diff options
25 files changed, 873 insertions, 223 deletions
diff --git a/connector/pom.xml b/connector/pom.xml index 36a6d9df..c2039ad7 100644 --- a/connector/pom.xml +++ b/connector/pom.xml @@ -43,6 +43,15 @@ <artifactId>authmodule-eIDAS-v2</artifactId> </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_pvp2_core</artifactId> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_pvp2_sp</artifactId> + </dependency> + <!-- Third party libs --> <dependency> <groupId>org.springframework.boot</groupId> diff --git a/connector/src/main/resources/properties/status_messages_en.properties b/connector/src/main/resources/properties/status_messages_en.properties index c430fc90..9dcbe1a1 100644 --- a/connector/src/main/resources/properties/status_messages_en.properties +++ b/connector/src/main/resources/properties/status_messages_en.properties @@ -8,6 +8,7 @@ eidas.06=LoA from eIDAS response-message {0} does not match to requested LoA eidas.07=eIDAS Response attribute-validation FAILED. Attribute:{0} Reason: {1} eidas.08=An unexpected error occurred. eidas.09=An error occurred while loading your data from official registers. Please contact the support. +eidas.10=Invalid user input. config.01=No configuration-file parameter found. Maybe Java SystemD parameter is missing diff --git a/connector_lib/pom.xml b/connector_lib/pom.xml index f24a2801..8ed561f3 100644 --- a/connector_lib/pom.xml +++ b/connector_lib/pom.xml @@ -62,6 +62,14 @@ <type>test-jar</type> </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_pvp2_core</artifactId> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_pvp2_sp</artifactId> + </dependency> </dependencies> <build> diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml index f578c52d..6773cc41 100644 --- a/eidas_modules/authmodule-eIDAS-v2/pom.xml +++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml @@ -51,6 +51,15 @@ </dependency> <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_pvp2_core</artifactId> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_pvp2_sp</artifactId> + </dependency> + + <dependency> <groupId>iaik.prod</groupId> <artifactId>iaik_jce_full</artifactId> <version>5.52_moa</version> @@ -189,17 +198,7 @@ <artifactId>jose4j</artifactId> <version>0.7.2</version> </dependency> - <dependency> - <groupId>at.gv.egiz.eaaf</groupId> - <artifactId>eaaf_module_pvp2_core</artifactId> - <version>1.1.11</version> - <scope>compile</scope> - </dependency> - <dependency> - <groupId>at.gv.egiz.eaaf</groupId> - <artifactId>eaaf_module_pvp2_sp</artifactId> - <scope>compile</scope> - </dependency> + </dependencies> <build> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 858637e9..ba57b28e 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -180,4 +180,12 @@ public class Constants { public static final String COUNTRY_CODE_DE = "DE"; public static final String COUNTRY_CODE_IT = "IT"; + + public static final String TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK = "TASK_CreateNewErnpEntryTask"; + public static final String TRANSITION_TO_CREATE_GENERATE_GUI_TASK = "TASK_GenerateGuiTask"; + public static final String TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK = + "Task_GenerateGuiQueryAustrianResidenceTask"; + public static final String TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK = + "TASK_GenerateMobilePhoneSignatureRequestTask"; + public static final String TRANSITION_TO_GENERATE_EIDAS_LOGIN = "TASK_TODO"; } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java new file mode 100644 index 00000000..f28d8afa --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java @@ -0,0 +1,33 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; + +public class InvalidUserInputException extends EidasSAuthenticationException { + private static final long serialVersionUID = 1L; + + public InvalidUserInputException() { + super("eidas.10", null); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java new file mode 100644 index 00000000..30c8b65f --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java @@ -0,0 +1,121 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml.saml2.metadata.ContactPerson; +import org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration; +import org.opensaml.saml.saml2.metadata.EmailAddress; +import org.opensaml.saml.saml2.metadata.GivenName; +import org.opensaml.saml.saml2.metadata.Organization; +import org.opensaml.saml.saml2.metadata.OrganizationDisplayName; +import org.opensaml.saml.saml2.metadata.OrganizationName; +import org.opensaml.saml.saml2.metadata.OrganizationURL; +import org.opensaml.saml.saml2.metadata.SurName; +import org.springframework.beans.factory.annotation.Autowired; + +import java.util.Arrays; +import java.util.List; + +public class IdAustriaAuthPvpConfiguration implements IPvp2BasicConfiguration { + + private static final String DEFAULT_XML_LANG = "en"; + + @Autowired + private IConfiguration basicConfig; + + @Override + public String getIdpEntityId(String authUrl) throws EaafException { + return authUrl + IdAustriaClientAuthConstants.ENDPOINT_METADATA; + + } + + @Override + public String getIdpSsoPostService(String authUrl) throws EaafException { + return null; + + } + + @Override + public String getIdpSsoRedirectService(String authUrl) throws EaafException { + return null; + + } + + @Override + public String getIdpSsoSoapService(String extractAuthUrlFromRequest) throws EaafException { + return null; + + } + + @Override + public List<ContactPerson> getIdpContacts() throws EaafException { + final ContactPerson contactPerson = Saml2Utils.createSamlObject(ContactPerson.class); + final GivenName givenName = Saml2Utils.createSamlObject(GivenName.class); + final SurName surname = Saml2Utils.createSamlObject(SurName.class); + final EmailAddress emailAddress = Saml2Utils.createSamlObject(EmailAddress.class); + + givenName.setName(getAndVerifyFromConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_GIVENNAME)); + surname.setName(getAndVerifyFromConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_SURNAME)); + emailAddress.setAddress(getAndVerifyFromConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_EMAIL)); + + contactPerson.setType(ContactPersonTypeEnumeration.TECHNICAL); + contactPerson.setGivenName(givenName); + contactPerson.setSurName(surname); + contactPerson.getEmailAddresses().add(emailAddress); + + return Arrays.asList(contactPerson); + + } + + @Override + public Organization getIdpOrganisation() throws EaafException { + final Organization organisation = Saml2Utils.createSamlObject(Organization.class); + final OrganizationName orgName = Saml2Utils.createSamlObject(OrganizationName.class); + final OrganizationDisplayName orgDisplayName = Saml2Utils.createSamlObject(OrganizationDisplayName.class); + final OrganizationURL orgUrl = Saml2Utils.createSamlObject(OrganizationURL.class); + + orgName.setXMLLang(DEFAULT_XML_LANG); + orgName.setValue(getAndVerifyFromConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_NAME)); + + orgDisplayName.setXMLLang(DEFAULT_XML_LANG); + orgDisplayName.setValue(getAndVerifyFromConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME)); + + orgUrl.setXMLLang(DEFAULT_XML_LANG); + orgUrl.setValue(getAndVerifyFromConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_URL)); + + + organisation.getOrganizationNames().add(orgName); + organisation.getDisplayNames().add(orgDisplayName); + organisation.getURLs().add(orgUrl); + + return organisation; + } + + + @Override + public IConfiguration getBasicConfiguration() { + return basicConfig; + + } + + private String getAndVerifyFromConfiguration(String configKey) throws EaafConfigurationException { + final String value = basicConfig.getBasicConfiguration(configKey); + if (StringUtils.isEmpty(value)) { + throw new EaafConfigurationException("module.eidasauth.00", + new Object[]{configKey}); + + } + + return value; + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java index 69386194..2608cad1 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java @@ -19,7 +19,7 @@ public class IdAustriaClientAuthCredentialProvider extends AbstractCredentialPro @Autowired IConfiguration authConfig; - private static final String FRIENDLYNAME = "eIDAS centrial authentication"; + private static final String FRIENDLYNAME = "ID Austria authentication"; @Override public KeyStoreConfiguration getBasicKeyStoreConfig() throws EaafConfigurationException { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java index 546a2039..af1ef6f7 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java @@ -82,9 +82,6 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet log.trace("Starting GenerateMobilePhoneSignatureRequestTask"); //step 15a - //final IAhSpConfiguration spConfig = pendingReq.getServiceProviderConfiguration( - // IAhSpConfiguration.class); - // get entityID for ms-specific eIDAS node final String msNodeEntityID = "TODO"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index 99da21a1..2e754e14 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -207,13 +207,13 @@ public class InitialSearchTask extends AbstractAuthServletTask { MergedRegisterSearchResult mdsSearchResult = new MergedRegisterSearchResult(resultsZmr, resultsErnp); if (mdsSearchResult.getResultCount() == 0) { - executionContext.put("TASK_CreateNewErnpEntryTask", true); + executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK, true); } else { - executionContext.put("TASK_GenerateGuiTask", true); + executionContext.put(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK, true); } //TODO implement next phase and return correct value - return "TODO-Temporary-Endnode-105"; + return null; } private MergedRegisterSearchResult searchInZmrAndErnp(String personIdentifier) { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java index 34fbf507..977262bb 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java @@ -23,7 +23,9 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; @@ -46,33 +48,70 @@ import java.util.Enumeration; @Component("ReceiveGuiAustrianResidenceResponseTask") public class ReceiveGuiAustrianResidenceResponseTask extends AbstractAuthServletTask { - final String loginMethod = "loginSelection"; + final String formerResidenceAvailableParameterName = "formerResidenceAvailable"; + final String streetParameterName = "street"; + final String zipCodeParameterName = "zipcode"; + final String cityParameterName = "city"; + private final IZmrClient zmrClient; + + public ReceiveGuiAustrianResidenceResponseTask(IZmrClient zmrClient) { + this.zmrClient = zmrClient; + } //TODO @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - try { - log.trace("Starting ReceiveGuiAustrianResidenceResponseTask"); - // set parameter execution context - final Enumeration<String> reqParamNames = request.getParameterNames(); - while (reqParamNames.hasMoreElements()) { - final String paramName = reqParamNames.nextElement(); - if (StringUtils.isNotEmpty(paramName) - && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) - && loginMethod.equalsIgnoreCase(paramName)) { - String value = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); - SelectedLoginMethod selection = SelectedLoginMethod.valueOf(value); - executionContext.put(loginMethod, selection); - - } + log.trace("Starting ReceiveGuiAustrianResidenceResponseTask"); + // set parameter execution context + final Enumeration<String> reqParamNames = request.getParameterNames(); + String street = null; + String city = null; + String zipcode = null; + Boolean formerResidenceAvailable = false; + while (reqParamNames.hasMoreElements()) { + final String paramName = reqParamNames.nextElement(); + if (StringUtils.isNotEmpty(paramName) + && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) + && formerResidenceAvailableParameterName.equalsIgnoreCase(paramName)) { + formerResidenceAvailable = + Boolean.parseBoolean(StringEscapeUtils.escapeHtml(request.getParameter(paramName))); + } + if (StringUtils.isNotEmpty(paramName) + && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) + && streetParameterName.equalsIgnoreCase(paramName)) { + street = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); + } + if (StringUtils.isNotEmpty(paramName) + && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) + && cityParameterName.equalsIgnoreCase(paramName)) { + city = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); + } + if (StringUtils.isNotEmpty(paramName) + && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) + && zipCodeParameterName.equalsIgnoreCase(paramName)) { + zipcode = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); } - - } catch (final Exception e) { - log.error("Parsing selected login method FAILED.", e); - throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.", e); } + if (formerResidenceAvailable) { + //step 18 + if (street.isEmpty() || city.isEmpty() || zipcode.isEmpty()) { + //form should ensure that mandatory fields are field => + //this can never happen, expect somebody manipulated the response + throw new TaskExecutionException(pendingReq, "Invalid user input", new InvalidUserInputException()); + } + step18_RegisterSearch(street, city, zipcode);//TODO also MDS? + } else { + //step 20 or for now (phase 1) step 9 + executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK, true); + } + + + } + + private void step18_RegisterSearch(String street, String city, String zipcode) { + System.out.println(street + city + zipcode + zmrClient);//TODO } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java index fa787792..f8f22ce2 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java @@ -23,7 +23,9 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; @@ -62,7 +64,19 @@ public class ReceiveGuiResponseTask extends AbstractAuthServletTask { String value = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); SelectedLoginMethod selection = SelectedLoginMethod.valueOf(value); executionContext.put(loginMethod, selection); - + switch (selection) { + case EIDAS_LOGIN: + executionContext.put(Constants.TRANSITION_TO_GENERATE_EIDAS_LOGIN, true); + break; + case MOBILE_PHONE_SIGNATURE_LOGIN: + executionContext.put(Constants.TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK, true); + break; + case NO_OTHER_LOGIN: + executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); + break; + default: + throw new InvalidUserInputException(); + } } } } catch (final Exception e) { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java index 9d30b581..8b58f2e1 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java @@ -35,14 +35,13 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustri import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption; @@ -68,12 +67,13 @@ import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import javax.naming.ConfigurationException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.transform.TransformerException; import java.io.IOException; +import java.util.HashMap; import java.util.List; +import java.util.Set; /** * Task that searches ErnB and ZMR before adding person to SZR. @@ -132,140 +132,120 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends InboundMessage msg = null; - try { + IDecoder decoder = null; + EaafUriCompare comperator = null; + // select Response Binding + if (request.getMethod().equalsIgnoreCase("POST")) { + decoder = new PostBinding(); + comperator = new EaafUriCompare(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_POST); + log.trace("Receive PVP Response from 'ID Austria node', by using POST-Binding."); - IDecoder decoder = null; - EaafUriCompare comperator = null; - // select Response Binding - if (request.getMethod().equalsIgnoreCase("POST")) { - decoder = new PostBinding(); - comperator = new EaafUriCompare(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_POST); - log.trace("Receive PVP Response from 'ID Austria node', by using POST-Binding."); + } else if (request.getMethod().equalsIgnoreCase("GET")) { + decoder = new RedirectBinding(); + comperator = new EaafUriCompare(pendingReq.getAuthUrl() + + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT); + log.trace("Receive PVP Response from 'ID Austria node', by using Redirect-Binding."); - } else if (request.getMethod().equalsIgnoreCase("GET")) { - decoder = new RedirectBinding(); - comperator = new EaafUriCompare(pendingReq.getAuthUrl() - + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT); - log.trace("Receive PVP Response from 'ID Austria node', by using Redirect-Binding."); - - } else { - log.warn("Receive PVP Response, but Binding (" - + request.getMethod() + ") is not supported."); - throw new AuthnResponseValidationException(ERROR_PVP_03, new Object[]{ - IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}); - - } - - // decode PVP response object - msg = (InboundMessage) decoder.decode( - request, response, metadataProvider, IDPSSODescriptor.DEFAULT_ELEMENT_NAME, - comperator); - - // validate response signature - if (!msg.isVerified()) { - samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine( - metadataProvider)); - msg.setVerified(true); - - } - - // validate assertion - final Pair<PvpSProfileResponse, Boolean> processedMsg = - preProcessAuthResponse((PvpSProfileResponse) msg); - - //check if SAML2 response contains user-stop decision - if (processedMsg.getSecond()) { - stopProcessFromUserDecision(executionContext, request, response); - - } else { - // validate entityId of response - final String msNodeEntityID = authConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID); - final String respEntityId = msg.getEntityID(); - if (!msNodeEntityID.equals(respEntityId)) { - log.warn("Response Issuer is not a 'ms-specific eIDAS node'. Stopping eIDAS authentication ..."); - throw new AuthnResponseValidationException(ERROR_PVP_08, - new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, - msg.getEntityID()}); - - } + } else { + log.warn("Receive PVP Response, but Binding (" + + request.getMethod() + ") is not supported."); + throw new AuthnResponseValidationException(ERROR_PVP_03, new Object[]{ + IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}); - // initialize Attribute extractor - final AssertionAttributeExtractor extractor = - new AssertionAttributeExtractor(processedMsg.getFirst().getResponse()); + } - getAuthDataFromInterfederation(extractor); + // decode PVP response object + msg = (InboundMessage) decoder.decode( + request, response, metadataProvider, IDPSSODescriptor.DEFAULT_ELEMENT_NAME, + comperator); - // set NeedConsent to false, because user gives consont during authentication - pendingReq.setNeedUserConsent(false); + // validate response signature + if (!msg.isVerified()) { + samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine( + metadataProvider)); + msg.setVerified(true); - // store pending-request - requestStoreage.storePendingRequest(pendingReq); + } - //set E-ID process flag to execution context - // final AhAuthProcessDataWrapper session = pendingReq.getSessionData( - // AhAuthProcessDataWrapper.class); - // executionContext.put(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS, session.isEidProcess()); - // executionContext.put(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES, session.isMandateUsed()); + // validate assertion + final Pair<PvpSProfileResponse, Boolean> processedMsg = + preProcessAuthResponse((PvpSProfileResponse) msg); + //check if SAML2 response contains user-stop decision + if (processedMsg.getSecond()) { + stopProcessFromUserDecision(executionContext, request, response); - log.info("Receive a valid assertion from IDP " + msg.getEntityID()); + } else { + // validate entityId of response + final String msNodeEntityID = authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID); + final String respEntityId = msg.getEntityID(); + if (!msNodeEntityID.equals(respEntityId)) { + log.warn("Response Issuer is not a 'ID Austria node'. Stopping eIDAS authentication ..."); + throw new AuthnResponseValidationException(ERROR_PVP_08, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, + msg.getEntityID()}); } - } catch (final AuthnResponseValidationException e) { - throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e); - - } catch (MessageDecodingException | SecurityException | SamlSigningException e) { - //final String samlRequest = request.getParameter("SAMLRequest"); - //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}", - // samlRequest, null, e); - throw new TaskExecutionException(pendingReq, ERROR_MSG_00, - new AuthnResponseValidationException(ERROR_PVP_11, - new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e)); - - } catch (IOException | MarshallingException | TransformerException e) { - log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); - throw new TaskExecutionException(pendingReq, ERROR_MSG_01, - new AuthnResponseValidationException(ERROR_PVP_12, - new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, - e)); - - } catch (final CredentialsNotAvailableException e) { - log.debug("PVP response decrytion FAILED. No credential found.", e); - throw new TaskExecutionException(pendingReq, ERROR_MSG_02, - new AuthnResponseValidationException(ERROR_PVP_10, - new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e)); - - } catch (final Exception e) { - log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e); - throw new TaskExecutionException(pendingReq, ERROR_MSG_03, - new AuthnResponseValidationException(ERROR_PVP_12, - new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); + // initialize Attribute extractor + final AssertionAttributeExtractor extractor = + new AssertionAttributeExtractor(processedMsg.getFirst().getResponse()); + + String bpkzp = getAuthDataFromInterfederation(extractor); + + MergedRegisterSearchResult result = searchInZmrAndErnp(bpkzp); + if (result.getResultCount() == 0) { + //go to step 16 + executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); + return; + } else if (result.getResultCount() == 1) { + String bpk = + Utils.step7aKittProcess(ernpClient, zmrClient, initialSearchResult, result, eidData, pendingReq); + authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); + //node 110 + } else if (result.getResultCount() > 1) { + throw new ManualFixNecessaryException("bpkzp:" + bpkzp);// node 108 + } - } + // set NeedConsent to false, because user gives consont during authentication + pendingReq.setNeedUserConsent(false); + log.info("Receive a valid assertion from IDP " + msg.getEntityID()); - //TODO extract bPK-ZP from response - String bpkzp = "TODO"; - MergedRegisterSearchResult result = searchInZmrAndErnp(bpkzp); - if (result.getResultCount() == 0) { - //go to step 16 - //TODO set context variable - return; - } else if (result.getResultCount() == 1) { - String bpk = Utils.step7aKittProcess(ernpClient, zmrClient, initialSearchResult, result, eidData, pendingReq); - authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); - //node 110 - //TODO bpk vs bpkzp???? same? - } else if (result.getResultCount() > 1) { - throw new ManualFixNecessaryException("bpkzp:" + bpkzp);// node 108 } + } catch (final AuthnResponseValidationException e) { + throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e); + + } catch (MessageDecodingException | SecurityException | SamlSigningException e) { + //final String samlRequest = request.getParameter("SAMLRequest"); + //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}", + // samlRequest, null, e); + throw new TaskExecutionException(pendingReq, ERROR_MSG_00, + new AuthnResponseValidationException(ERROR_PVP_11, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e)); + + } catch (IOException | MarshallingException | TransformerException e) { + log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); + throw new TaskExecutionException(pendingReq, ERROR_MSG_01, + new AuthnResponseValidationException(ERROR_PVP_12, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, + e)); + + } catch (final CredentialsNotAvailableException e) { + log.debug("PVP response decrytion FAILED. No credential found.", e); + throw new TaskExecutionException(pendingReq, ERROR_MSG_02, + new AuthnResponseValidationException(ERROR_PVP_10, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e)); + } catch (final Exception e) { - log.error("Initial search FAILED.", e); - throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); + log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e); + throw new TaskExecutionException(pendingReq, ERROR_MSG_03, + new AuthnResponseValidationException(ERROR_PVP_12, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); } + } private Pair<PvpSProfileResponse, Boolean> preProcessAuthResponse(PvpSProfileResponse msg) @@ -325,44 +305,47 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends return null; } - private void getAuthDataFromInterfederation(AssertionAttributeExtractor extractor) - throws EaafBuilderException, ConfigurationException { + private String getAuthDataFromInterfederation(AssertionAttributeExtractor extractor) + throws EaafBuilderException { List<String> requiredEidasNodeAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES; - + String bpk = null; try { // check if all attributes are include if (!extractor.containsAllRequiredAttributes() || !extractor.containsAllRequiredAttributes( requiredEidasNodeAttributes)) { - log.warn("PVP Response from 'ms-specific eIDAS node' contains not all requested attributes."); + log.warn("PVP Response from 'ID Austria node' contains not all requested attributes."); throw new AssertionValidationExeption(ERROR_PVP_06, new Object[]{ IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}); } - // copy attributes into MOASession - // final AhAuthProcessDataWrapper session = pendingReq.getSessionData( - // AhAuthProcessDataWrapper.class); - // final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames(); - // for (final String attrName : includedAttrNames) { - // injectAuthInfosIntoSession(session, attrName, - // extractor.getSingleAttributeValue(attrName)); - // - // } - - //set piiTransactionId from eIDAS Connector - String piiTransactionId = extractor.getSingleAttributeValue( - ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME); - if (StringUtils.isNotEmpty(piiTransactionId) && pendingReq instanceof RequestImpl) { - log.info("Receive piiTransactionId from Austrian eIDAS Connector. Use this for further processing"); - ((RequestImpl) pendingReq).setUniquePiiTransactionIdentifier(piiTransactionId); + HashMap<String, String> map = new HashMap<>(); + final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames(); + for (final String attrName : includedAttrNames) { + map.put(attrName, extractor.getSingleAttributeValue(attrName)); - } else { - log.debug("Receive no piiTransactionId from Austrian eIDAS Connector."); + if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) { + bpk = extractor.getSingleAttributeValue(attrName); + } + //injectAuthInfosIntoSession(session, attrName, + // extractor.getSingleAttributeValue(attrName)); } + //set piiTransactionId from eIDAS Connector + // String piiTransactionId = extractor.getSingleAttributeValue( + // ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME); + // if (StringUtils.isNotEmpty(piiTransactionId) && pendingReq instanceof RequestImpl) { + // log.info("Receive piiTransactionId from Austrian eIDAS Connector. Use this for further processing"); + // ((RequestImpl) pendingReq).setUniquePiiTransactionIdentifier(piiTransactionId); + // + // } else { + // log.debug("Receive no piiTransactionId from Austrian eIDAS Connector."); + // + // } + // set foreigner flag // session.setForeigner(true); @@ -383,6 +366,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e); } + return bpk; } // private void injectAuthInfosIntoSession(AhAuthProcessDataWrapper session, String attrName, String attrValue) @@ -404,7 +388,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends // } else if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) { // session.setQaaLevel(attrValue); // - // // } else if (ExtendedPvpAttributeDefinitions.EID_MIS_MANDATE_NAME.equals(attrName) + // // } else if (ExtendedPvpAttributeDefinitions.EID_MIS_MANDATE_NAME.equals(attrName) // // && authConfig.getBasicConfigurationBoolean( // // IdAustriaClientAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) { // // session.setMandateDate(new SignedMandateDao(attrValue)); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index 992ad766..6b67379c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -49,13 +49,14 @@ to="receiveGuiResponseTask" /> <pd:Transition from="receiveGuiResponseTask" to="generateMobilePhoneSignatureRequestTask" - conditionExpression="ctx['TASK_TODO']"/> + conditionExpression="ctx['TASK_GenerateMobilePhoneSignatureRequestTask']"/> <pd:Transition from="generateMobilePhoneSignatureRequestTask" to="receiveMobilePhoneSignatureResponseTask" /> <pd:Transition from="receiveMobilePhoneSignatureResponseTask" to="createNewErnpEntryTask" /> <pd:Transition from="receiveGuiResponseTask" - to="generateGuiQueryAustrianResidenceTask" /> + to="generateGuiQueryAustrianResidenceTask" + conditionExpression="ctx['Task_GenerateGuiQueryAustrianResidenceTask']"/> <pd:Transition from="generateGuiQueryAustrianResidenceTask" to="receiveGuiAustrianResidenceResponseTask" /> @@ -65,7 +66,8 @@ conditionExpression="ctx['TASK_TODO']"/> <pd:Transition from="receiveGuiAustrianResidenceResponseTask" - to="createNewErnpEntryTask" /> + to="createNewErnpEntryTask" + conditionExpression="ctx['TASK_TODO']"/> <pd:Transition from="createNewErnpEntryTask" diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 680ec19c..5897fc78 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -134,14 +134,16 @@ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveGuiAustrianResidenceResponseTask" scope="prototype" /> - <bean id="eidasCentralAuthCredentialProvider" + <bean id="idAustriaClientAuthCredentialProvider" class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider" /> - <bean id="eidasCentralAuthMetadataProvider" - class=" at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider" /> + <bean id="idAustriaClientAuthMetadataProvider" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider" /> + + <bean id="idAustriaClientAuthMetadataController" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController" /> + - <bean id="eidasCentralAuthMetadataController" - class=" at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController" /> </beans>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java new file mode 100644 index 00000000..c99c6e6a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java @@ -0,0 +1,169 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.List; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController; +import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.UnmarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.metadata.resolver.filter.FilterException; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml.saml2.metadata.SPSSODescriptor; +import org.opensaml.security.x509.BasicX509Credential; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; +import net.shibboleth.utilities.java.support.xml.XMLParserException; + + +@RunWith(SpringJUnit4ClassRunner.class) +//@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties"}) +@TestPropertySource(locations = { "classpath:/config/junit_config_1_springboot.properties" }) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml" +}) +@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS) +@Ignore +public class IdAustriaClientAuthMetadataControllerTest { + + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + + @Autowired private IdAustriaClientAuthMetadataController controller; + @Autowired private IdAustriaClientAuthCredentialProvider credProvider; + @Autowired private DummyAuthConfigMap config; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void initialize() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + + } + + /** + * Single jUnit-test set-up. + */ + @Before + public void testSetup() { + httpReq = new MockHttpServletRequest("GET", "http://localhost/authhandler"); + httpReq.setContextPath("/authhandler"); + httpResp = new MockHttpServletResponse(); + + config.removeConfigValue("core.legacy.allowLegacyMode"); + config.removeConfigValue("modules.eidascentralauth.semper.mandates.active"); + config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.1"); + config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.2"); + config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.3"); + config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.4"); + config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.5"); + config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.6"); + + } + + @Test + public void buildMetadataValidInEidMode() throws IOException, EaafException, + XMLParserException, UnmarshallingException, FilterException { + config.putConfigValue("core.legacy.allowLegacyMode", "false"); + config.putConfigValue("modules.eidascentralauth.semper.mandates.active", "false"); + + //build metdata + controller.getSpMetadata(httpReq, httpResp); + + //check result + validateResponse(6); + + } + + private void validateResponse(int numberOfRequestedAttributes) throws UnsupportedEncodingException, + XMLParserException, UnmarshallingException, FilterException, CredentialsNotAvailableException { + Assert.assertEquals("HTTP Statuscode", 200, httpResp.getStatus()); + Assert.assertEquals("ContentType", "text/xml; charset=utf-8", httpResp.getContentType()); + Assert.assertEquals("ContentEncoding", "UTF-8", httpResp.getCharacterEncoding()); + + final String metadataXml = httpResp.getContentAsString(); + Assert.assertNotNull("XML Metadata", metadataXml); + + final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), new ByteArrayInputStream(metadataXml.getBytes("UTF-8"))); + + Assert.assertEquals("EntityId", + "http://localhost/authhandler" + IdAustriaClientAuthConstants.ENDPOINT_METADATA, + metadata.getEntityID()); + + //check XML scheme + final SchemaValidationFilter schemaFilter = new SchemaValidationFilter(); + schemaFilter.filter(metadata); + + //check signature + final SimpleMetadataSignatureVerificationFilter sigFilter = + new SimpleMetadataSignatureVerificationFilter(credProvider.getKeyStore().getFirst(), + metadata.getEntityID()); + sigFilter.filter(metadata); + + //check content + final SPSSODescriptor spSsoDesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); + Assert.assertNotNull("SPSSODescr.", spSsoDesc); + + Assert.assertFalse("AssertionConsumerServices", + spSsoDesc.getAssertionConsumerServices().isEmpty()); + Assert.assertFalse("ContactPersons", + metadata.getContactPersons().isEmpty()); + Assert.assertNotNull("ContactPersons", + metadata.getOrganization()); + + Assert.assertFalse("KeyDescriptors", + spSsoDesc.getKeyDescriptors().isEmpty()); + Assert.assertEquals("#KeyDescriptors", 2, spSsoDesc.getKeyDescriptors().size()); + + Assert.assertFalse("NameIDFormats", + spSsoDesc.getNameIDFormats().isEmpty()); + Assert.assertEquals("wrong NameIDFormats", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + spSsoDesc.getNameIDFormats().get(0).getFormat()); + + Assert.assertFalse("AttributeConsumingServices", + spSsoDesc.getAttributeConsumingServices().isEmpty()); + Assert.assertEquals("#RequestAttributes", numberOfRequestedAttributes, + spSsoDesc.getAttributeConsumingServices().get(0).getRequestAttributes().size()); + + } + + private List<BasicX509Credential> convertX509Certs(List<X509Certificate> certs) { + final List<BasicX509Credential> result = new ArrayList<>(); + for (final X509Certificate cert : certs) { + result.add(new BasicX509Credential(cert)); + + } + return result; + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java index ac188cda..95986c49 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java @@ -46,7 +46,6 @@ import org.apache.commons.lang3.RandomStringUtils; import org.jetbrains.annotations.NotNull; import org.junit.Assert; import org.junit.Before; -import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; @@ -62,7 +61,6 @@ import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import javax.xml.namespace.QName; -import java.io.IOException; import java.net.URI; import java.net.URISyntaxException; import java.util.ArrayList; @@ -97,7 +95,7 @@ public class InitialSearchTaskTest { private final String randomGivenName = RandomStringUtils.randomAlphabetic(10); private final String randomPlaceOfBirth = RandomStringUtils.randomAlphabetic(10); private final String randomBirthName = RandomStringUtils.randomAlphabetic(10); - private final String randomDate = "2011-01-" + (10 + new Random().nextInt(18)); + private final String randomBirthDate = "2011-01-" + (10 + new Random().nextInt(18)); // /** // * jUnit class initializer. @@ -138,7 +136,7 @@ public class InitialSearchTaskTest { public void testNode100_UserIdentifiedUpdateNecessary_a() throws Exception { String newFirstName = RandomStringUtils.randomAlphabetic(10); Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList( - new RegisterResult(randomBpk, randomIdentifier, newFirstName, randomFamilyName, randomDate))); + new RegisterResult(randomBpk, randomIdentifier, newFirstName, randomFamilyName, randomBirthDate))); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); task.execute(pendingReq, executionContext); @@ -158,7 +156,7 @@ public class InitialSearchTaskTest { Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); String newRandomGivenName = RandomStringUtils.randomAlphabetic(10); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList( - new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomDate))); + new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomBirthDate))); task.execute(pendingReq, executionContext); String bPk = (String) @@ -175,9 +173,9 @@ public class InitialSearchTaskTest { @DirtiesContext public void testNode101_ManualFixNecessary_a() { ArrayList<RegisterResult> zmrResult = new ArrayList<>(); - zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate)); + zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate)); String newRandomGivenName = randomGivenName + RandomStringUtils.randomAlphabetic(2); - zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomDate)); + zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomBirthDate)); Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); @@ -197,10 +195,10 @@ public class InitialSearchTaskTest { public void testNode101_ManualFixNecessary_b() { Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); ArrayList<RegisterResult> ernpResult = new ArrayList<>(); - ernpResult.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName, randomFamilyName, randomDate)); + ernpResult.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName, randomFamilyName, randomBirthDate)); String newRandomGivenName = randomGivenName + RandomStringUtils.randomAlphabetic(2); ernpResult.add( - new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomDate)); + new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomBirthDate)); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); TaskExecutionException exception = assertThrows(TaskExecutionException.class, @@ -218,7 +216,7 @@ public class InitialSearchTaskTest { public void testNode102_UserIdentified_a() throws Exception { Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList( - new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate))); + new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate))); task.execute(pendingReq, executionContext); String bPk = (String) @@ -234,7 +232,7 @@ public class InitialSearchTaskTest { @DirtiesContext public void testNode102_UserIdentified_b() throws Exception { Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList( - new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate))); + new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate))); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); task.execute(pendingReq, executionContext); @@ -260,7 +258,7 @@ public class InitialSearchTaskTest { String newRandomIdentifier = randomIdentifier + RandomStringUtils.randomNumeric(2); Mockito.when(zmrClient.searchItSpecific(taxNumber)).thenReturn(Collections.singletonList( new RegisterResult(randomBpk, newRandomIdentifier, randomGivenName, randomFamilyName, - randomDate, null, null, taxNumber, null))); + randomBirthDate, null, null, taxNumber, null))); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); task = new InitialSearchTask( Collections.singletonList(new ItSpecificDetailSearchProcessor(ernpClient, zmrClient)), @@ -282,15 +280,15 @@ public class InitialSearchTaskTest { public void testNode103_UserIdentified_DE() throws Exception { final AuthenticationResponse response = buildDummyAuthResponseDE(randomGivenName, randomFamilyName, randomPseudonym, - randomDate, randomPlaceOfBirth, randomBirthName); + randomBirthDate, randomPlaceOfBirth, randomBirthName); TestRequestImpl pendingReq1 = new TestRequestImpl(); pendingReq1.getSessionData(AuthProcessDataWrapper.class) .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomDate, randomPlaceOfBirth, + Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomBirthDate, randomPlaceOfBirth, randomBirthName)) .thenReturn(Collections.singletonList(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, - randomFamilyName, randomDate, randomPlaceOfBirth, randomBirthName, null, null))); + randomFamilyName, randomBirthDate, randomPlaceOfBirth, randomBirthName, null, null))); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); task = new InitialSearchTask( Collections.singletonList(new DeSpecificDetailSearchProcessor(ernpClient, zmrClient)), @@ -314,18 +312,18 @@ public class InitialSearchTaskTest { String newRandomBpk = randomBpk + RandomStringUtils.randomNumeric(6); final AuthenticationResponse response = buildDummyAuthResponseDE(randomGivenName, randomFamilyName, randomPseudonym, - randomDate, randomPlaceOfBirth, randomBirthName); + randomBirthDate, randomPlaceOfBirth, randomBirthName); TestRequestImpl pendingReq1 = new TestRequestImpl(); pendingReq1.getSessionData(AuthProcessDataWrapper.class) .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); ArrayList<RegisterResult> zmrResultSpecific = new ArrayList<>(); zmrResultSpecific.add( - new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate, + new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate, randomPlaceOfBirth, randomBirthName, null, null)); - zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName, randomFamilyName, randomDate, + zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName, randomFamilyName, randomBirthDate, randomPlaceOfBirth, randomBirthName, null, null)); - Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomDate, randomPlaceOfBirth, + Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomBirthDate, randomPlaceOfBirth, randomBirthName)).thenReturn(zmrResultSpecific); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); task = new InitialSearchTask( @@ -354,11 +352,11 @@ public class InitialSearchTaskTest { ArrayList<RegisterResult> zmrResultSpecific = new ArrayList<>(); String randomPseudonym = IT_ST + randomIdentifier + "4"; zmrResultSpecific.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName, - randomFamilyName, randomDate, null, null, randomTaxNumber, null)); + randomFamilyName, randomBirthDate, null, null, randomTaxNumber, null)); String newRandomPseudonym = IT_ST + randomIdentifier + "5"; String newRandomBpk = RandomStringUtils.randomNumeric(6); zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName, - randomFamilyName, randomDate, null, null, randomTaxNumber, null)); + randomFamilyName, randomBirthDate, null, null, randomTaxNumber, null)); Mockito.when(zmrClient.searchItSpecific(randomTaxNumber)).thenReturn(zmrResultSpecific); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); task = new InitialSearchTask( @@ -373,11 +371,11 @@ public class InitialSearchTaskTest { } /** - * NO match found in ZMR and ErnP with Initial search + * NO match found in ZMR and ErnP with Initial and MDS search */ @Test @DirtiesContext - public void testNode105_TemporaryEnd() throws TaskExecutionException { + public void testNode505_TransitionToErnbTask() throws TaskExecutionException { Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); @@ -386,18 +384,99 @@ public class InitialSearchTaskTest { String bPk = (String) pendingReq.getSessionData(AuthProcessDataWrapper.class) .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertEquals("Wrong bpk", "TODO-Temporary-Endnode-105", bPk); + Assert.assertEquals("Wrong bpk", null, bPk); + + Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK); + Assert.assertEquals("Wrong transition", null, transitionGUI); + Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK); + Assert.assertEquals("Wrong transition", true, transitionErnb); + } + + /** + * NO match found in ZMR and ErnP with Initial search, one match with MDS search in Ernb + */ + @Test + @DirtiesContext + public void testNode505_TransitionToGUI_Ernb() throws TaskExecutionException { + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); + + Mockito.when(ernpClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn( + Collections.singletonList( + new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate))); + + task.execute(pendingReq, executionContext); + + String bPk = (String) + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + Assert.assertEquals("Wrong bpk", null, bPk); + Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK); + Assert.assertEquals("Wrong transition", true, transitionGUI); + Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK); + Assert.assertEquals("Wrong transition", null, transitionErnb); + } + + /** + * NO match found in ZMR and ErnP with Initial search, one match with MDS search in ZMR + */ + @Test + @DirtiesContext + public void testNode505_TransitionToGUI_Zmr() throws TaskExecutionException { + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); + + Mockito.when(zmrClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn( + Collections.singletonList( + new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate))); + + task.execute(pendingReq, executionContext); + + String bPk = (String) + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + Assert.assertEquals("Wrong bpk", null, bPk); + Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK); + Assert.assertEquals("Wrong transition", true, transitionGUI); + Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK); + Assert.assertEquals("Wrong transition", null, transitionErnb); } + /** + * NO match found in ZMR and ErnP with Initial search, multiple matches found with MDS search + */ + @Test + @DirtiesContext + public void testNode505_TransitionToGUI_Ernb_multi() throws TaskExecutionException { + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); + ArrayList<RegisterResult> ernbResult = new ArrayList<>(); + ernbResult.add(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, + randomBirthDate)); + ernbResult.add(new RegisterResult(randomBpk+"1", randomIdentifier, randomGivenName, randomFamilyName, + randomBirthDate)); + Mockito.when(ernpClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn(ernbResult); + + task.execute(pendingReq, executionContext); + + String bPk = (String) + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + Assert.assertEquals("Wrong bpk", null, bPk); + Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK); + Assert.assertEquals("Wrong transition", true, transitionGUI); + Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK); + Assert.assertEquals("Wrong transition", null, transitionErnb); + } @NotNull private AuthenticationResponse buildDummyAuthResponseRandomPerson() throws URISyntaxException { - return buildDummyAuthResponse(randomGivenName, randomFamilyName, DE_ST + randomIdentifier, randomDate); + return buildDummyAuthResponse(randomGivenName, randomFamilyName, DE_ST + randomIdentifier, randomBirthDate); } private AuthenticationResponse buildDummyAuthResponseRandomPersonIT_Tax(String taxNumber) throws URISyntaxException { - return buildDummyAuthResponse(randomGivenName, randomFamilyName, IT_ST + randomIdentifier, randomDate, + return buildDummyAuthResponse(randomGivenName, randomFamilyName, IT_ST + randomIdentifier, randomBirthDate, taxNumber, null, null); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java index d0ab50f4..35f1a91b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java @@ -54,8 +54,11 @@ import eu.eidas.auth.commons.light.impl.LightRequest.Builder; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(locations = { "/SpringTest-context_tasks_test.xml", - "/SpringTest-context_basic_realConfig.xml"}) -@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties"}) + "/SpringTest-context_basic_realConfig.xml", + //"/SpringTest-context_basic_mapConfig.xml" + }) +@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties", "classpath:/config" + + "/junit_config_1_springboot.properties"}) @DirtiesContext(classMode = ClassMode.AFTER_CLASS) public class EidasRequestPreProcessingFirstTest { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml index 5a7f4161..ed636eed 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml @@ -102,4 +102,31 @@ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask" scope="prototype" /> + <bean id="GenerateGuiQueryAustrianResidenceTask" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateGuiQueryAustrianResidenceTask" + scope="prototype" /> + + <bean id="ReceiveGuiAustrianResidenceResponseTask" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveGuiAustrianResidenceResponseTask" + scope="prototype" /> + + <bean id="idAustriaClientAuthCredentialProvider" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider" /> + + <bean id="idAustriaClientAuthMetadataProvider" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider" /> + + <bean id="idAustriaClientAuthMetadataController" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController" /> + + <bean id="idAustriaClientPvpMetadataResolverFactory" + class="at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory" /> + + <bean id="pvpMetadataBuilder" + class="at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder" /> + + <bean id="idAustriaAuthPvpConfiguration" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaAuthPvpConfiguration" /> + + </beans>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties index a662379c..df64b494 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties @@ -114,4 +114,36 @@ eidas.ms.configuration.sp.disableRegistrationRequirement= eidas.ms.configuration.restrictions.baseID.spTransmission= eidas.ms.configuration.auth.default.countrycode= eidas.ms.configuration.pvp.scheme.validation= -eidas.ms.configuration.pvp.enable.entitycategories=
\ No newline at end of file +eidas.ms.configuration.pvp.enable.entitycategories= + + + + +## PVP2 S-Profile ID Austria client configuration + +eidas.ms.modules.idaustriaclient.keystore.path=../keystore/junit_test.jks +eidas.ms.modules.idaustriaclient.keystore.password=password +eidas.ms.modules.idaustriaclient.keystore.type=jks + +eidas.ms.modules.idaustriaclient.metadata.sign.alias=meta +eidas.ms.modules.idaustriaclient.metadata.sign.password=password +eidas.ms.modules.idaustriaclient.request.sign.alias=sig +eidas.ms.modules.idaustriaclient.request.sign.password=password +eidas.ms.modules.idaustriaclient.response.encryption.alias=enc +eidas.ms.modules.idaustriaclient.response.encryption.password=password + +eidas.ms.modules.idaustriaclient.truststore.path=../keystore/junit_test.jks +eidas.ms.modules.idaustriaclient.truststore.password=password +eidas.ms.modules.idaustriaclient.truststore.type=jks + +eidas.ms.modules.idaustriaclient.node.entityId= +eidas.ms.modules.idaustriaclient.sp.entityId= +eidas.ms.modules.idaustriaclient.node.metadataUrl= + +eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit +eidas.ms.modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.modules.idaustriaclient.metadata.organisation.url=http://junit.test +eidas.ms.modules.idaustriaclient.metadata.contact.givenname=Max +eidas.ms.modules.idaustriaclient.metadata.contact.surname=Mustermann +eidas.ms.modules.idaustriaclient.metadata.contact.email=max@junit.test + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties new file mode 100644 index 00000000..fc0c7241 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties @@ -0,0 +1,119 @@ +## embbeded Tomcat +tomcat.workingdir=./target/work +tomcat.ajp.enabled=true +tomcat.ajp.port=8009 +tomcat.ajp.networkAddress=127.0.0.1 +tomcat.ajp.additionalAttributes.secretrequired=true +tomcat.ajp.additionalAttributes.secret=junit + +## Basic service configuration +eidas.ms.context.url.prefix=http://localhost +eidas.ms.core.configRootDir=file:./src/test/resources/config/ + +eidas.ms.context.use.clustermode=true + +##Monitoring +eidas.ms.monitoring.eIDASNode.metadata.url=http://localhost:40900/mockup + +## extended validation of pending-request Id's +eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret + +## eIDAS Ref. Implementation connector ### +eidas.ms.auth.eIDAS.node_v2.forward.endpoint=http://eidas.node/junit + +eidas.ms.auth.eIDAS.szrclient.useTestService=true +eidas.ms.auth.eIDAS.szrclient.endpoint.prod= +eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/junit.jks +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password=password +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password= + +#tech. AuthBlock signing for E-ID process +eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s +eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair +eidas.ms.auth.eIDAS.authblock.keystore.path=keys/teststore.jks +eidas.ms.auth.eIDAS.authblock.keystore.type=jks +eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair +eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s + + +#Raw eIDAS Id data storage +eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true +eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false + + + +## PVP2 S-Profile end-point configuration +eidas.ms.pvp2.keystore.type=jks +eidas.ms.pvp2.keystore.path=keys/junit.jks +eidas.ms.pvp2.keystore.password=password +eidas.ms.pvp2.key.metadata.alias=meta +eidas.ms.pvp2.key.metadata.password=password +eidas.ms.pvp2.key.signing.alias=sig +eidas.ms.pvp2.key.signing.password=password +eidas.ms.pvp2.metadata.validity=24 + +eidas.ms.pvp2.metadata.organisation.name=JUnit +eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.pvp2.metadata.organisation.url=http://junit.test +eidas.ms.pvp2.metadata.contact.givenname=Max +eidas.ms.pvp2.metadata.contact.surname=Mustermann +eidas.ms.pvp2.metadata.contact.email=max@junit.test + +## Service Provider configuration +eidas.ms.sp.0.uniqueID=https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata +eidas.ms.sp.0.pvp2.metadata.truststore=keys/junit.jks +eidas.ms.sp.0.pvp2.metadata.truststore.password=password +eidas.ms.sp.0.friendlyName=jUnit test +eidas.ms.sp.0.newEidMode=true + +#eidas.ms.sp.0.pvp2.metadata.url= +#eidas.ms.sp.0.policy.allowed.requested.targets=.* +#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false + +## Service Provider configuration +eidas.ms.sp.1.uniqueID=https://demo.egiz.gv.at/junit_test +eidas.ms.sp.1.pvp2.metadata.truststore=keys/junit.jks +eidas.ms.sp.1.pvp2.metadata.truststore.password=password +eidas.ms.sp.1.friendlyName=jUnit test +eidas.ms.sp.1.pvp2.metadata.url=http://junit.test/metadata +eidas.ms.sp.1.policy.allowed.requested.targets=test +eidas.ms.sp.1.policy.hasBaseIdTransferRestriction=true + +## PVP2 S-Profile client configuration +#eidas.ms.modules.idaustriaclient.keystore.type=jks +#eidas.ms.modules.idaustriaclient.keystore.path=keys/junit.jks1 +#eidas.ms.modules.idaustriaclient.keystore.password=password +#eidas.ms.modules.idaustriaclient.key.metadata.alias=meta +#eidas.ms.modules.idaustriaclient.key.metadata.password=password +#eidas.ms.modules.idaustriaclient.key.signing.alias=sig +#eidas.ms.modules.idaustriaclient.key.signing.password=password +#eidas.ms.modules.idaustriaclient.metadata.validity=24 + +eidas.ms.modules.idaustriaclient.keystore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaclient.keystore.password=password +eidas.ms.modules.idaustriaclient.keystore.type=jks + +eidas.ms.modules.idaustriaclient.metadata.sign.alias=meta +eidas.ms.modules.idaustriaclient.metadata.sign.password=password +eidas.ms.modules.idaustriaclient.request.sign.alias=sig +eidas.ms.modules.idaustriaclient.request.sign.password=password +eidas.ms.modules.idaustriaclient.response.encryption.alias=enc +eidas.ms.modules.idaustriaclient.response.encryption.password=password + +eidas.ms.modules.idaustriaclient.truststore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaclient.truststore.password=password +eidas.ms.modules.idaustriaclient.truststore.type=jks + +eidas.ms.modules.idaustriaclient.node.entityId= +eidas.ms.modules.idaustriaclient.sp.entityId= +eidas.ms.modules.idaustriaclient.node.metadataUrl= + +eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit +eidas.ms.modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.modules.idaustriaclient.metadata.organisation.url=http://junit.test +eidas.ms.modules.idaustriaclient.metadata.contact.givenname=Max +eidas.ms.modules.idaustriaclient.metadata.contact.surname=Mustermann +eidas.ms.modules.idaustriaclient.metadata.contact.email=max@junit.test + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/junit_test.jks b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/junit_test.jks Binary files differnew file mode 100644 index 00000000..ee6254a9 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/junit_test.jks diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/teststore.jks b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/teststore.jks Binary files differnew file mode 100644 index 00000000..fcc6400c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/teststore.jks diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/junit_test.jks b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/junit_test.jks Binary files differnew file mode 100644 index 00000000..ee6254a9 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/junit_test.jks @@ -142,6 +142,16 @@ <version>${eaaf-core.version}</version> </dependency> <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_pvp2_core</artifactId> + <version>${eaaf-core.version}</version> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_pvp2_sp</artifactId> + <version>${eaaf-core.version}</version> + </dependency> + <dependency> <groupId>at.asitplus.eidas.ms_specific</groupId> <artifactId>ms_specific_connector</artifactId> <type>war</type> @@ -345,12 +355,6 @@ <type>test-jar</type> </dependency> <dependency> - <groupId>at.gv.egiz.eaaf</groupId> - <artifactId>eaaf_module_pvp2_sp</artifactId> - <version>${eaaf-core.version}</version> - <scope>test</scope> - </dependency> - <dependency> <groupId>at.asitplus.eidas.ms_specific</groupId> <artifactId>connector_lib</artifactId> <version>${egiz.eidas.version}</version> |