diff options
Diffstat (limited to 'connector/src')
9 files changed, 600 insertions, 10 deletions
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificSpringBootApplicationContextInitializer.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificSpringBootApplicationContextInitializer.java index 5160bdf5..399d1286 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificSpringBootApplicationContextInitializer.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificSpringBootApplicationContextInitializer.java @@ -41,7 +41,7 @@ public class MsSpecificSpringBootApplicationContextInitializer extends } super.initialize(applicationContext); - + } private void injectConfiguration(String configPath, ConfigurableApplicationContext applicationContext) { diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/SpringBootApplicationInitializer.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/SpringBootApplicationInitializer.java index 0d3226bf..f0cf8698 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/SpringBootApplicationInitializer.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/SpringBootApplicationInitializer.java @@ -4,8 +4,11 @@ import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.context.ConfigurableApplicationContext; +import at.gv.egiz.eaaf.core.api.IStatusMessenger; import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory; import at.gv.egiz.eaaf.core.impl.logging.SimpleStatusMessager; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; import lombok.extern.slf4j.Slf4j; @Slf4j @@ -18,8 +21,9 @@ public class SpringBootApplicationInitializer { * Starts MS-specific eIDAS-Implementation SpringBoot application. * * @param args Starting parameters + * @throws Throwable In case of a start-up error */ - public static void main(final String[] args) { + public static void main(final String[] args) throws Throwable { try { log.info("=============== Initializing Spring-Boot context! ==============="); LogMessageProviderFactory.setStatusMessager(new SimpleStatusMessager()); @@ -27,9 +31,18 @@ public class SpringBootApplicationInitializer { new SpringApplication(SpringBootApplicationInitializer.class); springApp.addInitializers(new MsSpecificSpringBootApplicationContextInitializer()); + log.info("Bootstrap openSAML .... "); + EaafOpenSaml3xInitializer.eaafInitialize(); + log.debug("Run SpringBoot initialization process ... "); ctx = springApp.run(args); + // initialize status messenger + LogMessageProviderFactory.setStatusMessager(ctx.getBean(IStatusMessenger.class)); + + log.info("Seed random number generator ... "); + Random.seedRandom(); + log.info("Initialization of MS-specific eIDAS-Implementation finished."); } catch (final Throwable e) { diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java index d38da6fe..073f7513 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java @@ -94,8 +94,8 @@ public class StatusMessageProvider implements IStatusMessenger { public String getResponseErrorCode(Throwable throwable) { String errorCode = IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; if (throwable instanceof EaafException) { - errorCode = ((EaafException) throwable).getErrorId(); - + errorCode = mapInternalErrorToExternalError(((EaafException) throwable).getErrorId()); + } // TODO: maybe more internal switches are required diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index 2cb0c83a..68e07714 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -13,13 +13,15 @@ app.build.artifactId=ms_connector spring.boot.admin.client.enabled=false + + ############################################################################# ## MS-speccific eIDAS-Connector configuration #proxy.context.url.prefix= eidas.ms.context.url.request.validation=false #proxy.configRootDir=file:/.../config/ eidas.ms.context.use.clustermode=true - +eidas.ms.core.logging.level.info.errorcodes=auth.21 ##Monitoring eidas.ms.monitoring.eIDASNode.metadata.url= diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java new file mode 100644 index 00000000..5206c2e5 --- /dev/null +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java @@ -0,0 +1,485 @@ +package at.asitplus.eidas.specific.connector.test; + +import static org.mockito.ArgumentMatchers.any; +import static org.powermock.api.mockito.PowerMockito.when; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.net.URISyntaxException; +import java.util.Map; +import java.util.Timer; + +import javax.xml.transform.TransformerException; + +import org.apache.commons.lang3.RandomStringUtils; +import org.apache.ignite.Ignition; +import org.joda.time.DateTime; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Rule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.config.InitializationException; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.core.xml.io.UnmarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.metadata.resolver.impl.ResourceBackedMetadataResolver; +import org.opensaml.saml.saml2.core.RequestAbstractType; +import org.opensaml.saml.saml2.core.StatusResponseType; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.core.io.ResourceLoader; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ActiveProfiles; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.web.servlet.setup.DefaultMockMvcBuilder; +import org.springframework.test.web.servlet.setup.MockMvcBuilders; +import org.springframework.util.Base64Utils; +import org.springframework.web.context.WebApplicationContext; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import com.skjolberg.mockito.soap.SoapServiceRule; + +import at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalController; +import at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint; +import at.asitplus.eidas.specific.connector.provider.PvpEndPointCredentialProvider; +import at.asitplus.eidas.specific.connector.provider.PvpMetadataProvider; +import at.asitplus.eidas.specific.connector.test.saml2.Pvp2SProfileEndPointTest; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.light.ILightRequest; +import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse; +import eu.eidas.auth.commons.tx.BinaryLightToken; +import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; +import eu.eidas.specificcommunication.exception.SpecificCommunicationException; +import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; +import lombok.val; +import net.shibboleth.utilities.java.support.component.ComponentInitializationException; +import net.shibboleth.utilities.java.support.xml.XMLParserException; +import szrservices.SZR; +import szrservices.SignContentEntry; +import szrservices.SignContentResponseType; + +@RunWith(SpringJUnit4ClassRunner.class) +@SpringBootTest +@ContextConfiguration(initializers = { + org.springframework.boot.context.config.DelegatingApplicationContextInitializer.class, + SpringBootApplicationContextInitializer.class + }) +@TestPropertySource(locations = { "file:src/test/resources/config/junit_config_1_springboot.properties" }) +@DirtiesContext(classMode = ClassMode.AFTER_CLASS) +@ActiveProfiles(profiles = {"JUNIT", "jUnitTestMode", "springBoot"}) +public class FullStartUpAndProcessTest { + + private static final String FINAL_REDIRECT = "http://localhost/finalizeAuthProtocol?pendingid="; + + @Autowired private WebApplicationContext wac; + @Autowired private PvpEndPointCredentialProvider credentialProvider; + @Autowired private PvpMetadataProvider metadataProvider; + @Autowired private ResourceLoader resourceLoader; + @Autowired private EidasAttributeRegistry attrRegistry; + + @Autowired private Pvp2SProfileEndpoint sProfile; + @Autowired private ProcessEngineSignalController signal; + @Autowired private EidasSignalServlet eidasSignal; + @Autowired private ProtocolFinalizationController finalize; + + @Rule + public final SoapServiceRule soap = SoapServiceRule.newInstance(); + + private SZR szrMock; + + private String cc; + private String givenName; + private String familyName; + private String dateOfBirth; + private String personalId; + private String vsz; + private String eidasBind; + + + /** + * jUnit class initializer. + * @throws InterruptedException In case of an error + * @throws ComponentInitializationException In case of an error + * @throws InitializationException In case of an error + * + */ + @BeforeClass + public static void classInitializer() throws InterruptedException, InitializationException, ComponentInitializationException { + final String current = new java.io.File(".").toURI().toString(); + System.clearProperty("eidas.ms.configuration"); + + //eIDAS Ref. Impl. properties + System.setProperty("EIDAS_CONFIG_REPOSITORY", current.substring("file:".length()) + + "../basicConfig/eIDAS/"); + System.setProperty("SPECIFIC_CONNECTOR_CONFIG_REPOSITORY", current.substring("file:".length()) + + "../basicConfig/eIDAS/"); + System.setProperty("SPECIFIC_PROXY_SERVICE_CONFIG_REPOSITORY", current.substring("file:".length()) + + "../basicConfig/eIDAS/"); + + EaafOpenSaml3xInitializer.eaafInitialize(); + + } + + /** + * Test shut-down. + * + * @throws IOException In case of an error + */ + @AfterClass + public static void closeIgniteNode() throws IOException { + System.out.println("Closiong Ignite Node ... "); + Ignition.stopAll(true); + + } + + /** + * jUnit test set-up. + * + * + */ + @Before + public void setup() throws IOException { + DefaultMockMvcBuilder builder = MockMvcBuilders.webAppContextSetup(this.wac); + @SuppressWarnings("rawtypes") + Map<String, FilterRegistrationBean> filters = wac.getBeansOfType(FilterRegistrationBean.class); + for (FilterRegistrationBean<?> filter : filters.values()) { + if (filter.isEnabled()) { + builder.addFilter(filter.getFilter(), "/*"); + + } + } + + szrMock = soap.mock(SZR.class, "http://localhost:1234/demoszr"); + + + + cc = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + personalId = cc + "/AT/" + RandomStringUtils.randomNumeric(64); + familyName = RandomStringUtils.randomAlphabetic(10); + givenName = RandomStringUtils.randomAlphabetic(10); + dateOfBirth = "2015-10-12"; + + vsz = RandomStringUtils.randomNumeric(10); + eidasBind = RandomStringUtils.randomAlphanumeric(50); + + } + + @Test + public void userStopProcess() throws UnsupportedEncodingException, XMLParserException, UnmarshallingException, + TransformerException, IOException, MarshallingException, ComponentInitializationException, EaafException { + //start authentication process by sending a SAML2 Authn-Request + MockHttpServletRequest saml2Req = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); + injectSaml2AuthnReq(saml2Req); + MockHttpServletResponse selectCountryResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(saml2Req, selectCountryResp)); + + // send SAML2 AuthnRequest + sProfile.pvpIdpPostRequest(saml2Req, selectCountryResp); + + //check country-selection response + Assert.assertEquals("no country-selection page", 200, selectCountryResp.getStatus()); + Assert.assertEquals("cc-selection page", "text/html;charset=UTF-8", selectCountryResp.getContentType()); + String selectionPage = selectCountryResp.getContentAsString(); + Assert.assertNotNull("selectionPage is null", selectionPage); + Assert.assertFalse("selectionPage is empty", selectionPage.isEmpty()); + + String pendingReqId = extractRequestToken(selectionPage, + "<input type=\"hidden\" name=\"pendingid\" value=\""); + Assert.assertFalse("PendingReqId", pendingReqId.isEmpty()); + + + // set-up user-stop request + MockHttpServletRequest userStopReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); + userStopReq.setParameter("pendingid", pendingReqId); + userStopReq.setParameter(EaafConstants.PARAM_HTTP_STOP_PROCESS, "true"); + + MockHttpServletResponse finalizeResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(userStopReq, finalizeResp)); + + // send user-stop request + signal.performGenericAuthenticationProcess(userStopReq, finalizeResp); + + //validate state + Assert.assertEquals("forward to finalization", 302, finalizeResp.getStatus()); + Assert.assertNotNull("missing redirect header", finalizeResp.getHeader("Location")); + Assert.assertTrue("wrong redirect header", finalizeResp.getHeader("Location").startsWith(FINAL_REDIRECT)); + String finalPendingReqId = finalizeResp.getHeader("Location").substring(FINAL_REDIRECT.length()); + Assert.assertFalse("final pendingRequestId", finalPendingReqId.isEmpty()); + + //set-up finalization request + MockHttpServletRequest finalizationReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); + finalizationReq.setParameter("pendingid", finalPendingReqId); + + MockHttpServletResponse saml2Resp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(finalizationReq, saml2Resp)); + + // exexcute finalization step + finalize.finalizeAuthProtocol(finalizationReq, saml2Resp); + + //validate state + Assert.assertEquals("forward to finalization", 200, saml2Resp.getStatus()); + Assert.assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", saml2Resp.getContentType()); + String saml2RespPage = saml2Resp.getContentAsString(); + Assert.assertNotNull("selectionPage is null", saml2RespPage); + Assert.assertFalse("selectionPage is empty", saml2RespPage.isEmpty()); + + //validate SAML2 response + String saml2RespB64 = extractRequestToken(saml2RespPage, + "<input type=\"hidden\" name=\"SAMLResponse\" value=\""); + Assert.assertNotNull("SAML2 response", saml2RespB64); + + StatusResponseType saml2 = (StatusResponseType) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + new ByteArrayInputStream(Base64Utils.decodeFromString(saml2RespB64))); + Assert.assertEquals("SAML2 status", "urn:oasis:names:tc:SAML:2.0:status:Responder", + saml2.getStatus().getStatusCode().getValue()); + Assert.assertEquals("ms-connector status", "1005", + saml2.getStatus().getStatusCode().getStatusCode().getValue()); + + } + + @Test + public void fullSuccessProcess() throws EaafException, Exception { + //start authentication process by sending a SAML2 Authn-Request + MockHttpServletRequest saml2Req = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); + injectSaml2AuthnReq(saml2Req); + MockHttpServletResponse selectCountryResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(saml2Req, selectCountryResp)); + + // send SAML2 AuthnRequest + sProfile.pvpIdpPostRequest(saml2Req, selectCountryResp); + + //check country-selection response + Assert.assertEquals("no country-selection page", 200, selectCountryResp.getStatus()); + Assert.assertEquals("cc-selection page", "text/html;charset=UTF-8", selectCountryResp.getContentType()); + String selectionPage = selectCountryResp.getContentAsString(); + Assert.assertNotNull("selectionPage is null", selectionPage); + Assert.assertFalse("selectionPage is empty", selectionPage.isEmpty()); + + String pendingReqId = extractRequestToken(selectionPage, + "<input type=\"hidden\" name=\"pendingid\" value=\""); + Assert.assertFalse("PendingReqId", pendingReqId.isEmpty()); + + + // set-up country-selection request + MockHttpServletRequest selectCountryReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); + selectCountryReq.setParameter("pendingid", pendingReqId); + selectCountryReq.setParameter("selectedCountry", cc); + + MockHttpServletResponse forwardEidasNodeResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(selectCountryReq, forwardEidasNodeResp)); + + // send country-selection request + signal.performGenericAuthenticationProcess(selectCountryReq, forwardEidasNodeResp); + + //check forward to eIDAS node response + Assert.assertEquals("forward to eIDAS Node", 200, forwardEidasNodeResp.getStatus()); + Assert.assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", forwardEidasNodeResp.getContentType()); + String forwardPage = forwardEidasNodeResp.getContentAsString(); + Assert.assertNotNull("forward to eIDAS Node is null", forwardPage); + Assert.assertFalse("forward to eIDAS Node is empty", forwardPage.isEmpty()); + + String eidasNodeReqToken = extractRequestToken(forwardPage, + "<input type=\"hidden\" name=\"token\" value=\""); + Assert.assertFalse("eidas req. token", eidasNodeReqToken.isEmpty()); + + //check eIDAS node request and build respose + String eidasRespToken = validateEidasNodeRequestAndBuildResponse(eidasNodeReqToken); + Assert.assertFalse("eidas resp. token", eidasRespToken.isEmpty()); + + + // set-up eIDAS-node response + MockHttpServletRequest eidasNodeRespReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); + eidasNodeRespReq.setParameter("token", eidasRespToken); + + MockHttpServletResponse finalizeResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(eidasNodeRespReq, finalizeResp)); + + injectSzrResponse(); + + //excute eIDAS node response + eidasSignal.restoreEidasAuthProcess(eidasNodeRespReq, finalizeResp); + + //validate state + Assert.assertEquals("forward to finalization", 302, finalizeResp.getStatus()); + Assert.assertNotNull("missing redirect header", finalizeResp.getHeader("Location")); + Assert.assertTrue("wrong redirect header", finalizeResp.getHeader("Location").startsWith(FINAL_REDIRECT)); + String finalPendingReqId = finalizeResp.getHeader("Location").substring(FINAL_REDIRECT.length()); + Assert.assertFalse("final pendingRequestId", finalPendingReqId.isEmpty()); + + + //set-up finalization request + MockHttpServletRequest finalizationReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); + finalizationReq.setParameter("pendingid", finalPendingReqId); + + MockHttpServletResponse saml2Resp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(finalizationReq, saml2Resp)); + + // exexcute finalization step + finalize.finalizeAuthProtocol(finalizationReq, saml2Resp); + + //validate state + Assert.assertEquals("forward to finalization", 200, saml2Resp.getStatus()); + Assert.assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", saml2Resp.getContentType()); + String saml2RespPage = saml2Resp.getContentAsString(); + Assert.assertNotNull("selectionPage is null", saml2RespPage); + Assert.assertFalse("selectionPage is empty", saml2RespPage.isEmpty()); + + //validate SAML2 response + String saml2RespB64 = extractRequestToken(saml2RespPage, + "<input type=\"hidden\" name=\"SAMLResponse\" value=\""); + Assert.assertNotNull("SAML2 response", saml2RespB64); + + StatusResponseType saml2 = (StatusResponseType) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + new ByteArrayInputStream(Base64Utils.decodeFromString(saml2RespB64))); + Assert.assertEquals("SAML2 status", Constants.SUCCESS_URI, saml2.getStatus().getStatusCode().getValue()); + + final AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(saml2); + Assert.assertEquals("wrong resp attr. size", 6, extractor.getAllIncludeAttributeNames().size()); + Assert.assertEquals("Wrong attr: LoA ", "http://eidas.europa.eu/LoA/high", + extractor.getSingleAttributeValue("urn:oid:1.2.40.0.10.2.1.1.261.108")); + Assert.assertEquals("Wrong attr: PVP_VERSION ", "2.2", + extractor.getSingleAttributeValue("urn:oid:1.2.40.0.10.2.1.1.261.10")); + Assert.assertEquals("Wrong attr: EID_ISSUER_NATION ", cc, + extractor.getSingleAttributeValue("urn:oid:1.2.40.0.10.2.1.1.261.32")); + Assert.assertEquals("Wrong attr: eidasBind", eidasBind, + extractor.getSingleAttributeValue("urn:eidgvat:attributes.eidbind")); + Assert.assertNotNull("Wrong attr: authBlock", + extractor.getSingleAttributeValue("urn:eidgvat:attributes.authblock.signed")); + Assert.assertNotNull("Wrong attr: piiTras.Id ", + extractor.getSingleAttributeValue("urn:eidgvat:attributes.piiTransactionId")); + + } + + private void injectSzrResponse() throws Exception { + + when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(vsz); + val signContentResp = new SignContentResponseType(); + final SignContentEntry signContentEntry = new SignContentEntry(); + signContentEntry.setValue(eidasBind); + signContentResp.getOut().add(signContentEntry); + when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp); + + } + + private String validateEidasNodeRequestAndBuildResponse(String eidasNodeReqToken) + throws SpecificCommunicationException, URISyntaxException { + final SpecificCommunicationService springManagedSpecificConnectorCommunicationService = + (SpecificCommunicationService) wac.getBean( + SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString()); + + //read request and validate basic properties + ILightRequest req = springManagedSpecificConnectorCommunicationService.getAndRemoveRequest(eidasNodeReqToken, + attrRegistry.getCoreAttributeRegistry().getAttributes()); + + Assert.assertNotNull("eIDAS Node req", req); + Assert.assertEquals("Wrong CC", cc, req.getCitizenCountryCode()); + Assert.assertEquals("Wrong CC", EaafConstants.EIDAS_LOA_SUBSTANTIAL, req.getLevelOfAssurance()); + + + //set response from eIDAS node + BinaryLightToken respoToken = springManagedSpecificConnectorCommunicationService.putResponse( + buildDummyAuthResponse(Constants.SUCCESS_URI, req.getId())); + return Base64Utils.encodeToString(respoToken.getTokenBytes()); + + } + + private AuthenticationResponse buildDummyAuthResponse(String statusCode, String reqId) throws URISyntaxException { + final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); + final AttributeDefinition attributeDef2 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_CURRENTFAMILYNAME).first(); + final AttributeDefinition attributeDef3 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_CURRENTGIVENNAME).first(); + final AttributeDefinition attributeDef4 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_DATEOFBIRTH).first(); + + final ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder() + .put(attributeDef, personalId) + .put(attributeDef2, familyName) + .put(attributeDef3, givenName) + .put(attributeDef4, dateOfBirth).build(); + + val b = new AuthenticationResponse.Builder(); + return b.id("_".concat(Random.nextHexRandom16())) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .subject(RandomStringUtils.randomAlphabetic(10)) + .statusCode(statusCode) + .inResponseTo(reqId) + .subjectNameIdFormat("afaf") + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .attributes(attributeMap) + .build(); + + } + + private String extractRequestToken(String selectionPage, String selector) { + int start = selectionPage.indexOf(selector); + Assert.assertTrue("find no pendingReqId location start", start > 0); + int end = selectionPage.indexOf("\"", start + selector.length()); + Assert.assertTrue("find no pendingReqId location end", end > 0); + return selectionPage.substring(start + selector.length(), end); + + } + + private void injectSaml2AuthnReq(MockHttpServletRequest saml2Req) throws XMLParserException, UnmarshallingException, + SamlSigningException, CredentialsNotAvailableException, UnsupportedEncodingException, TransformerException, + IOException, MarshallingException, ComponentInitializationException { + final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + Pvp2SProfileEndPointTest.class.getResourceAsStream("/data/pvp2_authn_1.xml")); + authnReq.setIssueInstant(DateTime.now()); + RequestAbstractType signedAuthnReq = + Saml2Utils.signSamlObject(authnReq, credentialProvider.getMessageSigningCredential(), true); + String b64 = Base64Utils.encodeToString(DomUtils.serializeNode( + XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8")); + saml2Req.setParameter("SAMLRequest", b64); + + final org.springframework.core.io.Resource resource = resourceLoader.getResource( + "classpath:/data/metadata_valid_without_encryption.xml"); + Timer timer = new Timer("PVP metadata-resolver refresh"); + ResourceBackedMetadataResolver fileSystemResolver = + new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource)); + fileSystemResolver.setId("test"); + fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool()); + fileSystemResolver.initialize(); + metadataProvider.addMetadataResolverIntoChain(fileSystemResolver); + + } +} diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java index 66147971..5fd39383 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java @@ -81,7 +81,7 @@ public class MainClassExecutableModeTest { @Test - public void validConfigLocation() throws ClientProtocolException, IOException { + public void validConfigLocation() throws Throwable { SpringBootApplicationInitializer .main(new String[] { "--spring.config.location=src/test/resources/config/junit_config_1_springboot.properties,classpath:/application.properties", diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java index 265edfb6..ae0a45db 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java @@ -72,7 +72,7 @@ public class MainClassWebAppModeTest { } @Test - public void wrongConfigLocation() { + public void wrongConfigLocation() throws Throwable { //MS-specific connector property final String current = new java.io.File(".").toURI().toString(); System.setProperty("eidas.ms.configuration", current @@ -93,7 +93,7 @@ public class MainClassWebAppModeTest { @Test - public void systemdConfigLocation() throws ClientProtocolException, IOException { + public void systemdConfigLocation() throws Throwable { //MS-specific connector property final String current = new java.io.File(".").toURI().toString(); System.setProperty("eidas.ms.configuration", current diff --git a/connector/src/test/resources/config/junit_config_1_springboot.properties b/connector/src/test/resources/config/junit_config_1_springboot.properties index 7257df9b..ecb22dec 100644 --- a/connector/src/test/resources/config/junit_config_1_springboot.properties +++ b/connector/src/test/resources/config/junit_config_1_springboot.properties @@ -19,7 +19,7 @@ eidas.ms.monitoring.eIDASNode.metadata.url= eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret ## eIDAS Ref. Implementation connector ### -eidas.ms.auth.eIDAS.node_v2.forward.endpoint= +eidas.ms.auth.eIDAS.node_v2.forward.endpoint=http://eidas.node/junit eidas.ms.auth.eIDAS.szrclient.useTestService=true eidas.ms.auth.eIDAS.szrclient.endpoint.prod= @@ -40,7 +40,7 @@ eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s #Raw eIDAS Id data storage eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true -eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=true +eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false @@ -66,6 +66,8 @@ eidas.ms.sp.0.uniqueID=https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/met eidas.ms.sp.0.pvp2.metadata.truststore=keys/junit.jks eidas.ms.sp.0.pvp2.metadata.truststore.password=password eidas.ms.sp.0.friendlyName=jUnit test +eidas.ms.sp.0.newEidMode=true + #eidas.ms.sp.0.pvp2.metadata.url= #eidas.ms.sp.0.policy.allowed.requested.targets=.* #eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false diff --git a/connector/src/test/resources/data/metadata_valid_without_encryption.xml b/connector/src/test/resources/data/metadata_valid_without_encryption.xml new file mode 100644 index 00000000..b224c336 --- /dev/null +++ b/connector/src/test/resources/data/metadata_valid_without_encryption.xml @@ -0,0 +1,88 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_b67c160c0ad7b4ebd430581df167ac23" entityID="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata"> + <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:SignedInfo> + <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <ds:Reference URI="#_b67c160c0ad7b4ebd430581df167ac23"> + <ds:Transforms> + <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + </ds:Transforms> + <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <ds:DigestValue>00SaL0XjeknOb/DttutP50lTyAux1jaRPJIVdSupWvU=</ds:DigestValue> + </ds:Reference> + </ds:SignedInfo> + <ds:SignatureValue>PfEBmLMX/ZgL6ViXghyWtal5MaMoW8k3zjw+54+WK1OAtVsVgOsIDRJE0M/a/VXBbMSifgY6J1gN23xhr61jkrjRQEkbDzLpWZLzWAJ65YqqUQo8wsKI2Gz0j12yY5D8/GOamKOH9KDi5ba1veXR/fnxRINoy7nZo4tcUWZChdl8BWkMN5ugr6dORNIQg/Ym3GabQ/hR5z+9FmveAKphdH63MC6qW3EgM9EMvOVkrLBTP92sNMAAJeaawui9tlxi9anVQ0OqwZsgKLvI7fyV4CM/0sd/ELjeReIlWlHk07Nz4eltMq3eOx3q1YurYvhE8XapHiQMehOtCS+Fzh10sw==</ds:SignatureValue> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH +SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W +ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w +CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ +RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq +UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ +M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F +Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt +1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq +nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC +VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq +itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc +2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O +fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy +4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </ds:Signature> + <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:X509Data> + <ds:X509Certificate>MIIBbTCCARKgAwIBAgIEXjF+qTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJBVDEN +MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw +HhcNMjAwMTI5MTI0NjMzWhcNMjcwMTI4MTI0NjMzWjA+MQswCQYDVQQGEwJBVDEN +MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASRt7gZRrr4rSEE7Q922oKQJF+mlkwC +LZnv8ZzHtH54s4VdyQFIBjQF1PPf9PTn+5tid8QJehZPndcoeD7J8fPJMAoGCCqG +SM49BAMCA0kAMEYCIQDFUO0owvqMVRO2FmD+vb8mqJBpWCE6Cl5pEHaygTa5LwIh +ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/post" index="0" isDefault="true"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/redirect" index="1"/> + <md:AttributeConsumingService index="0" isDefault="true"> + <md:ServiceName xml:lang="en">Default Service</md:ServiceName> + <md:RequestedAttribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> + <md:RequestedAttribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> + <md:RequestedAttribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> + <md:RequestedAttribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.76" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> + <md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-FULL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.84" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> + <md:RequestedAttribute FriendlyName="MANDATE-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.68" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> + <md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN" Name="urn:oid:1.2.40.0.10.2.1.1.261.100" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> + <md:RequestedAttribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> + <md:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> + <md:RequestedAttribute FriendlyName="MANDATE-TYPE-OID" Name="urn:oid:1.2.40.0.10.2.1.1.261.106" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> + <md:RequestedAttribute FriendlyName="EID-IDENTITY-LINK" Name="urn:oid:1.2.40.0.10.2.1.1.261.38" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> + <md:RequestedAttribute FriendlyName="EID-CITIZEN-QAA-EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="userAuthBlock" Name="urn:eidgvat:attributes.authblock.signed" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> + <md:RequestedAttribute FriendlyName="eidBind" Name="urn:eidgvat:attributes.eidbind" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> + <md:RequestedAttribute FriendlyName="piiTransactionId" Name="urn:eidgvat:attributes.piiTransactionId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> + </md:AttributeConsumingService> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="de">EGIZ</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="de">E-Government Innovationszentrum</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="de">http://www.egiz.gv.at</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="technical"> + <md:Company>E-Government Innovationszentrum</md:Company> + <md:GivenName>Lenz</md:GivenName> + <md:SurName>Thomas</md:SurName> + <md:EmailAddress>thomas.lenz@egiz.gv.at</md:EmailAddress> + <md:TelephoneNumber>+43 316 873 5525</md:TelephoneNumber> + </md:ContactPerson> +</md:EntityDescriptor> |