diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src')
4 files changed, 154 insertions, 47 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 3eec12bd..eac62aae 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -156,6 +156,11 @@ public class Constants { // Default values for SZR communication public static final String SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE = "ELEKTR_DOKUMENT"; + // AuthBlock + public static final String SZR_AUTHBLOCK = "AUTHBLOCK"; + public static final String EIDAS_BIND = "EIDAS_BIND"; + + // TODO remove!!! public static final String SZR_CONSTANTS_DEFAULT_ISSUING_DATE = "2014-01-01"; public static final String SZR_CONSTANTS_DEFAULT_ISSUING_AUTHORITY = "ms-specific eIDAS-Node for AT"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index 93813ff5..b141402a 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -32,6 +32,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicati import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils; import at.gv.e_government.reference.namespace.persondata._20020228.AlternativeNameType; import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; @@ -61,6 +62,7 @@ import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; import lombok.extern.slf4j.Slf4j; import lombok.val; import org.apache.commons.lang3.StringUtils; +import org.bouncycastle.jce.PKCS10CertificationRequest; import org.joda.time.DateTime; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -72,8 +74,10 @@ import szrservices.TravelDocumentType; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import java.io.InputStream; +import java.io.*; +import java.security.KeyStore; import java.security.KeyStoreException; +import java.security.Provider; import java.util.Base64; import java.util.HashMap; import java.util.List; @@ -98,6 +102,10 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { @Autowired EaafKeyStoreFactory keyStoreFactory; + Pair<KeyStore, Provider> ks; + private final String KSPASSWORD = "f/+saJBc3a}*/T^s"; + private final String KSALIAS = "connectorkeypair"; + /* * (non-Javadoc) * @@ -114,6 +122,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); final ILightResponse eidasResponse = authProcessData.getGenericDataFromSession( Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); + String eidMode = pendingReq.getServiceProviderConfiguration() + .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old"); + final Map<String, Object> simpleAttrMap = convertEidasAttrToSimpleMap(eidasResponse.getAttributes() .getAttributeMap()); @@ -222,7 +233,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - String eidMode = pendingReq.getServiceProviderConfiguration().getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old"); if (eidMode.equals("new")) { String vsz = szrClient.getEncryptedStammzahl(personInfo); @@ -239,8 +249,10 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { ObjectMapper mapper = new ObjectMapper(); String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier()); -// JoseUtils.createSignature(new Pair<>(ks, ks.getProvider()), "connectorkeypair", passord.chararray(), jwsPayload, false, ); //TODO joseutils kopiern + String jwsSignature = JoseUtils.createSignature(ks, KSALIAS, KSPASSWORD.toCharArray(), jwsPayload, false, KSALIAS);//TODO joseutils kopiern + authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature); + authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, jwsSignature); } else { final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo); @@ -282,44 +294,46 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - if (identityLink == null) { - log.error("ERnB did not return an identity link."); - throw new SzrCommunicationException("ernb.00", null); + if (eidMode.equals("new")) {} + else { + if (identityLink == null) { + log.error("ERnB did not return an identity link."); + throw new SzrCommunicationException("ernb.00", null); - } - revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED, - identityLink.getSamlAssertion().getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID)); + } + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED, + identityLink.getSamlAssertion().getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID)); - if (bpk == null) { - log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration() - .getAreaSpecificTargetIdentifier()); - throw new SzrCommunicationException("ernb.01", null); + if (bpk == null) { + log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration() + .getAreaSpecificTargetIdentifier()); + throw new SzrCommunicationException("ernb.01", null); - } - revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED); - - log.debug("ERnB communication was successfull"); - - authProcessData.setForeigner(true); - authProcessData.setIdentityLink(identityLink); - authProcessData.setGenericDataToSession( - PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, - EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get( - Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst()); - - // set bPK and bPKType into auth session - authProcessData.setGenericDataToSession( - PvpAttributeDefinitions.BPK_NAME, - extendBpkByPrefix( - bpk, - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier())); - authProcessData.setGenericDataToSession( - PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); - - // store pending-request - requestStoreage.storePendingRequest(pendingReq); + } + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED); + + log.debug("ERnB communication was successfull"); + + authProcessData.setForeigner(true); + authProcessData.setIdentityLink(identityLink); + authProcessData.setGenericDataToSession( + PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, + EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get( + Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst()); + + // set bPK and bPKType into auth session + authProcessData.setGenericDataToSession( + PvpAttributeDefinitions.BPK_NAME, + extendBpkByPrefix( + bpk, + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier())); + authProcessData.setGenericDataToSession( + PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + // store pending-request + requestStoreage.storePendingRequest(pendingReq); + } } catch (final EidasAttributeException e) { throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e); @@ -338,12 +352,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { final String current = new java.io.File(".").toURI().toString(); configuration.setSoftKeyStoreFilePath(current + "src/test/resources/keystore/teststore.jks"); - configuration.setSoftKeyStorePassword("f/+saJBc3a}*/T^s"); + configuration.setSoftKeyStorePassword(KSPASSWORD); //TODO from config configuration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.JKS); - configuration.setFriendlyName("connectorkeypair"); - configuration.setKeyStoreName("connectorkeypair"); - val ks = keyStoreFactory.buildNewKeyStore(configuration); - val publicKey = ks.getFirst().getCertificate("connectorkeypair").getPublicKey(); + configuration.setFriendlyName(KSALIAS); + configuration.setKeyStoreName(KSALIAS); + ks = keyStoreFactory.buildNewKeyStore(configuration); + val publicKey = ks.getFirst().getCertificate(KSALIAS).getPublicKey(); return Base64.getEncoder().encodeToString(publicKey.getEncoded()); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java index f674b6b1..028210cb 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java @@ -9,6 +9,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnReque import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService; import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; @@ -16,6 +17,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.controller.tasks.FinalizeAuthenticationTask; import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; @@ -63,9 +65,7 @@ import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; -import szrservices.PersonInfoType; -import szrservices.SZR; -import szrservices.SZRException_Exception; +import szrservices.*; import javax.xml.namespace.QName; import java.io.IOException; @@ -83,13 +83,15 @@ import static org.powermock.api.mockito.PowerMockito.*; //@PowerMockRunnerDelegate(SpringJUnit4ClassRunner.class) @PrepareForTest(CreateIdentityLinkTask.class) @DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS) -@ContextConfiguration("/SpringTest-context_tasks_test.xml") +@ContextConfiguration("/SpringTest-context_tasks_test_2.xml") public class CreateIdentityLinkTaskEidNewTest { @Autowired(required = true) private CreateIdentityLinkTask task; @Autowired(required = true) + private FinalizeAuthenticationTask authTask; + @Autowired(required = true) private DummySpecificCommunicationService commService; @Autowired(required = true) private IConfiguration basicConfig; @@ -142,8 +144,10 @@ public class CreateIdentityLinkTaskEidNewTest { pendingReq.setSpConfig(oaParam); pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); pendingReq.setAuthUrl("http://test.com/"); + pendingReq.setTransactionId("avaasbav"); executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "XX"); + executionContext.put(EaafConstants.PROCESS_ENGINE_REQUIRES_NO_POSTAUTH_REDIRECT, true); szrMock = soap.mock(SZR.class, "http://localhost:1234/demoszr"); } @@ -179,7 +183,7 @@ public class CreateIdentityLinkTaskEidNewTest { .subjectNameIdFormat("afaf").attributes(attributeMap).build(); } - @Test(expected = RuntimeException.class) + @Test public void firstTest() { // keystore password f/+saJBc3a}*/T^s try { @@ -188,10 +192,17 @@ public class CreateIdentityLinkTaskEidNewTest { // SZR szrMock2 = Mockito.mock(SZR.class, Mockito.CALLS_REAL_METHODS); when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10)); + val signContentResp = new SignContentResponseType(); + SignContentEntry signContentEntry = new SignContentEntry(); + signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10)); + signContentResp.getOut().add(signContentEntry); + when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp); // when(szrMock2, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10)); // Wie kann ich das vom Bean rein gehängte SZR mit dem Mock überschreiben? task.execute(pendingReq, executionContext); + + authTask.execute(pendingReq, executionContext); } catch (Exception e) { e.printStackTrace(); Assert.fail(); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test_2.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test_2.xml new file mode 100644 index 00000000..93b12a7c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test_2.xml @@ -0,0 +1,77 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xmlns:mvc="http://www.springframework.org/schema/mvc" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd + http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> + + <context:annotation-config /> + <mvc:annotation-driven /> + <mvc:default-servlet-handler /> + + + <import resource="SpringTest-context_authManager.xml" /> + <import resource="SpringTest-context_basic_test.xml" /> + + <bean id="mvcGUIBuilderImpl" + class="at.asitplus.eidas.specific.connector.gui.SpringMvcGuiFormBuilderImpl" /> + + <bean id="springManagedSpecificConnectorCommunicationService" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService" /> + + <bean id="specificConnectorAttributesFileWithPath" + class="java.lang.String"> + <constructor-arg + value="src/test/resources/config/eidas-attributes.xml" /> + </bean> + + <bean id="specificConnectorAdditionalAttributesFileWithPath" + class="java.lang.String"> + <constructor-arg + value="src/test/resources/config/additional-attributes.xml" /> + </bean> + + <bean id="attributeRegistry" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry"> + <property name="eidasAttributesFile" + ref="specificConnectorAttributesFileWithPath" /> + <property name="additionalAttributesFile" + ref="specificConnectorAdditionalAttributesFileWithPath" /> + </bean> + + <!-- Authentication Process Tasks --> + <bean id="ConnecteIDASNodeTask" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask" + scope="prototype" /> + + <bean id="ReceiveResponseFromeIDASNodeTask" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAuthnResponseTask" + scope="prototype" /> + + <bean id="CreateIdentityLinkTask" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask" + scope="prototype" /> + + <bean id="FinalizeAuthenticationTask" + class="at.gv.egiz.eaaf.core.impl.idp.controller.tasks.FinalizeAuthenticationTask" + scope="prototype" /> + + <bean id="DummyProtocolAuthService" + class="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService" /> + + <bean id="DummyGuiBuilderConfigurationFactory" + class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory" /> + + <bean id="StatisticLogger" + class="at.gv.egiz.eaaf.core.impl.logging.DummyStatisticLogger" /> + + <bean id="TestAuthenticationDataBuilder" + class="at.asitplus.eidas.specific.connector.builder.AuthenticationDataBuilder" /> + +</beans>
\ No newline at end of file |