRequestedAttributes() {
+ return new HashMap<>();
+
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
index 234d52dd..a2af4342 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
@@ -18,6 +18,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.fasterxml.jackson.annotation.JsonFormat;
+import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
@@ -81,6 +82,14 @@ public class AuthBlockSigningService {
authBlock.setTimestamp(LocalDateTime.now().truncatedTo(ChronoUnit.SECONDS));
authBlock.setUniqueId(pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class));
authBlock.setPiiTransactionId(pendingReq.getUniquePiiTransactionIdentifier());
+
+ //set Binding PublicKey if available
+ Object bindingPubKey = pendingReq.getRawData(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME);
+ if (bindingPubKey instanceof String) {
+ authBlock.setBindingPublicKey((String) bindingPubKey);
+
+ }
+
String jwsPayload = mapper.writeValueAsString(authBlock);
log.debug("Building and sign authBlock with data: {}", jwsPayload);
@@ -172,6 +181,7 @@ public class AuthBlockSigningService {
*
*/
@Data
+ @JsonInclude(JsonInclude.Include.NON_NULL)
private static class EidasAuchBlock {
@JsonProperty("challenge")
@@ -189,6 +199,8 @@ public class AuthBlockSigningService {
@JsonProperty("piiTransactionId")
private String piiTransactionId;
+ @JsonProperty("bindingPublicKey")
+ private String bindingPublicKey;
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
index 2b3fabd9..74525e65 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
@@ -113,6 +113,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
final String environment = (String) executionContext.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT);
final String issuer = loadIssuerFromConfig();
final LightRequest lightAuthnReq = buildEidasAuthnRequest(citizenCountryCode, issuer);
+
final BinaryLightToken token = putRequestInCommunicationCache(lightAuthnReq);
final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token);
workaroundRelayState(lightAuthnReq);
@@ -165,7 +166,11 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
throws EidPostProcessingException {
final LightRequest.Builder builder = LightRequest.builder();
builder.id(UUID.randomUUID().toString());
- builder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT);
+
+ // set nameIDFormat
+ builder.nameIdFormat(
+ authConfig.getBasicConfiguration(Constants.CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT));
+
builder.citizenCountryCode(citizenCountryCode);
builder.issuer(issuer);
// Add country-specific information into eIDAS request
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
index ae582e91..86cd2164 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
@@ -23,6 +23,13 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jetbrains.annotations.NotNull;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
import at.asitplus.eidas.specific.connector.MsConnectorEventCodes;
import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
@@ -34,16 +41,10 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import eu.eidas.auth.commons.light.ILightResponse;
import lombok.extern.slf4j.Slf4j;
-import org.jetbrains.annotations.NotNull;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
/**
@@ -83,6 +84,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
checkStatusCode(eidasResponse);
validateMsSpecificResponse(executionContext, eidasResponse);
storeInSession(eidasResponse);
+
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_VALID);
} catch (final EaafException e) {
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_NOT_VALID);
@@ -129,10 +131,17 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
private void storeInSession(ILightResponse eidasResponse) throws EaafException {
log.debug("Store eIDAS response information into pending-request.");
- final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ final EidAuthProcessDataWrapper authProcessData = pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance());
+
+ //inject set flag to inject
+ authProcessData.setTestIdentity(
+ basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_IS_TEST_IDENTITY, false));
+
+
authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
requestStoreage.storePendingRequest(pendingReq);
+
}
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
index 5a113550..85b49186 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
@@ -61,6 +61,11 @@
<property name="priority" value="1" />
</bean>
+ <bean id="LU-Processor"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.LuEidProcessor">
+ <property name="priority" value="1" />
+ </bean>
+
<bean id="Default-Processor"
class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.GenericEidProcessor">
<property name="priority" value="0" />
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java
index 647e5d27..ee1ecf9f 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java
@@ -23,51 +23,69 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.clients;
-import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
-import at.gv.egiz.eaaf.core.api.data.EaafConstants;
-import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
-import at.gv.egiz.eaaf.core.exceptions.EaafParserException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
-import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
-import com.skjolberg.mockito.soap.SoapServiceRule;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyList;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.util.List;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.ws.soap.SOAPFaultException;
+
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.cxf.binding.soap.SoapFault;
-import org.junit.*;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Ignore;
+import org.junit.Rule;
+import org.junit.Test;
import org.junit.runner.RunWith;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
-import szrservices.*;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.ws.soap.SOAPFaultException;
-import java.io.IOException;
-import java.util.List;
+import com.github.skjolber.mockito.soap.SoapServiceRule;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.anyList;
-import static org.mockito.Mockito.when;
+import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EaafParserException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import lombok.extern.slf4j.Slf4j;
+import szrservices.GetBPKFromStammzahlEncryptedResponse;
+import szrservices.GetBPKFromStammzahlEncryptedResponseType;
+import szrservices.GetIdentityLinkEidasResponse;
+import szrservices.IdentityLinkType;
+import szrservices.PersonInfoType;
+import szrservices.SZR;
+import szrservices.SZRException_Exception;
+import szrservices.SignContentEntry;
+import szrservices.SignContentResponse;
+import szrservices.SignContentResponseType;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = {
"/SpringTest-context_tasks_test.xml",
"/SpringTest-context_basic_mapConfig.xml"})
+@DirtiesContext(classMode = ClassMode.AFTER_CLASS)
+@Slf4j
public class SzrClientTest {
- private static final Logger log = LoggerFactory.getLogger(SzrClientTest.class);
@Autowired SzrClient szrClient;
@Autowired MsConnectorDummyConfigMap basicConfig;
@@ -89,8 +107,11 @@ public class SzrClientTest {
}
basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject", "false");
+
}
+
+
@Test
public void getStammzahlenEcryptedTest() throws SZRException_Exception, SzrCommunicationException {
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
index 7af9706e..e3757c0d 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -41,9 +41,9 @@ import org.springframework.web.context.request.ServletRequestAttributes;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
+import com.github.skjolber.mockito.soap.SoapServiceRule;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
-import com.skjolberg.mockito.soap.SoapServiceRule;
import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
@@ -241,7 +241,9 @@ public class CreateIdentityLinkTaskEidNewTest {
Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText());
Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty());
Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty());
-
+ Assert.assertFalse("binding pubKey", authBlockJson.has("bindingPublicKey"));
+
+
// check vsz request
ArgumentCaptor<PersonInfoType> argument4 = ArgumentCaptor.forClass(PersonInfoType.class);
@@ -331,9 +333,12 @@ public class CreateIdentityLinkTaskEidNewTest {
final SignContentEntry signContentEntry = new SignContentEntry();
signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10));
signContentResp.getOut().add(signContentEntry);
+
when(szrMock.signContent(any(), any(), any())).thenReturn(signContentResp);
+
String randomTestSp = RandomStringUtils.randomAlphabetic(10);
+ String bindingPubKey = RandomStringUtils.randomAlphabetic(10);
pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp);
MatchedPersonResult matchingInfos = MatchedPersonResult.builder()
@@ -342,9 +347,11 @@ public class CreateIdentityLinkTaskEidNewTest {
.familyName(RandomStringUtils.randomAlphabetic(5))
.dateOfBirth(RandomStringUtils.randomAlphabetic(5))
.countryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
- .build();
-
+ .build();
MatchingTaskUtils.storeFinalMatchingResult(pendingReq, matchingInfos);
+
+ pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey);
+
//perform test
task.execute(pendingReq, executionContext);
@@ -360,9 +367,30 @@ public class CreateIdentityLinkTaskEidNewTest {
Assert.assertNotNull("AuthProcessData", authProcessData);
Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class));
+ // check authblock signature
String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class);
Assert.assertNotNull("AuthBlock", authBlock);
+ final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT,
+ BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()]));
+ Pair<KeyStore, Provider> keyStore = getKeyStore();
+ X509Certificate[] trustedCerts = EaafKeyStoreUtils
+ .getPrivateKeyAndCertificates(keyStore.getFirst(), ALIAS, PW.toCharArray(), true, "junit").getSecond();
+ JwsResult result = JoseUtils.validateSignature(authBlock, Arrays.asList(trustedCerts), constraints);
+ Assert.assertTrue("AuthBlock not valid", result.isValid());
+ JsonNode authBlockJson = mapper.readTree(result.getPayLoad());
+ Assert.assertNotNull("deserialized AuthBlock", authBlockJson);
+
+ Assert.assertNotNull("no piiTransactionId in pendingRequesdt",
+ storedPendingReq.getUniquePiiTransactionIdentifier());
+ Assert.assertEquals("piiTransactionId", storedPendingReq.getUniquePiiTransactionIdentifier(),
+ authBlockJson.get("piiTransactionId").asText());
+ Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText());
+ Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty());
+ Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty());
+ Assert.assertTrue("binding pubKey", authBlockJson.has("bindingPublicKey"));
+ Assert.assertEquals("binding PubKey", bindingPubKey, authBlockJson.get("bindingPublicKey").asText());
+
Assert.assertTrue("EID process", authProcessData.isEidProcess());
Assert.assertTrue("foreigner process", authProcessData.isForeigner());
Assert.assertEquals("EID-ISSUING_NATION", "LU",
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java
index 0a2d4271..7513501e 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java
@@ -30,9 +30,9 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
+import com.github.skjolber.mockito.soap.SoapServiceRule;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
-import com.skjolberg.mockito.soap.SoapServiceRule;
import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
index c416b515..4edfe32d 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
@@ -1,5 +1,7 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
+import static org.junit.Assert.assertNull;
+
import java.io.UnsupportedEncodingException;
import java.util.HashMap;
import java.util.Map;
@@ -83,6 +85,7 @@ public class GenerateAuthnRequestTaskTest {
pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue());
pendingReq.setAuthUrl("http://test.com/");
+ basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm", "true");
basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.entityId",
RandomStringUtils.randomAlphabetic(10));
basicConfig.putConfigValue(
@@ -90,7 +93,8 @@ public class GenerateAuthnRequestTaskTest {
"http://test/" + RandomStringUtils.randomAlphabetic(5));
basicConfig.putConfigValue(
"eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
-
+ basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat");
+
}
@Test
@@ -297,7 +301,7 @@ public class GenerateAuthnRequestTaskTest {
basicConfig.putConfigValue(
"eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
basicConfig.putConfigValue(
- "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true");
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderNames", "true");
basicConfig.putConfigValue(
"eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs", "myNode");
@@ -312,9 +316,8 @@ public class GenerateAuthnRequestTaskTest {
Assert.assertEquals("ProviderName is not Static", "myNode", eidasReq.getProviderName());
Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType());
Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance());
- Assert.assertEquals("wrong CC", cc, eidasReq.getCitizenCountryCode());
- Assert.assertEquals("NameIdFormat", Constants.eIDAS_REQ_NAMEID_FORMAT, eidasReq.getNameIdFormat());
-
+ Assert.assertEquals("wrong CC", cc, eidasReq.getCitizenCountryCode());
+ assertNull("NameIdPolicy not null", eidasReq.getNameIdFormat());
}
@@ -336,6 +339,10 @@ public class GenerateAuthnRequestTaskTest {
basicConfig.putConfigValue(
"eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false");
+ String nameIdFormat = RandomStringUtils.randomAlphabetic(10);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat", nameIdFormat);
+
String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
basicConfig.putConfigValue(
"eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);
@@ -362,6 +369,102 @@ public class GenerateAuthnRequestTaskTest {
eidasReq.getLevelOfAssurance());
Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size());
+ Assert.assertEquals("NameIdFormat", nameIdFormat, eidasReq.getNameIdFormat());
+
+ }
+
+ @Test
+ public void publicSpWithCountryLu() throws TaskExecutionException,
+ SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException {
+ //set-up test
+ executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU");
+ executionContext.put("selectedEnvironment", "prod");
+
+ String providerName = RandomStringUtils.randomAlphanumeric(10);
+ pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+
+ basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
+
+ String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
+
+ //execute test
+ task.execute(pendingReq, executionContext);
+
+ //validate state
+ Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus());
+ Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location"));
+ Assert.assertTrue("Wrong redirect endpoint",
+ ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint));
+
+
+ final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
+
+ Assert.assertEquals("PrividerName", "myNode", eidasReq.getProviderName());
+ Assert.assertEquals("RequesterId found", "myNode", eidasReq.getRequesterId());
+ Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType());
+ Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH,
+ eidasReq.getLevelOfAssurance());
+
+ Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size());
+
+ }
+
+ @Test
+ public void privateSpWithCountryLu() throws TaskExecutionException,
+ SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException {
+ //set-up test
+ executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU");
+ executionContext.put("selectedEnvironment", "prod");
+
+ String providerName = RandomStringUtils.randomAlphanumeric(10);
+ String requesterId = RandomStringUtils.randomAlphanumeric(10);
+ pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+ pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, requesterId);
+
+ spConfig.put("target",
+ EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6));
+
+ basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true");
+
+ String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
+
+ //execute test
+ task.execute(pendingReq, executionContext);
+
+ //validate state
+ Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus());
+ Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location"));
+ Assert.assertTrue("Wrong redirect endpoint",
+ ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint));
+
+
+ final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
+
+ Assert.assertEquals("PrividerName", "myNode", eidasReq.getProviderName());
+ Assert.assertEquals("RequesterId", "myNode", eidasReq.getRequesterId());
+ Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType());
+ Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH,
+ eidasReq.getLevelOfAssurance());
+
+ Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size());
}
@@ -409,6 +512,53 @@ public class GenerateAuthnRequestTaskTest {
EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6));
String providerName = RandomStringUtils.randomAlphanumeric(10);
pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+ pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, "http://junit.sp");
+
+ basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false");
+
+ String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
+
+
+ //perform test
+ task.execute(pendingReq, executionContext);
+
+ //validate state
+ Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus());
+ Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location"));
+ Assert.assertTrue("Wrong redirect endpoint",
+ ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint));
+
+
+ final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
+
+ Assert.assertEquals("PrividerName", providerName, eidasReq.getProviderName());
+ Assert.assertEquals("RequesterId", "Wr8LrrVf5SYneblOlZdZNaLQQCCgzklfKQvyeZjBx10=", eidasReq.getRequesterId());
+ Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType());
+ Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance());
+
+ }
+
+ @Test
+ public void privateSPWithoutRequestIdHashing() throws TaskExecutionException,
+ SpecificCommunicationException, EaafStorageException {
+ //set-up test
+ executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC");
+ spConfig.put("target",
+ EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6));
+ String providerName = RandomStringUtils.randomAlphanumeric(10);
+ String requesterId = RandomStringUtils.randomAlphanumeric(10);
+ pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+ pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, requesterId);
basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
basicConfig.putConfigValue(
@@ -417,6 +567,7 @@ public class GenerateAuthnRequestTaskTest {
"eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
basicConfig.putConfigValue(
"eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false");
+ basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm", "false");
String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
basicConfig.putConfigValue(
@@ -438,7 +589,7 @@ public class GenerateAuthnRequestTaskTest {
final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
Assert.assertEquals("PrividerName", providerName, eidasReq.getProviderName());
- Assert.assertEquals("RequesterId", providerName, eidasReq.getRequesterId());
+ Assert.assertEquals("RequesterId", requesterId, eidasReq.getRequesterId());
Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType());
Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance());
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java
index c8e00e72..ea2cda4b 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java
@@ -37,7 +37,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
import at.gv.egiz.eaaf.core.impl.utils.Random;
@@ -81,7 +81,8 @@ public class ReceiveAuthnResponseTaskTest {
RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false");
-
+ basicConfig.putConfigValue("eidas.ms.auth.eIDAS.eid.testidentity.default", "false");
+
final Map<String, String> spConfig = new HashMap<>();
spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp");
spConfig.put("target", "urn:publicid:gv.at:cdid+XX");
@@ -149,16 +150,45 @@ public class ReceiveAuthnResponseTaskTest {
//validate state
IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
Assert.assertNotNull("pendingReq not stored", storedReq);
-
- final AuthProcessDataWrapper authProcessData = storedReq.getSessionData(AuthProcessDataWrapper.class);
+ final EidAuthProcessDataWrapper authProcessData = storedReq.getSessionData(EidAuthProcessDataWrapper.class);
Assert.assertEquals("LoA", eidasResponse.getLevelOfAssurance(), authProcessData.getQaaLevel());
Assert.assertNotNull("eIDAS response",
authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
Assert.assertEquals("eIDAS response", eidasResponse,
authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
-
+
+ Assert.assertFalse("testIdentity flag", authProcessData.isTestIdentity());
+
}
-
+
+ @Test
+ public void successWithTestIdentity() throws URISyntaxException, TaskExecutionException, PendingReqIdValidationException {
+ basicConfig.putConfigValue("eidas.ms.auth.eIDAS.eid.testidentity.default", "true");
+
+ @NotNull
+ AuthenticationResponse eidasResponse = buildDummyAuthResponse(Constants.SUCCESS_URI);
+ httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
+ executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU");
+
+ //execute test
+ task.execute(pendingReq, executionContext);
+
+ //validate state
+ IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
+ Assert.assertNotNull("pendingReq not stored", storedReq);
+
+ final EidAuthProcessDataWrapper authProcessData = storedReq.getSessionData(EidAuthProcessDataWrapper.class);
+ Assert.assertEquals("LoA", eidasResponse.getLevelOfAssurance(), authProcessData.getQaaLevel());
+ Assert.assertNotNull("eIDAS response",
+ authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
+ Assert.assertEquals("eIDAS response", eidasResponse,
+ authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
+ Assert.assertTrue("testIdentity flag", authProcessData.isTestIdentity());
+
+ }
+
+
+
@NotNull
private AuthenticationResponse buildDummyAuthResponse(String statusCode) throws URISyntaxException {
final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
index 35f1a91b..84da2344 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
@@ -149,9 +149,10 @@ public class EidasRequestPreProcessingFirstTest {
Assert.assertEquals("ProviderName is not Static",
Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, lightReq.getProviderName());
+ Assert.assertNotSame("RequesterId was set", lightReq.getRequesterId());
Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
Assert.assertEquals("Requested attribute size not match", 8, lightReq.getRequestedAttributes().size());
}
-
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
index 23175a18..6fd4f8a5 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
@@ -86,6 +86,9 @@ public class EidasRequestPreProcessingSecondTest {
authnRequestBuilder.issuer("Test");
authnRequestBuilder.levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "true");
+
}
@Test
@@ -106,4 +109,49 @@ public class EidasRequestPreProcessingSecondTest {
}
+
+ /*
+ * Set ProviderName according to general configuration
+ */
+ @Test
+ public void prePreProcessLuPublicSpWithoutRequestId() throws EidPostProcessingException {
+
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "false");
+
+ final String testCountry = "LU";
+ authnRequestBuilder.citizenCountryCode(testCountry);
+ preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
+
+ final LightRequest lightReq = authnRequestBuilder.build();
+
+ Assert.assertEquals("ProviderName is not Static", "myNode", lightReq.getProviderName());
+ Assert.assertNull("RequesterId", lightReq.getRequesterId());
+ Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
+ Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size());
+
+ }
+
+ /*
+ * Always set requesterId and providername in case of country LU
+ */
+ @Test
+ public void prePreProcessLuPublicSpWithStaticRequesterId() throws EidPostProcessingException {
+
+
+ final String testCountry = "LU";
+ authnRequestBuilder.citizenCountryCode(testCountry);
+ preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
+
+ final LightRequest lightReq = authnRequestBuilder.build();
+
+ Assert.assertEquals("ProviderName is not Static",
+ "myNode", lightReq.getProviderName());
+ Assert.assertEquals("RequesterId is not Static",
+ "myNode", lightReq.getRequesterId());
+ Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
+ Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size());
+
+ }
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml
index d4783585..f4fc72a7 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml
@@ -53,6 +53,11 @@
<property name="priority" value="1" />
</bean>
+ <bean id="LU-PostProcessor"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.LuEidProcessor">
+ <property name="priority" value="1" />
+ </bean>
+
<bean id="eIDASAuthModule"
class="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasAuthenticationModulImpl">
<property name="priority" value="2" />
diff --git a/eidas_modules/authmodule_id-austria/pom.xml b/eidas_modules/authmodule_id-austria/pom.xml
new file mode 100644
index 00000000..3585fcea
--- /dev/null
+++ b/eidas_modules/authmodule_id-austria/pom.xml
@@ -0,0 +1,174 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>at.asitplus.eidas.ms_specific</groupId>
+ <artifactId>modules</artifactId>
+ <version>1.2.2</version>
+ </parent>
+ <groupId>at.asitplus.eidas.ms_specific.modules</groupId>
+ <artifactId>authmodule_id-austria</artifactId>
+ <name>ID-Austria authentication</name>
+ <description>User authentication forwarding user to ID Austria system</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>at.gv.egiz.components</groupId>
+ <artifactId>egiz-spring-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>at.asitplus.eidas.ms_specific</groupId>
+ <artifactId>connector_lib</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>at.asitplus.eidas.ms_specific.modules</groupId>
+ <artifactId>eidas_proxy-sevice</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf_module_pvp2_sp</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-lang3</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-text</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>javax.servlet-api</artifactId>
+ <scope>provided</scope>
+ </dependency>
+
+ <!-- Testing -->
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.powermock</groupId>
+ <artifactId>powermock-module-junit4</artifactId>
+ <version>2.0.7</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.powermock</groupId>
+ <artifactId>powermock-api-mockito2</artifactId>
+ <version>2.0.7</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>com.squareup.okhttp3</groupId>
+ <artifactId>mockwebserver</artifactId>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>at.asitplus.eidas.ms_specific</groupId>
+ <artifactId>connector_lib</artifactId>
+ <scope>test</scope>
+ <type>test-jar</type>
+ </dependency>
+
+ <dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf_core_utils</artifactId>
+ <scope>test</scope>
+ <type>test-jar</type>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf-core</artifactId>
+ <scope>test</scope>
+ <type>test-jar</type>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf_module_pvp2_core</artifactId>
+ <scope>test</scope>
+ <type>test-jar</type>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf_module_pvp2_idp</artifactId>
+ <scope>test</scope>
+ <type>test-jar</type>
+ </dependency>
+ </dependencies>
+
+<build>
+ <resources>
+ <resource>
+ <directory>src/main/resources</directory>
+ </resource>
+ </resources>
+
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ </plugin>
+
+ <plugin>
+ <groupId>com.github.spotbugs</groupId>
+ <artifactId>spotbugs-maven-plugin</artifactId>
+ <version>${spotbugs-maven-plugin.version}</version>
+ <configuration>
+ <excludeFilterFile>checks/spotbugs-exclude.xml</excludeFilterFile>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.jacoco</groupId>
+ <artifactId>jacoco-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>post-unit-check</id>
+ <phase>test</phase>
+ <goals>
+ <goal>check</goal>
+ <goal>report</goal>
+ </goals>
+ <configuration>
+ <haltOnFailure>true</haltOnFailure>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
+ <!-- enable co-existence of testng and junit -->
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <threadCount>1</threadCount>
+ </configuration>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.maven.surefire</groupId>
+ <artifactId>surefire-junit47</artifactId>
+ <version>${surefire.version}</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ </plugins>
+ </build>
+
+
+</project> \ No newline at end of file
diff --git a/eidas_modules/eidas_proxy-sevice/pom.xml b/eidas_modules/eidas_proxy-sevice/pom.xml
new file mode 100644
index 00000000..6b280c64
--- /dev/null
+++ b/eidas_modules/eidas_proxy-sevice/pom.xml
@@ -0,0 +1,185 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>at.asitplus.eidas.ms_specific</groupId>
+ <artifactId>modules</artifactId>
+ <version>1.2.2</version>
+ </parent>
+ <groupId>at.asitplus.eidas.ms_specific.modules</groupId>
+ <artifactId>eidas_proxy-sevice</artifactId>
+ <name>eIDAS specific proxy-service</name>
+ <description>Austrian specific eIDAS Proxy-Service to handle eIDAS Proxy-Service requests from other member states</description>
+
+ <repositories>
+ <repository>
+ <id>eIDASNode-local</id>
+ <name>local</name>
+ <url>file:${basedir}/../../repository</url>
+ </repository>
+ </repositories>
+
+ <dependencies>
+ <dependency>
+ <groupId>at.gv.egiz.components</groupId>
+ <artifactId>egiz-spring-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>at.asitplus.eidas.ms_specific</groupId>
+ <artifactId>connector_lib</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>at.asitplus.eidas.ms_specific.modules</groupId>
+ <artifactId>authmodule-eIDAS-v2</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf_module_pvp2_sp</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>eu.eidas</groupId>
+ <artifactId>eidas-light-commons</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>eu.eidas</groupId>
+ <artifactId>eidas-specific-communication-definition</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>eu.eidas</groupId>
+ <artifactId>eidas-jcache-ignite-specific-communication</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-lang3</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-text</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>javax.servlet-api</artifactId>
+ <scope>provided</scope>
+ </dependency>
+
+ <!-- Testing -->
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.powermock</groupId>
+ <artifactId>powermock-module-junit4</artifactId>
+ <version>2.0.7</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.powermock</groupId>
+ <artifactId>powermock-api-mockito2</artifactId>
+ <version>2.0.7</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>at.asitplus.eidas.ms_specific</groupId>
+ <artifactId>connector_lib</artifactId>
+ <scope>test</scope>
+ <type>test-jar</type>
+ </dependency>
+ <dependency>
+ <groupId>at.asitplus.eidas.ms_specific.modules</groupId>
+ <artifactId>authmodule-eIDAS-v2</artifactId>
+ <scope>test</scope>
+ <type>test-jar</type>
+ </dependency>
+
+ <dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf_core_utils</artifactId>
+ <scope>test</scope>
+ <type>test-jar</type>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf-core</artifactId>
+ <scope>test</scope>
+ <type>test-jar</type>
+ </dependency>
+
+ </dependencies>
+
+<build>
+ <resources>
+ <resource>
+ <directory>src/main/resources</directory>
+ </resource>
+ </resources>
+
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ </plugin>
+
+ <plugin>
+ <groupId>com.github.spotbugs</groupId>
+ <artifactId>spotbugs-maven-plugin</artifactId>
+ <version>${spotbugs-maven-plugin.version}</version>
+ <configuration>
+ <excludeFilterFile>checks/spotbugs-exclude.xml</excludeFilterFile>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.jacoco</groupId>
+ <artifactId>jacoco-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>post-unit-check</id>
+ <phase>test</phase>
+ <goals>
+ <goal>check</goal>
+ <goal>report</goal>
+ </goals>
+ <configuration>
+ <haltOnFailure>true</haltOnFailure>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
+ <!-- enable co-existence of testng and junit -->
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <threadCount>1</threadCount>
+ </configuration>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.maven.surefire</groupId>
+ <artifactId>surefire-junit47</artifactId>
+ <version>${surefire.version}</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ </plugins>
+ </build>
+
+</project> \ No newline at end of file
diff --git a/eidas_modules/pom.xml b/eidas_modules/pom.xml
index 701ee39b..8f6017ff 100644
--- a/eidas_modules/pom.xml
+++ b/eidas_modules/pom.xml
@@ -4,7 +4,7 @@
<parent>
<groupId>at.asitplus.eidas</groupId>
<artifactId>ms_specific</artifactId>
- <version>1.1.1-SNAPSHOT</version>
+ <version>1.2.2</version>
</parent>
<groupId>at.asitplus.eidas.ms_specific</groupId>
<artifactId>modules</artifactId>
diff --git a/infos/Handbuch_MS-eIDAS-Node.docx b/infos/Handbuch_MS-eIDAS-Node.docx
new file mode 100644
index 00000000..aacb3828
--- /dev/null
+++ b/infos/Handbuch_MS-eIDAS-Node.docx
Binary files differ
diff --git a/infos/handbook/Handbuch_MS-eIDAS-Node.pdf b/infos/handbook/Handbuch_MS-eIDAS-Node.pdf
new file mode 100644
index 00000000..1d4195bb
--- /dev/null
+++ b/infos/handbook/Handbuch_MS-eIDAS-Node.pdf
Binary files differ
diff --git a/infos/readme_1.2.0.md b/infos/readme_1.2.0.md
new file mode 100644
index 00000000..2b4638cf
--- /dev/null
+++ b/infos/readme_1.2.0.md
@@ -0,0 +1,59 @@
+# MS-Connector v1.2.0 Release vom 12.05.2021
+
+Der MS-Connector implementiert eine Bridge zwischen dem österreichischen E-ID System und dem eIDAS Framework um ausländischen Benutzern eine Anmeldung am österreichischen Service-Providern zu ermöglichen.
+
+### Änderungen in dieser Version
+
+ - Erforderliche Anpassungen zur Integration in den ID Austria
+
+ - Update auf eIDAS Ref. Impl. 2.5.0 (Implementiert eIDAS Spezifikation 1.2)
+ https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS-Node+version+2.5
+
+ - Codestabilisierung
+
+ - Monitoring und HealthChecks Verbesserungen
+
+ - Akutalisierung von Drittherstellerbibliotheken
+
+
+
+
+### Durchführen eines Updates
+
+Nachfolgend finden Sie die erforderlichen Schritte für das Update eines bestehenden MS-specific eIDAS Connectors auf die aktuelle Version 1.2.0. Das vollständige Handbuch mit allen Konfigurationsparametern finden Sie im Releasepackage im Verzeichnis: _infos/handbook/_
+
+### Ausgehend von einer bestehenden Version 1.1.0
+
+1. Stoppen Sie die *MS-Connector* Applikation und fertigen Sie eine Sicherungskopie Ihrer Applikation inklusive Konfiguration an
+2. Entpacken Sie das Releasepacket *ms_specific_connector-1.2.0-dist.zip* in ein temporäres Verzeichnis welches in weiterer Folge __MsConnectorPackage__ bezeichnet wird.
+3. Kopieren sie die Applikation __MsConnectorPackage__/ms_connector.war nach in das Applikationsverzeichnis ihres Applikationsservers
+4. Mit der Version 1.2.0 wurde die Konfiguration eine eine Minimalkonfiguration [`default_config.properties`](./../config/default_config.properties) und eine in den MS-Connectorintegrierte Defaultkonfiguration aufgteilt. Die nachfolgende Aufzählung umfasst die neuen oder geänderten Konfigurationsparameter, beschreibt jedoch keine Aufteilung einer bestehenden Konfiguration in Minimal- und Defaultteil. Eine vollständige Beschreibung aller Konfigurationswerte finden Sie im Handbuch zum AT MS-Connector.
+5. Update bestehender Dateien . Die nachfolgenden Dateien wurden geändert und erfordern eine Anpassung oder eine Übernahme dem Releasepacket, sofern die Anpassung nicht bereits durchgeführt wurde. Sofern die entsprechenden Datein an die bestehende Infrastruktur angepasst wurden so müssen diese Änderungen übernommen werden.
+ - __MsConnectorPackage__/config/templates/error_message.html
+ - __MsConnectorPackage__/config/eIDAS/igniteSpecificCommunication.xml
+ Hinweis: Siehe auch Update-Hinweise zur EIDAS-Node v2.5
+6. Erstellung neuer Dateien
+ - _KeyStore für ID Austria AuthBlock:_ Erstellen eines KeyStore mit mit öffentlichem und privaten Schlüssel welcher für die JWS Signature des technischen ID Austria AuthBlocks verwendet werden soll.
+7. Neue Konfigurationsparameter
+ - *Allgemeine Konfiguration*
+ - ```eidas.ms.core.configRootDir```
+ - *ID Austria Umsetzung*
+ - ```eidas.ms.auth.eIDAS.authblock.keystore.type```
+ - ```eidas.ms.auth.eIDAS.authblock.keystore.path```
+ - ```eidas.ms.auth.eIDAS.authblock.keystore.password```
+ - ```eidas.ms.auth.eIDAS.authblock.key.alias```
+ - ```eidas.ms.auth.eIDAS.authblock.key.password```
+ - *Service-Provider Konfiguration Konfiguration*
+ - ```eidas.ms.sp.x.newEidMode```
+8. Gelöschte Konfigurationsparameter
+
+ - ```authhandler.modules.bindingservice.bpk.target```
+9. Neue optionale Konfigurationsparameter
+ - *Allgemeine Konfiguration*
+ - ```eidas.ms.core.logging.level.info.errorcodes```
+ - *eIDAS Node Kommunikation*
+ * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm```
+ * ```eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll```
+ - *ID Austria Umsetzung*
+ - ```eidas.ms.auth.eIDAS.eid.testidentity.default```
+ - ```eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject```
diff --git a/infos/readme_1.2.1.md b/infos/readme_1.2.1.md
new file mode 100644
index 00000000..290a12db
--- /dev/null
+++ b/infos/readme_1.2.1.md
@@ -0,0 +1,57 @@
+# MS-Connector v1.2.1 Release vom 28.05.2021
+
+Der MS-Connector implementiert eine Bridge zwischen dem österreichischen E-ID System und dem eIDAS Framework um ausländischen Benutzern eine Anmeldung am österreichischen Service-Providern zu ermöglichen.
+
+### Änderungen in dieser Version
+
+ - Erforderliche Anpassungen zur Integration in den ID Austria
+ - Update auf eIDAS Ref. Impl. 2.5.0 (Implementiert eIDAS Spezifikation 1.2)
+ https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS-Node+version+2.5
+ - Codestabilisierung
+ - Monitoring und HealthChecks Verbesserungen
+ - Akutalisierung von Drittherstellerbibliotheken
+ - Bugfix in Version 1.2.1
+ - Möglichen Fehler in der Sprachauswahl via GUI behoben
+
+
+
+
+### Durchführen eines Updates
+
+Nachfolgend finden Sie die erforderlichen Schritte für das Update eines bestehenden MS-specific eIDAS Connectors auf die aktuelle Version 1.2.1. Das vollständige Handbuch mit allen Konfigurationsparametern finden Sie im Releasepackage im Verzeichnis: _infos/handbook/_
+
+### Ausgehend von einer bestehenden Version 1.1.0
+
+1. Stoppen Sie die *MS-Connector* Applikation und fertigen Sie eine Sicherungskopie Ihrer Applikation inklusive Konfiguration an
+2. Entpacken Sie das Releasepacket *ms_specific_connector-1.2.1-dist.zip* in ein temporäres Verzeichnis welches in weiterer Folge __MsConnectorPackage__ bezeichnet wird.
+3. Kopieren sie die Applikation __MsConnectorPackage__/ms_connector.war nach in das Applikationsverzeichnis ihres Applikationsservers
+4. Mit der Version 1.2.0 wurde die Konfiguration eine eine Minimalkonfiguration [`default_config.properties`](./../config/default_config.properties) und eine in den MS-Connectorintegrierte Defaultkonfiguration aufgteilt. Die nachfolgende Aufzählung umfasst die neuen oder geänderten Konfigurationsparameter, beschreibt jedoch keine Aufteilung einer bestehenden Konfiguration in Minimal- und Defaultteil. Eine vollständige Beschreibung aller Konfigurationswerte finden Sie im Handbuch zum AT MS-Connector.
+5. Update bestehender Dateien . Die nachfolgenden Dateien wurden geändert und erfordern eine Anpassung oder eine Übernahme dem Releasepacket, sofern die Anpassung nicht bereits durchgeführt wurde. Sofern die entsprechenden Datein an die bestehende Infrastruktur angepasst wurden so müssen diese Änderungen übernommen werden.
+ - __MsConnectorPackage__/config/templates/error_message.html
+ - __MsConnectorPackage__/config/eIDAS/igniteSpecificCommunication.xml
+ Hinweis: Siehe auch Update-Hinweise zur EIDAS-Node v2.5
+6. Erstellung neuer Dateien
+ - _KeyStore für ID Austria AuthBlock:_ Erstellen eines KeyStore mit mit öffentlichem und privaten Schlüssel welcher für die JWS Signature des technischen ID Austria AuthBlocks verwendet werden soll.
+7. Neue Konfigurationsparameter
+ - *Allgemeine Konfiguration*
+ - ```eidas.ms.core.configRootDir```
+ - *ID Austria Umsetzung*
+ - ```eidas.ms.auth.eIDAS.authblock.keystore.type```
+ - ```eidas.ms.auth.eIDAS.authblock.keystore.path```
+ - ```eidas.ms.auth.eIDAS.authblock.keystore.password```
+ - ```eidas.ms.auth.eIDAS.authblock.key.alias```
+ - ```eidas.ms.auth.eIDAS.authblock.key.password```
+ - *Service-Provider Konfiguration Konfiguration*
+ - ```eidas.ms.sp.x.newEidMode```
+8. Gelöschte Konfigurationsparameter
+
+ - ```authhandler.modules.bindingservice.bpk.target```
+9. Neue optionale Konfigurationsparameter
+ - *Allgemeine Konfiguration*
+ - ```eidas.ms.core.logging.level.info.errorcodes```
+ - *eIDAS Node Kommunikation*
+ * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm```
+ * ```eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll```
+ - *ID Austria Umsetzung*
+ - ```eidas.ms.auth.eIDAS.eid.testidentity.default```
+ - ```eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject```
diff --git a/infos/readme_1.2.2.md b/infos/readme_1.2.2.md
new file mode 100644
index 00000000..6e7abdd0
--- /dev/null
+++ b/infos/readme_1.2.2.md
@@ -0,0 +1,60 @@
+# MS-Connector v1.2.2 Release vom 26.06.2021
+
+Der MS-Connector implementiert eine Bridge zwischen dem österreichischen E-ID System und dem eIDAS Framework um ausländischen Benutzern eine Anmeldung am österreichischen Service-Providern zu ermöglichen.
+
+### Änderungen in dieser Version
+
+ - Bugfix
+ - Inkompatibilität zwischen AT MS-Connector, EidasNode v2.5 und Deutscher Middleware behoben
+
+
+
+
+### Durchführen eines Updates
+
+Nachfolgend finden Sie die erforderlichen Schritte für das Update eines bestehenden MS-specific eIDAS Connectors auf die aktuelle Version 1.2.2. Das vollständige Handbuch mit allen Konfigurationsparametern finden Sie im Releasepackage im Verzeichnis: _infos/handbook/_
+
+### Ausgehend von einer bestehenden Version 1.2.x
+
+1. Stoppen Sie die *MS-Connector* Applikation und fertigen Sie eine Sicherungskopie Ihrer Applikation inklusive Konfiguration an
+2. Entpacken Sie das Releasepacket *ms_specific_connector-1.2.2-dist.zip* in ein temporäres Verzeichnis welches in weiterer Folge __MsConnectorPackage__ bezeichnet wird.
+3. Kopieren sie die Applikation __MsConnectorPackage__/ms_connector.war nach in das Applikationsverzeichnis ihres Applikationsservers
+4. Neue optionale Konfigurationsparameter
+ - *Allgemeine Konfiguration*
+ - ```eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat```
+
+### Ausgehend von einer bestehenden Version 1.1.0
+
+1. Stoppen Sie die *MS-Connector* Applikation und fertigen Sie eine Sicherungskopie Ihrer Applikation inklusive Konfiguration an
+2. Entpacken Sie das Releasepacket *ms_specific_connector-1.2.2-dist.zip* in ein temporäres Verzeichnis welches in weiterer Folge __MsConnectorPackage__ bezeichnet wird.
+3. Kopieren sie die Applikation __MsConnectorPackage__/ms_connector.war nach in das Applikationsverzeichnis ihres Applikationsservers
+4. Mit der Version 1.2.0 wurde die Konfiguration eine eine Minimalkonfiguration [`default_config.properties`](./../config/default_config.properties) und eine in den MS-Connectorintegrierte Defaultkonfiguration aufgteilt. Die nachfolgende Aufzählung umfasst die neuen oder geänderten Konfigurationsparameter, beschreibt jedoch keine Aufteilung einer bestehenden Konfiguration in Minimal- und Defaultteil. Eine vollständige Beschreibung aller Konfigurationswerte finden Sie im Handbuch zum AT MS-Connector.
+5. Update bestehender Dateien . Die nachfolgenden Dateien wurden geändert und erfordern eine Anpassung oder eine Übernahme dem Releasepacket, sofern die Anpassung nicht bereits durchgeführt wurde. Sofern die entsprechenden Datein an die bestehende Infrastruktur angepasst wurden so müssen diese Änderungen übernommen werden.
+ - __MsConnectorPackage__/config/templates/error_message.html
+ - __MsConnectorPackage__/config/eIDAS/igniteSpecificCommunication.xml
+ Hinweis: Siehe auch Update-Hinweise zur EIDAS-Node v2.5
+6. Erstellung neuer Dateien
+ - _KeyStore für ID Austria AuthBlock:_ Erstellen eines KeyStore mit mit öffentlichem und privaten Schlüssel welcher für die JWS Signature des technischen ID Austria AuthBlocks verwendet werden soll.
+7. Neue Konfigurationsparameter
+ - *Allgemeine Konfiguration*
+ - ```eidas.ms.core.configRootDir```
+ - *ID Austria Umsetzung*
+ - ```eidas.ms.auth.eIDAS.authblock.keystore.type```
+ - ```eidas.ms.auth.eIDAS.authblock.keystore.path```
+ - ```eidas.ms.auth.eIDAS.authblock.keystore.password```
+ - ```eidas.ms.auth.eIDAS.authblock.key.alias```
+ - ```eidas.ms.auth.eIDAS.authblock.key.password```
+ - *Service-Provider Konfiguration Konfiguration*
+ - ```eidas.ms.sp.x.newEidMode```
+8. Gelöschte Konfigurationsparameter
+
+ - ```authhandler.modules.bindingservice.bpk.target```
+9. Neue optionale Konfigurationsparameter
+ - *Allgemeine Konfiguration*
+ - ```eidas.ms.core.logging.level.info.errorcodes```
+ - *eIDAS Node Kommunikation*
+ * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm```
+ * ```eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll```
+ - *ID Austria Umsetzung*
+ - ```eidas.ms.auth.eIDAS.eid.testidentity.default```
+ - ```eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject```
diff --git a/pom.xml b/pom.xml
index e70df243..39bc63b6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>at.asitplus.eidas</groupId>
<artifactId>ms_specific</artifactId>
- <version>1.1.1-SNAPSHOT</version>
+ <version>1.2.2</version>
<packaging>pom</packaging>
<name>MS specific eIDAS components</name>
@@ -24,30 +24,30 @@
<egiz-eventlog-slf4jBackend>0.4</egiz-eventlog-slf4jBackend>
<eaaf-core.version>1.1.13.1</eaaf-core.version>
- <spring-boot-starter-web.version>2.4.1</spring-boot-starter-web.version>
- <spring-boot-admin-starter-client.version>2.3.1</spring-boot-admin-starter-client.version>
- <org.springframework.version>5.3.2</org.springframework.version>
- <org.thymeleaf-spring5.version>3.0.11.RELEASE</org.thymeleaf-spring5.version>
- <cxf.version>3.4.1</cxf.version>
+ <spring-boot-starter-web.version>2.4.5</spring-boot-starter-web.version>
+ <spring-boot-admin-starter-client.version>2.4.1</spring-boot-admin-starter-client.version>
+ <org.springframework.version>5.3.6</org.springframework.version>
+ <org.thymeleaf-spring5.version>3.0.12.RELEASE</org.thymeleaf-spring5.version>
+ <cxf.version>3.3.5</cxf.version>
<eidas-ref.version>2.5.0</eidas-ref.version>
- <org.apache.commons-lang3.version>3.11</org.apache.commons-lang3.version>
+ <org.apache.commons-lang3.version>3.12.0</org.apache.commons-lang3.version>
<org.apache.commons-text.version>1.9</org.apache.commons-text.version>
<commons-collections4.version>4.4</commons-collections4.version>
- <com.google.guava.version>30.0-jre</com.google.guava.version>
- <joda-time.version>2.10.8</joda-time.version>
+ <com.google.guava.version>30.1.1-jre</com.google.guava.version>
+ <joda-time.version>2.10.10</joda-time.version>
<org.slf4j.version>1.7.30</org.slf4j.version>
- <jackson-datatype-jsr310.version>2.12.0</jackson-datatype-jsr310.version>
+ <jackson-datatype-jsr310.version>2.12.3</jackson-datatype-jsr310.version>
<!-- org.xerial.sqlite-jdbc.version>3.34.0</org.xerial.sqlite-jdbc.version -->
<javax.validation-api.version>2.0.1.Final</javax.validation-api.version>
<hibernate-validator.version>6.1.5.Final</hibernate-validator.version>
<!-- testing -->
- <junit.version>4.13.1</junit.version>
+ <junit.version>4.13.2</junit.version>
<surefire.version>2.22.2</surefire.version>
- <mockito-soap-cxf.version>1.0.5</mockito-soap-cxf.version>
+ <mockito-soap-cxf.version>1.2.0</mockito-soap-cxf.version>
<com.squareup.okhttp3.version>4.0.0</com.squareup.okhttp3.version>
<!-- Code quality checks -->
@@ -64,7 +64,7 @@
<!-- Build and assembly -->
- <org.projectlombok.lombok.version>1.18.12</org.projectlombok.lombok.version>
+ <org.projectlombok.lombok.version>1.18.20</org.projectlombok.lombok.version>
<maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
<versions-maven-plugin.version>2.8.1</versions-maven-plugin.version>
<license-maven-plugin>1.20</license-maven-plugin>
@@ -288,6 +288,11 @@
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-core</artifactId>
+ <version>${cxf.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
<version>${cxf.version}</version>
</dependency>
@@ -299,7 +304,7 @@
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
- <version>3.0.1</version>
+ <version>3.1.0</version>
<scope>provided</scope>
</dependency>
<dependency>