diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src')
8 files changed, 456 insertions, 92 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java index a3d28304..9d213109 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java @@ -139,7 +139,6 @@ public class SZRClient { //build response log.trace(new String(szrResponse)); - log.trace("Signature successfully created. Extracting from MOA-SS container."); // ok, we have success Document doc = DOMUtils.parseDocument( @@ -162,10 +161,7 @@ public class SZRClient { idl.setPersonInfo(jaxbElement.getGetIdentityLinkReturn().getPersonInfo()); return idl; - - - //IdentityLinkType idlResp = this.szr.getIdentityLink(personInfo, keyValue, insertERnP); - + } catch ( Exception e) { log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); throw new SZRCommunicationException("ernb.02", new Object[] {e.getMessage()}, e); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java index ea5ec25f..b38c3678 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java @@ -50,7 +50,7 @@ import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry; import at.gv.egiz.eaaf.core.api.data.EAAFConstants; -import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.gui.ISpringMVCGUIFormBuilder; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -82,7 +82,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { @Autowired eIDASAttributeRegistry attrRegistry; @Autowired ApplicationContext context; @Autowired ITransactionStorage transactionStore; - @Autowired IGUIFormBuilder guiBuilder; + @Autowired ISpringMVCGUIFormBuilder guiBuilder; @Override public void execute(ExecutionContext executionContext, @@ -181,7 +181,10 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { authnRequestBuilder.citizenCountryCode(citizenCountryCode); //set relay state - authnRequestBuilder.relayState(pendingReq.getPendingRequestId()); + /*TODO: SecureToken PendingRequestId generates a validation exception in eIDASNode because + * eIDASNode implements limit on size for RelayState (80characaters) + */ + //authnRequestBuilder.relayState(pendingReq.getPendingRequestId()); //build and add requested attribute set ImmutableAttributeMap reqAttrMap = translateToEidasAttributes(attrRegistry.getAttributeSetFromConfiguration()); @@ -242,7 +245,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE, tokenBase64); - guiBuilder.build(request, response, config, "BKU-Selection form"); + guiBuilder.build(request, response, config, "Forward to eIDASNode form"); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/templates/eidas_node_forward.html b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/templates/eidas_node_forward.html index 85e1d18f..186937d7 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/templates/eidas_node_forward.html +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/templates/eidas_node_forward.html @@ -1,7 +1,11 @@ <!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> +<html xmlns:th="http://www.thymeleaf.org" + xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout" + layout:decorator="fragments/base" + th:with="lang=${#locale.language}" th:lang="${lang}"> <head> - <script src="$contextPath/autocommit.js"></script> + <script src="$contextPath/autocommit.js" + th:attr="src=@{/autocommit.js}"></script> </head> <body> <noscript> @@ -14,9 +18,11 @@ <div id="alert">Your login is being processed. Thank you for waiting.</div> - <form action="${endPoint}" method="post" target="_parent"> + <form action="${endPoint}" method="post" target="_parent" + th:attr="action=@{${endPoint}}"> <div> - <input type="hidden" name="${tokenName}" value="${tokenValue}" /> + <input type="hidden" name="${tokenName}" value="${tokenValue}" + th:attr="value=${tokenValue},name=${tokenName}" /> </div> <noscript> <div> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/SZRClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/SZRClientTest.java index efc3862a..7ae30845 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/SZRClientTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/SZRClientTest.java @@ -22,14 +22,27 @@ *******************************************************************************/ package at.asitplus.test.eidas.specific.modules.authmodule_eIDASv2; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.when; + import java.io.IOException; import java.security.InvalidKeyException; import java.security.MessageDigest; import java.security.NoSuchProviderException; import java.util.List; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.ws.soap.SOAPFaultException; + import org.apache.commons.lang3.StringUtils; +import org.apache.cxf.binding.soap.SoapFault; +import org.junit.Assert; +import org.junit.BeforeClass; import org.junit.Ignore; +import org.junit.Rule; import org.junit.Test; import org.junit.runner.RunWith; import org.slf4j.Logger; @@ -40,6 +53,9 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.util.Base64Utils; import org.w3._2000._09.xmldsig.KeyValueType; import org.w3c.dom.Element; +import org.xml.sax.SAXException; + +import com.skjolberg.mockito.soap.SoapServiceRule; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.SZRCommunicationException; @@ -54,8 +70,11 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EAAFParserException; import at.gv.egiz.eaaf.core.impl.data.Trible; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import szrservices.GetIdentityLinkEidasResponse; import szrservices.IdentityLinkType; import szrservices.PersonInfoType; +import szrservices.SZR; import szrservices.SZRException_Exception; import szrservices.TravelDocumentType; @@ -78,74 +97,72 @@ public class SZRClientTest { private static final String DUMMY_TARGET = EAAFConstants.URN_PREFIX_CDID + "ZP"; - @Test - public void dummyTest() { - - } - - - /* - * getIdentityLink without RAW mode does not contain a valid signature - */ - //@Test -// public void getIdentityLink() throws SZRException_Exception, EAAFParserException, NoSuchProviderException, IOException, InvalidKeyException, eIDASAuthenticationException { -// log.debug("Starting connecting SZR Gateway"); -// IdentityLinkType result = szrClient.getIdentityLink( -// getPersonInfo(), -// dummyCodeForKeys(), -// basicConfig.getBasicMOAIDConfigurationBoolean( -// Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_INSERTERNB, -// true) -// ); -// -// Element idlFromSZR = (Element)result.getAssertion(); -// IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSZR).parseIdentityLink(); -// if (identityLink == null) -// throw new SZRCommunicationException("ernb.00", new Object[] {"bPK is null or empty"}); -// -// } + @BeforeClass + public static void classInitializer() throws IOException { + final String current = new java.io.File( "." ).toURI().toString(); + System.setProperty("eidas.ms.configuration", current + "../../basicConfig/default_config.properties"); + + } - @Test - @Ignore - public void getIdentityLinkRawMode() throws SZRException_Exception, EAAFParserException, NoSuchProviderException, IOException, InvalidKeyException, eIDASAuthenticationException { - log.debug("Starting connecting SZR Gateway"); - IdentityLinkType result = szrClient.getIdentityLinkInRawMode( - getPersonInfo()); - - Element idlFromSZR = (Element)result.getAssertion(); - IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSZR).parseIdentityLink(); - - if (identityLink == null) - throw new SZRCommunicationException("ernb.00", new Object[] {"NO IDL object"}); - - System.out.println(identityLink.getSerializedSamlAssertion()); - - if (StringUtils.isEmpty(identityLink.getFamilyName())) - throw new SZRCommunicationException("ernb.00", new Object[] {"NO FamilyName from IDL"}); - - if (StringUtils.isEmpty(identityLink.getGivenName())) - throw new SZRCommunicationException("ernb.00", new Object[] {"NO GivenName from IDL"}); - - if (StringUtils.isEmpty(identityLink.getDateOfBirth())) - throw new SZRCommunicationException("ernb.00", new Object[] {"NO DateOfBirthName from IDL"}); - - if (StringUtils.isEmpty(identityLink.getIdentificationType())) - throw new SZRCommunicationException("ernb.00", new Object[] {"NO baseIdType from IDL"}); + @Rule + public SoapServiceRule soap = SoapServiceRule.newInstance(); - if (StringUtils.isEmpty(identityLink.getIdentificationValue())) - throw new SZRCommunicationException("ernb.00", new Object[] {"NO baseId from IDL"}); - - if (StringUtils.isEmpty(identityLink.getSerializedSamlAssertion())) - throw new SZRCommunicationException("ernb.00", new Object[] {"NO serialized IDL"}); - - if (identityLink.getSamlAssertion() == null ) - throw new SZRCommunicationException("ernb.00", new Object[] {"NO raw IDL"}); + @Test + public void getIdentityLinkRawModeValidResponse() throws SZRException_Exception, EAAFParserException, NoSuchProviderException, IOException, InvalidKeyException, eIDASAuthenticationException, JAXBException { + setSZRResponseIdentityLink("/data/szr/szr_resp_valid_1.xml", "http://localhost:1234/demoszr"); + try { + log.debug("Starting connecting SZR Gateway"); + IdentityLinkType result = szrClient.getIdentityLinkInRawMode( + getPersonInfo()); - + Assert.assertNotNull(result); + Assert.assertNotNull(result.getAssertion()); + + IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser((Element)result.getAssertion()).parseIdentityLink(); + Assert.assertNotNull(identityLink); + + System.out.println(identityLink.getSerializedSamlAssertion()); + + checkElement("Mustermann", identityLink.getFamilyName()); + checkElement("Hans", identityLink.getGivenName()); + checkElement("1989-05-05", identityLink.getDateOfBirth()); + checkElement("urn:publicid:gv.at:baseid", identityLink.getIdentificationType()); + checkElement("k+zDM1BVpN1WJO4x7ZQ3ng==", identityLink.getIdentificationValue()); + Assert.assertNotNull(identityLink.getSerializedSamlAssertion()); + Assert.assertNotNull(identityLink.getSamlAssertion()); + + } catch (SZRCommunicationException e) { + Assert.fail(); + + } + } -// @Test + @Test + public void getIdentityLinkRawModeErrorTravelerDocExists() throws SZRException_Exception, EAAFParserException, NoSuchProviderException, IOException, InvalidKeyException, eIDASAuthenticationException, JAXBException, ParserConfigurationException, SAXException { + setSZRExceptionIdentityLink("/data/szr/szr_resp_error_travelerdocexists.xml", "http://localhost:1234/demoszr"); + + try { + log.debug("Starting connecting SZR Gateway"); + IdentityLinkType result = szrClient.getIdentityLinkInRawMode( + getPersonInfo()); + Assert.fail(); + + } catch (SZRCommunicationException e) { + checkElement("ernb.02", e.getErrorId()); + Assert.assertNotNull(e.getCause()); + org.springframework.util.Assert.isInstanceOf(SOAPFaultException.class, e.getCause()); + Assert.assertNotNull(((SOAPFaultException)e.getCause()).getFault()); + checkElement("p344:F455", ((SOAPFaultException)e.getCause()).getFault().getFaultCode()); + checkElement("The travel document you sent to insert a person already exists for another person. Either check the document or have the person altered accordingly", ((SOAPFaultException)e.getCause()).getFault().getFaultString()); + + } + + } + + @Ignore + @Test public void getbPKTest() throws SZRException_Exception, eIDASAuthenticationException { String bPK = szrClient.getBPK(getPersonInfo(), DUMMY_TARGET, basicConfig.getBasicConfiguration( @@ -158,6 +175,39 @@ public class SZRClientTest { } + private void checkElement(String expected, String value) { + Assert.assertNotNull(value); + Assert.assertEquals(expected, value); + + } + + + private void setSZRResponseIdentityLink(String responseXmlPath, String serviceURL) throws JAXBException, SZRException_Exception { + final SZR szrServiceMock = soap.mock(SZR.class, serviceURL); + final JAXBContext jaxbContext = JAXBContext.newInstance( + szrservices.ObjectFactory.class, + org.xmlsoap.schemas.ws._2002._04.secext.ObjectFactory.class, + org.w3._2001._04.xmldsig_more.ObjectFactory.class, + org.w3._2000._09.xmldsig.ObjectFactory.class, + at.gv.egov.pvp1.ObjectFactory.class, + at.gv.e_government.reference.namespace.persondata._20020228.ObjectFactory.class); + final Unmarshaller jaxbUnmarshaller = jaxbContext.createUnmarshaller(); + final GetIdentityLinkEidasResponse szrResponse= (GetIdentityLinkEidasResponse) jaxbUnmarshaller.unmarshal(this.getClass().getResourceAsStream(responseXmlPath)); + when(szrServiceMock.getIdentityLinkEidas(any(PersonInfoType.class))).thenReturn(szrResponse.getGetIdentityLinkReturn()); + + } + + private void setSZRExceptionIdentityLink(String responseXmlPath, String serviceURL) throws JAXBException,ParserConfigurationException, SAXException, IOException, SZRException_Exception { + final SZR szrServiceMock = soap.mock(SZR.class, serviceURL); + final Element detailerror = DOMUtils.parseXmlNonValidating(this.getClass().getResourceAsStream(responseXmlPath)); + final javax.xml.namespace.QName qName = new javax.xml.namespace.QName("urn:SZRServices","F455", "p344"); + final SoapFault fault = new SoapFault("The travel document you sent to insert a person already exists for another person. Either check the document or have the person altered accordingly", qName); + fault.setRole("urn:SZRServices"); + fault.setDetail(detailerror); + when(szrServiceMock.getIdentityLinkEidas(any(PersonInfoType.class))).thenThrow(fault); + + } + private String createHashFromUniqueId(String uniqueId) throws eIDASAuthenticationException { try { MessageDigest md = MessageDigest.getInstance("SHA-256"); @@ -236,4 +286,25 @@ public class SZRClientTest { return null; } + + /* + * getIdentityLink without RAW mode does not contain a valid signature + */ + //@Test +// public void getIdentityLink() throws SZRException_Exception, EAAFParserException, NoSuchProviderException, IOException, InvalidKeyException, eIDASAuthenticationException { +// log.debug("Starting connecting SZR Gateway"); +// IdentityLinkType result = szrClient.getIdentityLink( +// getPersonInfo(), +// dummyCodeForKeys(), +// basicConfig.getBasicMOAIDConfigurationBoolean( +// Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_INSERTERNB, +// true) +// ); +// +// Element idlFromSZR = (Element)result.getAssertion(); +// IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSZR).parseIdentityLink(); +// if (identityLink == null) +// throw new SZRCommunicationException("ernb.00", new Object[] {"bPK is null or empty"}); +// +// } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/SZRClientTestProduction.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/SZRClientTestProduction.java new file mode 100644 index 00000000..db4f2417 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/SZRClientTestProduction.java @@ -0,0 +1,240 @@ +/******************************************************************************* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.asitplus.test.eidas.specific.modules.authmodule_eIDASv2; + +import java.io.IOException; +import java.security.InvalidKeyException; +import java.security.MessageDigest; +import java.security.NoSuchProviderException; +import java.util.List; + +import org.apache.commons.lang3.StringUtils; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.util.Base64Utils; +import org.w3._2000._09.xmldsig.KeyValueType; +import org.w3c.dom.Element; + +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.SZRCommunicationException; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils; +import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; +import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFParserException; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; +import szrservices.IdentityLinkType; +import szrservices.PersonInfoType; +import szrservices.SZRException_Exception; +import szrservices.TravelDocumentType; + +@Ignore +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_basic_test.xml") +public class SZRClientTestProduction { + private static final Logger log = LoggerFactory.getLogger(SZRClientTestProduction.class); + + @Autowired SZRClient szrClient; + @Autowired IConfiguration basicConfig; + + private static final String givenName = "Franz"; + private static final String familyName = "Mustermann"; + //private static final String dateOfBirth = "1989-05-05"; + private static final String dateOfBirth = "1989-05-04"; + private static final String eIDASeID = "IS/AT/1234sdgsdfg56789ABCDEF"; + + //Dummy public RSA Key + private static final String PUBKEY_EXPONENT = "AQAB"; + private static final String PUBKEY_MODULUS = "AJZyj/+sdCMDRq9RkvbFcgSTVn/OfS8EUE81ddwP8MNuJ1kd1SWBUJPaQX2JLJHrL54mkOhrkhH2M/zcuOTu8nW9TOEgXGjrRB/0HpiYKpV+VDJViyyc/GacNLxN4Anw4pima6gHYaJIw9hQkL/nuO2hyh8PGJd7rxeFXJmbLy+X"; + + private static final String DUMMY_TARGET = EAAFConstants.URN_PREFIX_CDID + "ZP"; + + @Test + public void dummyTest() { + + } + + + /* + * getIdentityLink without RAW mode does not contain a valid signature + */ + //@Test +// public void getIdentityLink() throws SZRException_Exception, EAAFParserException, NoSuchProviderException, IOException, InvalidKeyException, eIDASAuthenticationException { +// log.debug("Starting connecting SZR Gateway"); +// IdentityLinkType result = szrClient.getIdentityLink( +// getPersonInfo(), +// dummyCodeForKeys(), +// basicConfig.getBasicMOAIDConfigurationBoolean( +// Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_INSERTERNB, +// true) +// ); +// +// Element idlFromSZR = (Element)result.getAssertion(); +// IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSZR).parseIdentityLink(); +// if (identityLink == null) +// throw new SZRCommunicationException("ernb.00", new Object[] {"bPK is null or empty"}); +// +// } + + @Test + public void getIdentityLinkRawMode() throws SZRException_Exception, EAAFParserException, NoSuchProviderException, IOException, InvalidKeyException, eIDASAuthenticationException { + log.debug("Starting connecting SZR Gateway"); + IdentityLinkType result = szrClient.getIdentityLinkInRawMode( + getPersonInfo()); + + Element idlFromSZR = (Element)result.getAssertion(); + IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSZR).parseIdentityLink(); + + if (identityLink == null) + throw new SZRCommunicationException("ernb.00", new Object[] {"NO IDL object"}); + + System.out.println(identityLink.getSerializedSamlAssertion()); + + if (StringUtils.isEmpty(identityLink.getFamilyName())) + throw new SZRCommunicationException("ernb.00", new Object[] {"NO FamilyName from IDL"}); + + if (StringUtils.isEmpty(identityLink.getGivenName())) + throw new SZRCommunicationException("ernb.00", new Object[] {"NO GivenName from IDL"}); + + if (StringUtils.isEmpty(identityLink.getDateOfBirth())) + throw new SZRCommunicationException("ernb.00", new Object[] {"NO DateOfBirthName from IDL"}); + + if (StringUtils.isEmpty(identityLink.getIdentificationType())) + throw new SZRCommunicationException("ernb.00", new Object[] {"NO baseIdType from IDL"}); + + if (StringUtils.isEmpty(identityLink.getIdentificationValue())) + throw new SZRCommunicationException("ernb.00", new Object[] {"NO baseId from IDL"}); + + if (StringUtils.isEmpty(identityLink.getSerializedSamlAssertion())) + throw new SZRCommunicationException("ernb.00", new Object[] {"NO serialized IDL"}); + + if (identityLink.getSamlAssertion() == null ) + throw new SZRCommunicationException("ernb.00", new Object[] {"NO raw IDL"}); + + + + } + +// @Test + public void getbPKTest() throws SZRException_Exception, eIDASAuthenticationException { + String bPK = szrClient.getBPK(getPersonInfo(), DUMMY_TARGET, + basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, + "no VKZ defined")); + + if (StringUtils.isEmpty(bPK)) + throw new SZRCommunicationException("ernb.01", new Object[] {"bPK is null or empty"}); + + + } + + private String createHashFromUniqueId(String uniqueId) throws eIDASAuthenticationException { + try { + MessageDigest md = MessageDigest.getInstance("SHA-256"); + byte[] hash = md.digest(uniqueId.getBytes("UTF-8")); + String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", ""); + return hashBase64; + + } catch (Exception ex) { + throw new eIDASAuthenticationException("internal.03", new Object[]{}, ex); + + } + } + + private PersonInfoType getPersonInfo() throws eIDASAuthenticationException { + PersonInfoType personInfo = new PersonInfoType(); + PersonNameType personName = new PersonNameType(); + PhysicalPersonType naturalPerson = new PhysicalPersonType(); + TravelDocumentType eDocument = new TravelDocumentType(); + + naturalPerson.setName(personName ); + personInfo.setPerson(naturalPerson ); + personInfo.setTravelDocument(eDocument ); + + //parse some eID attributes + Trible<String, String, String> eIdentifier = + eIDASResponseUtils.parseEidasPersonalIdentifier((String)eIDASeID); + String uniqueId = createHashFromUniqueId(eIdentifier.getThird()); + String citizenCountry = eIdentifier.getFirst(); + + //person information + personName.setFamilyName((String)familyName); + personName.setGivenName((String)givenName); + naturalPerson.setDateOfBirth(dateOfBirth); + eDocument.setIssuingCountry(citizenCountry); + eDocument.setDocumentNumber(uniqueId); + + //eID document information + eDocument.setDocumentType(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, + Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE)); + + //TODO: that should be removed +// eDocument.setIssueDate(basicConfig.getBasicConfiguration( +// Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE)); +// eDocument.setIssuingAuthority(basicConfig.getBasicConfiguration( +// Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY)); + + return personInfo; + } + + + private List<KeyValueType> dummyCodeForKeys() throws IOException, NoSuchProviderException, InvalidKeyException { +// if (basicConfig.getBasicMOAIDConfigurationBoolean( +// Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_KEYS_USEDUMMY, +// false)) { +// List<KeyValueType> keyvalueList = new ArrayList<KeyValueType>(); +// try { +// // set key values +// RSAKeyValueType rsa = new RSAKeyValueType(); +// rsa.setExponent(PUBKEY_EXPONENT); +// rsa.setModulus(PUBKEY_MODULUS); +// +// KeyValueType key = new KeyValueType(); +// key.setRSAKeyValue(rsa); +// keyvalueList.add(key); +// +// return keyvalueList; +// } catch (Exception e) { +// log.error("TestCode has an internal ERROR", e); +// throw e; +// +// } +// +// } + + return null; + + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASAttributePostProcessingTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASAttributePostProcessingTest.java index cd7895ba..df2920cb 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASAttributePostProcessingTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASAttributePostProcessingTest.java @@ -24,7 +24,7 @@ package at.asitplus.test.eidas.specific.modules.authmodule_eIDASv2; import static org.junit.Assert.fail; -import java.io.File; +import java.io.IOException; import java.text.SimpleDateFormat; import java.util.HashMap; import java.util.Map; @@ -44,18 +44,6 @@ import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.EIDPostProc @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration("/SpringTest-context_basic_test.xml") public class eIDASAttributePostProcessingTest { - - @BeforeClass - public static void classInitializer() throws Exception { - final String currentDir = new java.io.File( "." ).getCanonicalPath(); - File configFile = new java.io.File(currentDir + "./../../basicConfig/default_config.properties"); - if (!configFile.exists()) { - throw new Exception("Default Configuration not found. Test will will be FAIL"); - - } - System.setProperty("eidas.ms.configuration", configFile.toURI().toASCIIString()); - - } @Autowired private EIDPostProcessingService postProcessor; @@ -115,10 +103,14 @@ public class eIDASAttributePostProcessingTest { private static final String P2_PLACEOFBIRTH = "Nirgendwo"; private static final String P2_BIRTHNAME = "Musterkind"; - @Test - public void dummyTest() { - - } + + @BeforeClass + public static void classInitializer() throws IOException { + final String current = new java.io.File( "." ).toURI().toString(); + System.setProperty("eidas.ms.configuration", current + "../../basicConfig/default_config.properties"); + + } + @Test public void DEWithHexLowerCase() throws Exception { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/szr/szr_resp_error_travelerdocexists.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/szr/szr_resp_error_travelerdocexists.xml new file mode 100644 index 00000000..d627ded2 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/szr/szr_resp_error_travelerdocexists.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="UTF-8"?> +<SOAP-ENV:Fault xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> + <faultcode xmlns:p344="urn:SZRServices" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">p344:F455</faultcode> + <faultstring>The travel document you sent to insert a person already exists for another person. Either check the document or have the person altered accordingly</faultstring> + <faultactor>urn:SZRServices</faultactor> +</SOAP-ENV:Fault> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/szr/szr_resp_valid_1.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/szr/szr_resp_valid_1.xml new file mode 100644 index 00000000..c376caef --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/szr/szr_resp_valid_1.xml @@ -0,0 +1,50 @@ +<ns6:GetIdentityLinkEidasResponse xmlns="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:ns2="http://egov.gv.at/pvp1.xsd" xmlns:ns3="http://www.w3.org/2000/09/xmldsig#" xmlns:ns4="http://www.w3.org/2001/04/xmldsig-more#" xmlns:ns5="http://schemas.xmlsoap.org/ws/2002/04/secext" xmlns:ns6="urn:SZRServices"><ns6:GetIdentityLinkReturn><ns6:PersonInfo><ns6:Person><Identification><Value>k+zDM1BVpN1WJO4x7ZQ3ng==</Value><Type>urn:publicid:gv.at:baseid</Type></Identification><Name><GivenName>Franz</GivenName><FamilyName>Mustermann</FamilyName></Name><Sex>unknown</Sex><DateOfBirth>1989-05-05</DateOfBirth></ns6:Person></ns6:PersonInfo><ns6:Assertion><saml:Assertion xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:si="http://www.w3.org/2001/XMLSchema-instance" AssertionID="szr.bmi.gv.at-AssertionID15650069652921" IssueInstant="2019-08-05T14:09:25+01:00" Issuer="http://portal.bmi.gv.at/ref/szr/issuer" MajorVersion="1" MinorVersion="0"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person si:type="pr:PhysicalPersonType"><pr:Identification><pr:Value>k+zDM1BVpN1WJO4x7ZQ3ng==</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type></pr:Identification><pr:Name><pr:GivenName>Hans</pr:GivenName><pr:FamilyName primary="undefined">Mustermann</pr:FamilyName></pr:Name><pr:DateOfBirth>1989-05-05</pr:DateOfBirth></pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + </saml:AttributeStatement> + <dsig:Signature> + <dsig:SignedInfo> + <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> + <dsig:Reference URI=""> + <dsig:Transforms> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> + <dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath> + </dsig:Transform> + <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + </dsig:Transforms> + <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <dsig:DigestValue>GZjlsEXIhUPBSbOR1R8P4dzRJHE=</dsig:DigestValue> + </dsig:Reference> + <dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest"> + <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <dsig:DigestValue>lCnWsFICFg0ogj0Ha7++Y9gyOQg=</dsig:DigestValue> + </dsig:Reference> + </dsig:SignedInfo> + <dsig:SignatureValue> + a6tPfkdriEzAyQh2jU3/4j48baaPnY/i510OHx0vwHRvXLz80UyZzffdmtaRuk3iHVxgUMd9 + Ld0DLsRt6tFJiPLyBCo0QCuqaOwgTcuUI3Ku/oySpqMjqug3AMdrhxW2j41yQlzvkjiZTT4j + zQ9GHFnZnnob0+bBflqIjZOl4xc= + </dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIICTzCCAbigAwIBAgIBADANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhTWlJQRVJTQjAeFw0wNTA3MDEwMDAwMDBaFw00MDEyMzEyMzU5NTlaMBMxETAPBgNVBAMTCFNaUlBFUlNCMIIBHzANBgkqhkiG9w0BAQEFAAOCAQwAMIIBBwKBgQDGNmo9LOohefioGreKU6j6R05jUwHuddziSOQPolmMSXQG6NnnlLQaITv7BEmFj+EBqaOc+891wgZCRvNA2h+fHdJ69QXi/xjCovJI5SHh9jA+ssqhZ68iXOZHPq4WeegtYiYyJaRxWF+iPLqSm+bknS/KuBUcZol9SM3r6CMf0wKBgHytGrIelzc9ZN97VYXLkOJxi4TNSSj3Q/1TIC0s+HSzjbD694Y6ufINpR+IQm5epLTdXx9Dxv19bYnsLEIt0niMd2Cnm1DxXe8iNaDzpWec7fbRT6vDBwtTnyQkGfu2GGF3nSvVZ5AUDbLdAfZLOlbwsZmPnWU1zktSkLgKnT2XozIwMDAuBglghkgBhvhCAQ0EIRMfQ3JlYXRlZCBieSB6L09TIElDU0YgLSBIQ1I3NzgwIDANBgkqhkiG9w0BAQUFAAOBgQBwPc3l/Qf4myH8rsAAM5HqdCR68bMegWgNVxlPNl5DNJEE2hbPhIJ/K6TF6cjROYKDVuQ/+drtsZcrEOaqhqD3qw7MXAiT9GurV99YM/qTBsMy13yjU3LqeFX25Om8JlccGF5G+iHrVjfNQEUocGnGxCAPMlBvGwia4JjJcIPx7Q==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo> + <dsig:Object> + <dsig:Manifest Id="manifest"> + <dsig:Reference URI=""> + <dsig:Transforms> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> + <dsig:XPath>not(ancestor-or-self::dsig:Signature)</dsig:XPath> + </dsig:Transform> + </dsig:Transforms> + <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <dsig:DigestValue>SbpaaSlLolEX5D9P7HyTPnImvns=</dsig:DigestValue> + </dsig:Reference> + </dsig:Manifest> + </dsig:Object> + </dsig:Signature> +</saml:Assertion></ns6:Assertion><ns6:AdditionalInfo>ERN</ns6:AdditionalInfo></ns6:GetIdentityLinkReturn></ns6:GetIdentityLinkEidasResponse>
\ No newline at end of file |