diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2')
19 files changed, 2244 insertions, 93 deletions
| diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml index e64aefc7..7bbdaf78 100644 --- a/eidas_modules/authmodule-eIDAS-v2/pom.xml +++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml @@ -149,6 +149,24 @@        <scope>test</scope>      </dependency>      <dependency> +      <groupId>org.powermock</groupId> +      <artifactId>powermock-module-junit4</artifactId> +      <version>2.0.7</version> +      <scope>test</scope> +    </dependency> +    <dependency> +      <groupId>org.powermock</groupId> +      <artifactId>powermock-api-mockito2</artifactId> +      <version>2.0.7</version> +      <scope>test</scope> +    </dependency> +    <dependency> +      <groupId>eu.eidas</groupId> +      <artifactId>eidas-light-commons</artifactId> +      <version>2.4.0</version> +      <scope>test</scope> +    </dependency> +    <dependency>        <groupId>at.gv.egiz.eaaf</groupId>        <artifactId>eaaf_core_utils</artifactId>        <scope>test</scope> @@ -160,6 +178,17 @@        <scope>test</scope>        <type>test-jar</type>      </dependency> +    <dependency> +      <groupId>com.fasterxml.jackson.core</groupId> +      <artifactId>jackson-databind</artifactId> +      <version>2.11.2</version> +      <scope>compile</scope> +    </dependency> +    <dependency> +      <groupId>org.bitbucket.b_c</groupId> +      <artifactId>jose4j</artifactId> +      <version>0.7.2</version> +    </dependency>    </dependencies>    <build> @@ -168,7 +197,7 @@          <directory>src/main/resources</directory>        </resource>        <resource> -        <directory>target/generated/cxf</directory> +        <directory>target/generated-sources/cxf</directory>        </resource>      </resources> @@ -209,7 +238,7 @@                <sourceRoot>${project.build.directory}/generated/cxf</sourceRoot>                <wsdlOptions>                  <wsdlOption> -                  <wsdl>${basedir}/src/main/resources/szr_client/SZR-1.1.WSDL</wsdl> +                  <wsdl>${basedir}/src/main/resources/szr_client/SZR_v4.0.wsdl</wsdl>                    <extraargs>                      <extraarg>-verbose </extraarg>                    </extraargs> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java index 763d8dab..5a551649 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java @@ -33,9 +33,7 @@ import java.security.KeyStoreException;  import java.security.NoSuchAlgorithmException;  import java.security.SecureRandom;  import java.security.UnrecoverableKeyException; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; +import java.util.*;  import javax.annotation.PostConstruct;  import javax.net.ssl.KeyManager; @@ -56,7 +54,10 @@ import javax.xml.ws.BindingProvider;  import javax.xml.ws.Dispatch;  import javax.xml.ws.handler.Handler; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper;  import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.time.StopWatch;  import org.apache.cxf.configuration.jsse.TLSClientParameters;  import org.apache.cxf.endpoint.Client;  import org.apache.cxf.frontend.ClientProxy; @@ -79,15 +80,7 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration;  import at.gv.egiz.eaaf.core.impl.utils.DomUtils;  import at.gv.egiz.eaaf.core.impl.utils.FileUtils;  import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; -import szrservices.GetBPK; -import szrservices.GetBPKResponse; -import szrservices.GetIdentityLinkEidas; -import szrservices.GetIdentityLinkEidasResponse; -import szrservices.IdentityLinkType; -import szrservices.ObjectFactory; -import szrservices.PersonInfoType; -import szrservices.SZR; -import szrservices.SZRException_Exception; +import szrservices.*;  @Service("SZRClientForeIDAS")  public class SzrClient { @@ -109,9 +102,11 @@ public class SzrClient {    private String szrUrl = null;    private QName qname = null; +  final ObjectMapper mapper = new ObjectMapper(); +    /**     * Get IdentityLink of a person. -   *  +   *     * @param personInfo Person identification information     * @return IdentityLink     * @throws SzrCommunicationException In case of a SZR error @@ -165,7 +160,7 @@ public class SzrClient {      } catch (final Exception e) {        log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); -      throw new SzrCommunicationException("ernb.02", new Object[] { e.getMessage() }, e); +      throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e);      } @@ -173,19 +168,19 @@ public class SzrClient {    /**     * Get bPK of person. -   *  +   *     * @param personInfo Person identification information -   * @param target requested bPK target -   * @param vkz Verfahrenskennzeichen +   * @param target     requested bPK target +   * @param vkz        Verfahrenskennzeichen     * @return bPK for this person     * @throws SzrCommunicationException In case of a SZR error     */ -  public String getBpk(PersonInfoType personInfo, String target, String vkz) +  public List<String> getBpk(PersonInfoType personInfo, String target, String vkz)        throws SzrCommunicationException {      try {        final GetBPK parameters = new GetBPK();        parameters.setPersonInfo(personInfo); -      parameters.setBereichsKennung(target); +      parameters.getBereichsKennung().add(target);        parameters.setVKZ(vkz);        final GetBPKResponse result = this.szr.getBPK(parameters); @@ -193,16 +188,98 @@ public class SzrClient {      } catch (final SZRException_Exception e) {        log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); -      throw new SzrCommunicationException("ernb.02", new Object[] { e.getMessage() }, e); +      throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e);      }    } +  /** +   * Request a encryped baseId from SRZ. +   * +   * @param personInfo Minimum dataset of person +   * @return encrypted baseId +   * @throws SzrCommunicationException    In case of a SZR error +   */ +  public String getEncryptedStammzahl(final PersonInfoType personInfo) +      throws SzrCommunicationException { + +    final String resp; +    try { +      resp = this.szr.getStammzahlEncrypted(personInfo, false); +    } catch (SZRException_Exception e) { +      throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); +    } + +    if (resp == null || StringUtils.isEmpty(resp)) { +      throw new SzrCommunicationException("ernb.01", new Object[]{"Stammzahl response empty"}); // TODO error handling +    } + +    return resp; + +  } + + +  /** +   * Signs content. +   * +   * @param vsz ? TODO +   * @param bindingPubKey  binding PublikKey as PKCS1# (ASN.1) container +   * @param eidStatus Status of the E-ID +   * @return bPK for this person +   * @throws SzrCommunicationException In case of a SZR error +   */ +  public String getBcBind(final String vsz, final String bindingPubKey, final String eidStatus) +      throws SzrCommunicationException { + +    final String ATTR_NAME_VSZ = "urn:eidgvat:attributes.vsz.value"; +    final String ATTR_NAME_PUBKEYS = "urn:eidgvat:attributes.user.pubkeys"; +    final String ATTR_NAME_STATUS = "urn:eidgvat:attributes.eid.status"; +    final String KEY_BC_BIND = "bcBindReq"; +    final String JOSE_HEADER_USERCERTPINNING_TYPE = "urn:at.gv.eid:bindtype"; +    final String JOSE_HEADER_USERCERTPINNING_EIDASBIND = "urn:at.gv.eid:eidasBind"; + +    final Map<String, Object> bcBindMap = new HashMap<>(); +    bcBindMap.put(ATTR_NAME_VSZ, vsz); +    bcBindMap.put(ATTR_NAME_STATUS, eidStatus); +    bcBindMap.put(ATTR_NAME_PUBKEYS, Arrays.asList(bindingPubKey)); + +    try { +      final String serializedBcBind = mapper.writeValueAsString(bcBindMap); +      final SignContent req = new SignContent(); +      final SignContentEntry bcBindInfo = new SignContentEntry(); +      bcBindInfo.setKey(KEY_BC_BIND); +      bcBindInfo.setValue(serializedBcBind); +      req.getIn().add(bcBindInfo); +      req.setAppendCert(false); +      final JwsHeaderParam bcBindJoseHeader = new JwsHeaderParam(); +      bcBindJoseHeader.setKey(JOSE_HEADER_USERCERTPINNING_TYPE); +      bcBindJoseHeader.setValue(JOSE_HEADER_USERCERTPINNING_EIDASBIND); +      req.getJWSHeaderParam().add(bcBindJoseHeader); + +      log.trace("Requesting SZR to sign bcBind datastructure ... "); +      final SignContentResponseType resp = szr.signContent(req.isAppendCert(), req.getJWSHeaderParam(), req.getIn()); +      log.trace("Receive SZR response on bcBind siging operation "); + +      if (resp == null +          || resp.getOut().isEmpty() +          || resp.getOut().get(0).getValue() == null) { +        throw new SzrCommunicationException("ernb.01", new Object[]{"BcBind response empty"}); //TODO check error handling +      } + +      return resp.getOut().get(0).getValue(); + +    } catch (final JsonProcessingException | SZRException_Exception e) { +      log.warn("Requesting bcBind by using SZR FAILED. Reason: {}", e.getMessage(), null, e); +      throw new SzrCommunicationException("ernb.02", +          new Object[]{e.getMessage()}, e); +    } +  } +    @PostConstruct    private void initialize() {      log.info("Starting SZR-Client initialization .... "); -    final URL url = SzrClient.class.getResource("/szr_client/SZR-1.1.WSDL"); +    final URL url = SzrClient.class.getResource("/szr_client/SZR_v4.0.wsdl");      final boolean useTestSzr = basicConfig.getBasicConfigurationBoolean(          Constants.CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE, diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index 88c3515b..e4a22cbc 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -19,28 +19,10 @@   * file for details on the various modules and licenses.   * The "NOTICE" text file is part of the distribution. Any derivative works   * that you distribute must include a readable copy of the "NOTICE" text file. -*/ + */  package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; -import java.io.InputStream; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang3.StringUtils; -import org.joda.time.DateTime; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; -import org.w3c.dom.Element; -import org.w3c.dom.Node; - -import com.google.common.collect.ImmutableMap; -import com.google.common.collect.ImmutableSet; -  import at.asitplus.eidas.specific.connector.MsConnectorEventCodes;  import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;  import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; @@ -60,6 +42,8 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;  import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;  import at.gv.egiz.eaaf.core.exceptions.EaafException;  import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;  import at.gv.egiz.eaaf.core.impl.data.Pair;  import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder;  import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; @@ -67,20 +51,38 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser  import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;  import at.gv.egiz.eaaf.core.impl.utils.DomUtils;  import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSet;  import eu.eidas.auth.commons.attribute.AttributeDefinition;  import eu.eidas.auth.commons.attribute.AttributeValue;  import eu.eidas.auth.commons.light.ILightResponse;  import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;  import lombok.extern.slf4j.Slf4j; +import lombok.val; +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; +import org.w3c.dom.Element; +import org.w3c.dom.Node;  import szrservices.IdentityLinkType;  import szrservices.PersonInfoType;  import szrservices.TravelDocumentType; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.InputStream; +import java.security.KeyStoreException; +import java.util.Base64; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +  /**   * Task that creates the IdentityLink for an eIDAS authenticated person. - *  - * @author tlenz   * + * @author tlenz   */  @Slf4j  @Component("CreateIdentityLinkTask") @@ -95,7 +97,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {    /*     * (non-Javadoc) -   *  +   *     * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.     * egovernment.moa.id.process.api.ExecutionContext,     * javax.servlet.http.HttpServletRequest, @@ -103,7 +105,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {     */    @Override    public void execute(ExecutionContext executionContext, -      HttpServletRequest request, HttpServletResponse response) +                      HttpServletRequest request, HttpServletResponse response)        throws TaskExecutionException {      try {        final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); @@ -217,43 +219,64 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {            }          } -        final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo); +        String eidMode = pendingReq.getServiceProviderConfiguration().getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old"); +        if (eidMode.equals("new")) { -        final Element idlFromSzr = (Element) result.getAssertion(); -        identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink(); +          String vsz = szrClient.getEncryptedStammzahl(personInfo); -        // write ERnB inputdata into revisionlog -        if (basicConfig.getBasicConfigurationBoolean( -            Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) { -          revisionsLogger.logEvent(pendingReq, -              MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID, -              (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); -          revisionsLogger.logEvent(pendingReq, -              MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym()); +          // build Keystore +          String pK64 = getPkFromKeystore(); +          // setzte Keystore in config ?path? lade rein +          // key pair art siehe jose utils -        } -        // get bPK from SZR -        if (basicConfig.getBasicConfigurationBoolean( -            Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) { -          bpk = szrClient.getBpk( -              personInfo, -              pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), -              basicConfig.getBasicConfiguration( -                  Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, -                  "no VKZ defined")); +          String signedEidasBind = szrClient.getBcBind(vsz, pK64, "urn:eidgvat:eid.status.eidas"); //eidstatus TODO as config? + +          //build AuthBlock JWS +          ObjectMapper mapper = new ObjectMapper(); +          String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier()); + +//          JoseUtils.createSignature(new Pair<>(ks, ks.getProvider()), "connectorkeypair", passord.chararray(), jwsPayload, false, ); //TODO joseutils kopiern          } else { -          log.debug("Calculating bPK from baseId ... "); -          new BpkBuilder(); -          final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier( -              identityLink.getIdentificationValue(), -              identityLink.getIdentificationType(), -              pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); -          bpk = bpkCalc.getFirst(); -        } +          final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo); +          final Element idlFromSzr = (Element) result.getAssertion(); +          identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink(); + +          // write ERnB inputdata into revisionlog +          if (basicConfig.getBasicConfigurationBoolean( +              Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) { +            revisionsLogger.logEvent(pendingReq, +                MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID, +                (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); +            revisionsLogger.logEvent(pendingReq, +                MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym()); + +          } + +          // get bPK from SZR +          if (basicConfig.getBasicConfigurationBoolean( +              Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) { +            bpk = szrClient.getBpk( +                personInfo, +                pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), +                basicConfig.getBasicConfiguration( +                    Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, +                    "no VKZ defined")).get(0); + +          } else { +            log.debug("Calculating bPK from baseId ... "); +            new BpkBuilder(); +            final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier( +                identityLink.getIdentificationValue(), +                identityLink.getIdentificationType(), +                pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); +            bpk = bpkCalc.getFirst(); + +          } +        }        }        if (identityLink == null) { @@ -307,6 +330,20 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {      }    } +  private String getPkFromKeystore() throws EaafException, KeyStoreException { +    EaafKeyStoreFactory keyStoreFactory = new EaafKeyStoreFactory(); +    KeyStoreConfiguration configuration = new KeyStoreConfiguration(); + +    final String current = new java.io.File(".").toURI().toString(); +    configuration.setSoftKeyStoreFilePath(current + "src/test/resources/keystore/teststore.jks"); + +    configuration.setSoftKeyStorePassword("f/+saJBc3a}*/T^s"); +    configuration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.JKS); +    val ks = keyStoreFactory.buildNewKeyStore(configuration); +    val publicKey = ks.getFirst().getCertificate("connectorkeypair").getPublicKey(); +    return Base64.getEncoder().encodeToString(publicKey.getEncoded()); +  } +    private String extendBpkByPrefix(String bpk, String type) {      String bpkType = null; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/JoseUtils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/JoseUtils.java new file mode 100644 index 00000000..e81c4c92 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/JoseUtils.java @@ -0,0 +1,305 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.utils; + +import at.gv.egiz.eaaf.core.exception.EaafKeyUsageException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.utils.X509Utils; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; +import org.jose4j.jca.ProviderContext; +import org.jose4j.jwa.AlgorithmConstraints; +import org.jose4j.jws.AlgorithmIdentifiers; +import org.jose4j.jws.JsonWebSignature; +import org.jose4j.jwx.Headers; +import org.jose4j.jwx.JsonWebStructure; +import org.jose4j.keys.resolvers.X509VerificationKeyResolver; +import org.jose4j.lang.JoseException; +import org.springframework.util.Base64Utils; + +import javax.annotation.Nonnull; +import java.io.IOException; +import java.security.Key; +import java.security.KeyStore; +import java.security.Provider; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.RSAPrivateKey; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; + +/** + * {@link JoseUtils} provides static methods JWS and JWE processing. + * + * @author tlenz + * + */ +@Slf4j +public class JoseUtils { + +  /** +   * Create a JWS signature. +   * +   * <p> +   * Use {@link AlgorithmIdentifiers.RSA_PSS_USING_SHA256} in case +   * of a RSA based key and +   * {@link AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256} +   * in case of an ECC based key. +   * </p> +   * +   * @param keyStore               KeyStore that should be used +   * @param keyAlias               Alias of the private key +   * @param keyPassword            Password to access the key +   * @param payLoad                PayLoad to sign +   * @param addFullCertChain       If true the full certificate chain will be +   *                               added, otherwise only the +   *                               X509CertSha256Fingerprint is added into JOSE +   *                               header +   * @param friendlyNameForLogging FriendlyName for the used KeyStore for logging +   *                               purposes only +   * @return Signed PayLoad in serialized form +   * @throws EaafException In case of a key-access or key-usage error +   * @throws JoseException In case of a JOSE error +   */ +  public static String createSignature(@Nonnull Pair<KeyStore, Provider> keyStore, +      @Nonnull final String keyAlias, @Nonnull final char[] keyPassword, +      @Nonnull final String payLoad, boolean addFullCertChain, +      @Nonnull String friendlyNameForLogging) throws EaafException, JoseException { +    return createSignature(keyStore, keyAlias, keyPassword, payLoad, addFullCertChain, Collections.emptyMap(), +        AlgorithmIdentifiers.RSA_PSS_USING_SHA256, AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256, +        friendlyNameForLogging); + +  } + +  /** +   * Create a JWS signature. +   * +   * <p> +   * Use {@link AlgorithmIdentifiers.RSA_PSS_USING_SHA256} in case +   * of a RSA based key and +   * {@link AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256} +   * in case of an ECC based key. +   * </p> +   * +   * @param keyStore               KeyStore that should be used +   * @param keyAlias               Alias of the private key +   * @param keyPassword            Password to access the key +   * @param payLoad                PayLoad to sign +   * @param addFullCertChain       If true the full certificate chain will be +   *                               added, otherwise only the +   *                               X509CertSha256Fingerprint is added into JOSE +   *                               header +   * @param joseHeaders            HeaderName and HeaderValue that should be set +   *                               into JOSE header +   * @param friendlyNameForLogging FriendlyName for the used KeyStore for logging +   *                               purposes only +   * @return Signed PayLoad in serialized form +   * @throws EaafException In case of a key-access or key-usage error +   * @throws JoseException In case of a JOSE error +   */ +  public static String createSignature(@Nonnull Pair<KeyStore, Provider> keyStore, +      @Nonnull final String keyAlias, @Nonnull final char[] keyPassword, +      @Nonnull final String payLoad, boolean addFullCertChain, +      @Nonnull final Map<String, String> joseHeaders, +      @Nonnull String friendlyNameForLogging) throws EaafException, JoseException { +    return createSignature(keyStore, keyAlias, keyPassword, payLoad, addFullCertChain, joseHeaders, +        AlgorithmIdentifiers.RSA_PSS_USING_SHA256, AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256, +        friendlyNameForLogging); + +  } + +  /** +   * Create a JWS signature. +   * +   * @param keyStore               KeyStore that should be used +   * @param keyAlias               Alias of the private key +   * @param keyPassword            Password to access the key +   * @param payLoad                PayLoad to sign +   * @param addFullCertChain       If true the full certificate chain will be +   *                               added, otherwise only the +   *                               X509CertSha256Fingerprint is added into JOSE +   *                               header +   * @param joseHeaders            HeaderName and HeaderValue that should be set +   *                               into JOSE header +   * @param rsaAlgToUse            Signing algorithm that should be used in case +   *                               of a signing key based on RSA +   * @param eccAlgToUse            Signing algorithm that should be used in case +   *                               of a signing key based on ECC +   * @param friendlyNameForLogging FriendlyName for the used KeyStore for logging +   *                               purposes only +   * @return Signed PayLoad in serialized form +   * @throws EaafException In case of a key-access or key-usage error +   * @throws JoseException In case of a JOSE error +   */ +  public static String createSignature(@Nonnull Pair<KeyStore, Provider> keyStore, +      @Nonnull final String keyAlias, @Nonnull final char[] keyPassword, +      @Nonnull final String payLoad, boolean addFullCertChain, +      @Nonnull final Map<String, String> joseHeaders, +      @Nonnull final String rsaAlgToUse, @Nonnull final String eccAlgToUse, +      @Nonnull String friendlyNameForLogging) throws EaafException, JoseException { + +    final JsonWebSignature jws = new JsonWebSignature(); + +    // set payload +    jws.setPayload(payLoad); + +    // set JOSE headers +    for (final Entry<String, String> el : joseHeaders.entrySet()) { +      log.trace("Set JOSE header: {} with value: {} into JWS", el.getKey(), el.getValue()); +      jws.setHeader(el.getKey(), el.getValue()); + +    } + +    // set signing information +    final Pair<Key, X509Certificate[]> signingCred = EaafKeyStoreUtils.getPrivateKeyAndCertificates( +        keyStore.getFirst(), keyAlias, keyPassword, true, friendlyNameForLogging); +    jws.setKey(signingCred.getFirst()); +    jws.setAlgorithmHeaderValue(getKeyOperationAlgorithmFromCredential( +        jws.getKey(), rsaAlgToUse, eccAlgToUse, friendlyNameForLogging)); + +    // set special provider if required +    if (keyStore.getSecond() != null) { +      log.trace("Injecting special Java Security Provider: {}", keyStore.getSecond().getName()); +      final ProviderContext providerCtx = new ProviderContext(); +      providerCtx.getSuppliedKeyProviderContext().setSignatureProvider( +          keyStore.getSecond().getName()); +      jws.setProviderContext(providerCtx); + +    } + +    if (addFullCertChain) { +      jws.setCertificateChainHeaderValue(signingCred.getSecond()); + +    } + +    jws.setX509CertSha256ThumbprintHeaderValue(signingCred.getSecond()[0]); + +    return jws.getCompactSerialization(); + +  } + +  /** +   * Verify a JOSE signature. +   * +   * @param serializedContent Serialized content that should be verified +   * @param trustedCerts      Trusted certificates that should be used for +   *                          verification +   * @param constraints       {@link AlgorithmConstraints} for verification +   * @return {@link JwsResult} object +   * @throws JoseException In case of a signature verification error +   * @throws IOException   In case of a general error +   */ +  public static JwsResult validateSignature(@Nonnull final String serializedContent, +      @Nonnull final List<X509Certificate> trustedCerts, @Nonnull final AlgorithmConstraints constraints) +      throws JoseException, IOException { +    final JsonWebSignature jws = new JsonWebSignature(); +    // set payload +    jws.setCompactSerialization(serializedContent); + +    // set security constrains +    jws.setAlgorithmConstraints(constraints); + +    // load signinc certs +    Key selectedKey = null; +    final List<X509Certificate> x5cCerts = jws.getCertificateChainHeaderValue(); +    final String x5t256 = jws.getX509CertSha256ThumbprintHeaderValue(); +    if (x5cCerts != null) { +      log.debug("Found x509 certificate in JOSE header ... "); +      log.trace("Sorting received X509 certificates ... "); +      final List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); + +      if (trustedCerts.contains(sortedX5cCerts.get(0))) { +        selectedKey = sortedX5cCerts.get(0).getPublicKey(); + +      } else { +        log.info("Can NOT find JOSE certificate in truststore."); +        if (log.isDebugEnabled()) { +          try { +            log.debug("Cert: {}", Base64Utils.encodeToString(sortedX5cCerts.get(0).getEncoded())); + +          } catch (final CertificateEncodingException e) { +            log.warn("Can not create DEBUG output", e); + +          } +        } +      } + +    } else if (StringUtils.isNotEmpty(x5t256)) { +      log.debug("Found x5t256 fingerprint in JOSE header .... "); +      final X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver( +          trustedCerts); +      selectedKey = x509VerificationKeyResolver.resolveKey(jws, Collections.<JsonWebStructure>emptyList()); + +    } else { +      throw new JoseException("JWS contains NO signature certificate or NO certificate fingerprint"); + +    } + +    if (selectedKey == null) { +      throw new JoseException("Can NOT select verification key for JWS. Signature verification FAILED"); + +    } + +    // set verification key +    jws.setKey(selectedKey); + +    // load payLoad +    return new JwsResult( +        jws.verifySignature(), +        jws.getUnverifiedPayload(), +        jws.getHeaders(), +        x5cCerts); + +  } + +  /** +   * Select signature algorithm for a given credential. +   * +   * @param key                    {@link X509Credential} that will be used for +   *                               key operations +   * @param rsaSigAlgorithm        RSA based algorithm that should be used in case +   *                               of RSA credential +   * @param ecSigAlgorithm         EC based algorithm that should be used in case +   *                               of RSA credential +   * @param friendlyNameForLogging KeyStore friendlyName for logging purposes +   * @return either the RSA based algorithm or the EC based algorithm +   * @throws EaafKeyUsageException In case of an unsupported private-key type +   */ +  private static String getKeyOperationAlgorithmFromCredential(Key key, +      String rsaSigAlgorithm, String ecSigAlgorithm, String friendlyNameForLogging) +      throws EaafKeyUsageException { +    if (key instanceof RSAPrivateKey) { +      return rsaSigAlgorithm; + +    } else if (key instanceof ECPrivateKey) { +      return ecSigAlgorithm; + +    } else { +      log.warn("Could NOT select the cryptographic algorithm from Private-Key type"); +      throw new EaafKeyUsageException(EaafKeyUsageException.ERROR_CODE_01, +          friendlyNameForLogging, +          "Can not select cryptographic algorithm"); + +    } + +  } + +  private JoseUtils() { + +  } + +  @Getter +  @AllArgsConstructor +  public static class JwsResult { +    final boolean valid; +    final String payLoad; +    final Headers fullJoseHeader; +    final List<X509Certificate> x5cCerts; + +  } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR_v4.0.wsdl b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR_v4.0.wsdl new file mode 100644 index 00000000..e7f296bd --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR_v4.0.wsdl @@ -0,0 +1,441 @@ +<?xml version="1.0" encoding="UTF-8"?> +<definitions targetNamespace="urn:SZRServices" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pd="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:pvp="http://egov.gv.at/pvp1.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:szr="urn:SZRServices" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext" xmlns:xs="http://www.w3.org/2001/XMLSchema"> +    <types> +			<xs:schema> +				<xs:import namespace="urn:SZRServices" schemaLocation="szr_v4.0.xsd"/> +			</xs:schema> +		</types> +	<message name="Header"> +		<part name="SecurityHeader" element="wsse:Security" /> +	</message> +	<message name="GetIdentityLinkRequest"> +		<part element="szr:GetIdentityLink" name="parameters" /> +	</message> +	<message name="GetIdentityLinkResponse"> +		<part element="szr:GetIdentityLinkResponse" name="parameters" /> +	</message> +	<message name="GetIdentityLinkEidasRequest"> +		<part element="szr:GetIdentityLinkEidas" name="parameters" /> +	</message> +	<message name="GetIdentityLinkEidasResponse"> +		<part element="szr:GetIdentityLinkEidasResponse" name="parameters" /> +	</message> +	<message name="GetBPKRequest"> +		<part element="szr:GetBPK" name="parameters" /> +	</message> +	<message name="GetBPKResponse"> +		<part element="szr:GetBPKResponse" name="parameters" /> +	</message> +	<message name="GetBPKsRequest"> +		<part element="szr:GetBPKs" name="parameters" /> +	</message> +	<message name="GetBPKsResponse"> +		<part element="szr:GetBPKsResponse" name="parameters" /> +	</message> +	<message name="GetBPKKombiRequest"> +		<part element="szr:GetBPKKombi" name="parameters" /> +	</message> +	<message name="GetBPKKombiResponse"> +		<part element="szr:GetBPKKombiResponse" name="parameters" /> +	</message> +	<message name="GetBPKZPVRequest"> +		<part element="szr:GetBPKZPV" name="parameters" /> +	</message> +	<message name="GetBPKZPVResponse"> +		<part element="szr:GetBPKZPVResponse" name="parameters" /> +	</message> +	<message name="GetBPKFromStammzahlEncryptedRequest"> +		<part element="szr:GetBPKFromStammzahlEncrypted" name="parameters" /> +	</message> +	<message name="GetBPKFromStammzahlEncryptedResponse"> +		<part element="szr:GetBPKFromStammzahlEncryptedResponse" name="parameters" /> +	</message> +	<message name="SignContentRequest"> +		<part element="szr:SignContent" name="parameters" /> +	</message> +	<message name="SignContentResponse"> +		<part element="szr:SignContentResponse" name="parameters" /> +	</message> +	<message name="BPKzuBasiszahlRequest"> +		<part element="szr:BPKzuBasiszahl" name="parameters" /> +	</message> +	<message name="BPKzuBasiszahlResponse"> +		<part element="szr:BPKzuBasiszahlResponse" name="parameters" /> +	</message> +	<message name="BasiszahlZuBPKRequest"> +		<part element="szr:BasiszahlZuBPK" name="parameters" /> +	</message> +	<message name="BasiszahlZuBPKResponse"> +		<part element="szr:BasiszahlZuBPKResponse" name="parameters" /> +	</message> +	<message name="ValidateIdentityLinkRequest"> +		<part element="szr:ValidateIdentityLink" name="parameters" /> +	</message> +	<message name="ValidateIdentityLinkResponse"> +		<part element="szr:ValidateIdentityLinkResponse" name="parameters" /> +	</message> +	<message name="TransformBPKRequest"> +		<part element="szr:TransformBPK" name="parameters" /> +	</message> +	<message name="TransformBPKResponse"> +		<part element="szr:TransformBPKResponse" name="parameters" /> +	</message> +	<message name="GetVKZPermissionRequest"> +		<part element="szr:GetVKZPermission" name="parameters" /> +	</message> +	<message name="GetVKZPermissionResponse"> +		<part element="szr:GetVKZPermissionResponse" name="parameters" /> +	</message> +	<message name="ZMRAnwendungsIntegrationRequest"> +		<part element="szr:ZMRAnwendungsIntegration" name="parameters" /> +	</message> +	<message name="ZMRAnwendungsIntegrationResponse"> +		<part element="szr:ZMRAnwendungsIntegrationResponse" name="parameters" /> +	</message> +	<message name="GetStammzahlRequest"> +		<part element="szr:GetStammzahl" name="parameters" /> +	</message> +	<message name="GetStammzahlResponse"> +		<part element="szr:GetStammzahlResponse" name="parameters" /> +	</message> +	<message name="GetStammzahlEncryptedRequest"> +		<part element="szr:GetStammzahlEncrypted" name="parameters" /> +	</message> +	<message name="GetStammzahlEncryptedResponse"> +		<part element="szr:GetStammzahlEncryptedResponse" name="parameters" /> +	</message> +	<message name="GetVersionRequest"> +		<part element="szr:GetVersion" name="parameters" /> +	</message> +	<message name="GetVersionResponse"> +		<part element="szr:GetVersionResponse" name="parameters" /> +	</message> +	<message name="SZRException"> +		<part element="szr:SZRException" name="fault" /> +	</message> +	<portType name="SZR"> +		<operation name="GetIdentityLink"> +			<input message="szr:GetIdentityLinkRequest" name="GetIdentityLinkRequest" /> +			<output message="szr:GetIdentityLinkResponse" name="GetIdentityLinkResponse" /> +			<fault message="szr:SZRException" name="SZRException" /> +		</operation> +		<operation name="GetIdentityLinkEidas"> +			<input message="szr:GetIdentityLinkEidasRequest" name="GetIdentityLinkEidasRequest" /> +			<output message="szr:GetIdentityLinkEidasResponse" name="GetIdentityLinkEidasResponse" /> +			<fault message="szr:SZRException" name="SZRException" /> +		</operation> +		<operation name="GetBPK"> +			<jaxws:bindings xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"> +				<jaxws:enableWrapperStyle>false</jaxws:enableWrapperStyle> +			</jaxws:bindings> +			<input message="szr:GetBPKRequest" name="GetBPKRequest" /> +			<output message="szr:GetBPKResponse" name="GetBPKResponse" /> +			<fault message="szr:SZRException" name="SZRException" /> +		</operation> +		<operation name="GetBPKs"> +			<input message="szr:GetBPKsRequest" name="GetBPKsRequest" /> +			<output message="szr:GetBPKsResponse" name="GetBPKsResponse" /> +			<fault message="szr:SZRException" name="SZRException" /> +		</operation> +		<operation name="GetBPKKombi"> +			<input message="szr:GetBPKKombiRequest" name="GetBPKKombiRequest" /> +			<output message="szr:GetBPKKombiResponse" name="GetBPKKombiResponse" /> +			<fault message="szr:SZRException" name="SZRException" /> +		</operation> +		<operation name="GetBPKZPV"> +			<input message="szr:GetBPKZPVRequest" name="GetBPKZPVRequest" /> +			<output message="szr:GetBPKZPVResponse" name="GetBPKZPVResponse" /> +			<fault message="szr:SZRException" name="SZRException" /> +		</operation> +		<operation name="GetBPKFromStammzahlEncrypted"> +			<input message="szr:GetBPKFromStammzahlEncryptedRequest" name="GetBPKFromStammzahlEncryptedRequest" /> +			<output message="szr:GetBPKFromStammzahlEncryptedResponse" name="GetBPKFromStammzahlEncryptedResponse" /> +			<fault message="szr:SZRException" name="SZRException" /> +		</operation> +		<operation name="SignContent"> +			<input message="szr:SignContentRequest" name="SignContentRequest" /> +			<output message="szr:SignContentResponse" name="SignContentResponse" /> +			<fault message="szr:SZRException" name="SZRException" /> +		</operation> +		<operation name="ValidateIdentityLink"> +			<input message="szr:ValidateIdentityLinkRequest" name="ValidateIdentityLinkRequest" /> +			<output message="szr:ValidateIdentityLinkResponse" name="ValidateIdentityLinkResponse" /> +			<fault message="szr:SZRException" name="SZRException" /> +		</operation> +		<operation name="TransformBPK"> +			<input message="szr:TransformBPKRequest" name="TransformBPKRequest" /> +			<output message="szr:TransformBPKResponse" name="TransformBPKResponse" /> +			<fault message="szr:SZRException" name="SZRException" /> +		</operation> +		<operation name="GetVKZPermission"> +			<input message="szr:GetVKZPermissionRequest" name="GetVKZPermissionRequest" /> +			<output message="szr:GetVKZPermissionResponse" name="GetVKZPermissionResponse" /> +			<fault message="szr:SZRException" name="SZRException" /> +		</operation> +		<operation name="BPKzuBasiszahl"> +			<input message="szr:BPKzuBasiszahlRequest" name="BPKzuBasiszahlRequest" /> +			<output message="szr:BPKzuBasiszahlResponse" name="BPKzuBasiszahlResponse" /> +			<fault message="szr:SZRException" name="SZRException" /> +		</operation> +		<operation name="BasiszahlZuBPK"> +			<input message="szr:BasiszahlZuBPKRequest" name="BasiszahlZuBPKRequest" /> +			<output message="szr:BasiszahlZuBPKResponse" name="BasiszahlZuBPKResponse" /> +			<fault message="szr:SZRException" name="SZRException" /> +		</operation> +		<operation name="ZMRAnwendungsIntegration"> +			<input message="szr:ZMRAnwendungsIntegrationRequest" name="ZMRAnwendungsIntegrationRequest" /> +			<output message="szr:ZMRAnwendungsIntegrationResponse" name="ZMRAnwendungsIntegrationResponse" /> +			<fault message="szr:SZRException" name="SZRException" /> +		</operation> +		<operation name="GetStammzahl"> +			<input message="szr:GetStammzahlRequest" name="GetStammzahlRequest" /> +			<output message="szr:GetStammzahlResponse" name="GetStammzahlResponse" /> +			<fault message="szr:SZRException" name="SZRException" /> +		</operation> +		<operation name="GetStammzahlEncrypted"> +			<input message="szr:GetStammzahlEncryptedRequest" name="GetStammzahlEncryptedRequest" /> +			<output message="szr:GetStammzahlEncryptedResponse" name="GetStammzahlEncryptedResponse" /> +			<fault message="szr:SZRException" name="SZRException" /> +		</operation> +		<operation name="GetVersion"> +			<input message="szr:GetVersionRequest" name="GetVersionRequest" /> +			<output message="szr:GetVersionResponse" name="GetVersionResponse" /> +			<fault message="szr:SZRException" name="SZRException" /> +		</operation> +	</portType> +	<binding name="SZRSoapBinding" type="szr:SZR"> +		<wsdlsoap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" /> +		<operation name="GetIdentityLink"> +			<wsdlsoap:operation soapAction="" /> +			<input name="GetIdentityLinkRequest"> +				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> +				<wsdlsoap:body use="literal" /> +			</input> +			<output name="GetIdentityLinkResponse"> +				<wsdlsoap:body use="literal" /> +			</output> +			<fault name="SZRException"> +				<wsdlsoap:fault name="SZRException" use="literal" /> +			</fault> +		</operation> +		<operation name="GetIdentityLinkEidas"> +			<wsdlsoap:operation soapAction="" /> +			<input name="GetIdentityLinkEidasRequest"> +				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> +				<wsdlsoap:body use="literal" /> +			</input> +			<output name="GetIdentityLinkEidasResponse"> +				<wsdlsoap:body use="literal" /> +			</output> +			<fault name="SZRException"> +				<wsdlsoap:fault name="SZRException" use="literal" /> +			</fault> +		</operation> +		<operation name="GetBPK"> +			<wsdlsoap:operation soapAction="" /> +			<input name="GetBPKRequest"> +				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> +				<wsdlsoap:body use="literal" /> +			</input> +			<output name="GetBPKResponse"> +				<wsdlsoap:body use="literal" /> +			</output> +			<fault name="SZRException"> +				<wsdlsoap:fault name="SZRException" use="literal" /> +			</fault> +		</operation> +		<operation name="GetBPKs"> +			<wsdlsoap:operation soapAction="" /> +			<input name="GetBPKsRequest"> +				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> +				<wsdlsoap:body use="literal" /> +			</input> +			<output name="GetBPKsResponse"> +				<wsdlsoap:body use="literal" /> +			</output> +			<fault name="SZRException"> +				<wsdlsoap:fault name="SZRException" use="literal" /> +			</fault> +		</operation> +		<operation name="GetBPKKombi"> +			<wsdlsoap:operation soapAction="" /> +			<input name="GetBPKKombiRequest"> +				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> +				<wsdlsoap:body use="literal" /> +			</input> +			<output name="GetBPKKombiResponse"> +				<wsdlsoap:body use="literal" /> +			</output> +			<fault name="SZRException"> +				<wsdlsoap:fault name="SZRException" use="literal" /> +			</fault> +		</operation> +		<operation name="GetBPKZPV"> +			<wsdlsoap:operation soapAction="" /> +			<input name="GetBPKZPVRequest"> +				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> +				<wsdlsoap:body use="literal" /> +			</input> +			<output name="GetBPKZPVResponse"> +				<wsdlsoap:body use="literal" /> +			</output> +			<fault name="SZRException"> +				<wsdlsoap:fault name="SZRException" use="literal" /> +			</fault> +		</operation> +		<operation name="GetBPKFromStammzahlEncrypted"> +			<wsdlsoap:operation soapAction="" /> +			<input name="GetBPKFromStammzahlEncryptedRequest"> +				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> +				<wsdlsoap:body use="literal" /> +			</input> +			<output name="GetBPKFromStammzahlEncryptedResponse"> +				<wsdlsoap:body use="literal" /> +			</output> +			<fault name="SZRException"> +				<wsdlsoap:fault name="SZRException" use="literal" /> +			</fault> +		</operation> +		<operation name="SignContent"> +			<wsdlsoap:operation soapAction="" /> +			<input name="SignContentRequest"> +				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> +				<wsdlsoap:body use="literal" /> +			</input> +			<output name="SignContentResponse"> +				<wsdlsoap:body use="literal" /> +			</output> +			<fault name="SZRException"> +				<wsdlsoap:fault name="SZRException" use="literal" /> +			</fault> +		</operation> +		<operation name="GetVKZPermission"> +			<wsdlsoap:operation soapAction="" /> +			<input name="GetVKZPermissionRequest"> +				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> +				<wsdlsoap:body use="literal" /> +			</input> +			<output name="GetVKZPermissionResponse"> +				<wsdlsoap:body use="literal" /> +			</output> +			<fault name="SZRException"> +				<wsdlsoap:fault name="SZRException" use="literal" /> +			</fault> +		</operation> +		<operation name="ValidateIdentityLink"> +			<wsdlsoap:operation soapAction="" /> +			<input name="ValidateIdentityLinkRequest"> +				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> +				<wsdlsoap:body use="literal" /> +			</input> +			<output name="ValidateIdentityLinkResponse"> +				<wsdlsoap:body use="literal" /> +			</output> +			<fault name="SZRException"> +				<wsdlsoap:fault name="SZRException" use="literal" /> +			</fault> +		</operation> +		<operation name="TransformBPK"> +			<wsdlsoap:operation soapAction="" /> +			<input name="TransformBPKRequest"> +				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> +				<wsdlsoap:body use="literal" /> +			</input> +			<output name="TransformBPKResponse"> +				<wsdlsoap:body use="literal" /> +			</output> +			<fault name="SZRException"> +				<wsdlsoap:fault name="SZRException" use="literal" /> +			</fault> +		</operation> +		<operation name="BPKzuBasiszahl"> +			<wsdlsoap:operation soapAction="" /> +			<input name="BPKzuBasiszahlRequest"> +				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> +				<wsdlsoap:body use="literal" /> +			</input> +			<output name="BPKzuBasiszahlResponse"> +				<wsdlsoap:body use="literal" /> +			</output> +			<fault name="SZRException"> +				<wsdlsoap:fault name="SZRException" use="literal" /> +			</fault> +		</operation> +		<operation name="BasiszahlZuBPK"> +			<wsdlsoap:operation soapAction="" /> +			<input name="BasiszahlZuBPKRequest"> +				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> +				<wsdlsoap:body use="literal" /> +			</input> +			<output name="BasiszahlZuBPKResponse"> +				<wsdlsoap:body use="literal" /> +			</output> +			<fault name="SZRException"> +				<wsdlsoap:fault name="SZRException" use="literal" /> +			</fault> +		</operation> +		<operation name="ZMRAnwendungsIntegration"> +			<wsdlsoap:operation soapAction="" /> +			<input name="ZMRAnwendungsIntegrationRequest"> +				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> +				<wsdlsoap:body use="literal" /> +			</input> +			<output name="ZMRAnwendungsIntegrationResponse"> +				<wsdlsoap:body use="literal" /> +			</output> +			<fault name="SZRException"> +				<wsdlsoap:fault name="SZRException" use="literal" /> +			</fault> +		</operation> +		<operation name="GetStammzahl"> +			<wsdlsoap:operation soapAction="" /> +			<input name="GetStammzahlRequest"> +				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> +				<wsdlsoap:body use="literal" /> +			</input> +			<output name="GetStammzahlResponse"> +				<wsdlsoap:body use="literal" /> +			</output> +			<fault name="SZRException"> +				<wsdlsoap:fault name="SZRException" use="literal" /> +			</fault> +		</operation> +		<operation name="GetStammzahlEncrypted"> +			<wsdlsoap:operation soapAction="" /> +			<input name="GetStammzahlEncryptedRequest"> +				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> +				<wsdlsoap:body use="literal" /> +			</input> +			<output name="GetStammzahlEncryptedResponse"> +				<wsdlsoap:body use="literal" /> +			</output> +			<fault name="SZRException"> +				<wsdlsoap:fault name="SZRException" use="literal" /> +			</fault> +		</operation> +		<operation name="GetVersion"> +			<wsdlsoap:operation soapAction="" /> +			<input name="GetVersionRequest"> +				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> +				<wsdlsoap:body use="literal" /> +			</input> +			<output name="GetVersionResponse"> +				<wsdlsoap:body use="literal" /> +			</output> +			<fault name="SZRException"> +				<wsdlsoap:fault name="SZRException" use="literal" /> +			</fault> +		</operation> +	</binding> +	<service name="SZRService"> +		<port binding="szr:SZRSoapBinding" name="SZRBusinesspartnerTestumgebung"> +			<wsdlsoap:address location="https://pvawp.bmi.gv.at/at.gv.bmi.szrsrv-b/services/SZR" /> +		</port> +		<port binding="szr:SZRSoapBinding" name="SZRTestumgebung"> +			<wsdlsoap:address location="https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services-T/services/SZR" /> +		</port> +		<port binding="szr:SZRSoapBinding" name="SZRProduktionsumgebung"> +			<wsdlsoap:address location="https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services/services/SZR" /> +		</port> +	</service> +</definitions>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp19.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp19.xsd new file mode 100644 index 00000000..596a2b99 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp19.xsd @@ -0,0 +1,133 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v2004 rel. 2 U (http://www.xmlspy.com) by BM (Bundeskanzleramt) --> +<!-- PVP Schema 1.8.10 --> +<!-- pvpToken wird über das Element <Security> aus der Spezifikation WS-Security in den SOAP-Header eingebunden --> +<!--erstellt: rainer.hoerbe@bmi.gv.at 2004-04-30 --> +<!--geändert: rainer.hoerbe@beko.at 2007-04-04: Extensions Points definiert --> +<xs:schema targetNamespace="http://egov.gv.at/pvp1.xsd" xmlns="http://egov.gv.at/pvp1.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified"> +	<xs:element name="pvpToken"> +		<xs:complexType> +			<xs:complexContent> +				<xs:extension base="pvpTokenType" /> +			</xs:complexContent> +		</xs:complexType> +	</xs:element> +	<xs:complexType name="pvpTokenType"> +		<xs:sequence> +			<xs:element name="authenticate"> +				<xs:complexType> +					<xs:sequence> +						<xs:element name="participantId" type="xs:string" /> +						<xs:element name="gvOuDomain" type="xs:string" minOccurs="0" maxOccurs="1" /> +						<xs:choice> +							<xs:element name="userPrincipal"> +								<xs:complexType> +									<xs:complexContent> +										<xs:extension base="pvpPrincipalType"> +											<xs:sequence> +												<xs:element name="gvGid" type="xs:string" /> +												<xs:element name="mail" type="xs:string" minOccurs="0" maxOccurs="1" /> +												<xs:element name="tel" type="xs:string" minOccurs="0" maxOccurs="1" /> +												<xs:element name="bpk" type="xs:string" minOccurs="0" maxOccurs="1" /> +												<xs:element name="gvFunction" type="xs:string" minOccurs="0" maxOccurs="1" /> +											</xs:sequence> +										</xs:extension> +									</xs:complexContent> +								</xs:complexType> +							</xs:element> +							<xs:element name="systemPrincipal" type="pvpPrincipalType" /> +						</xs:choice> +						<xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"> +							<xs:annotation> +								<xs:documentation>additional authentication properties</xs:documentation> +							</xs:annotation> +						</xs:any> +					</xs:sequence> +				</xs:complexType> +			</xs:element> +			<xs:element name="authorize" minOccurs="0" maxOccurs="1"> +				<xs:complexType> +					<xs:sequence> +						<xs:sequence minOccurs="0"> +							<xs:element name="gvOuId" type="xs:string" /> +							<xs:element name="ou" type="xs:string" /> +						</xs:sequence> +						<xs:element name="role" maxOccurs="unbounded"> +							<xs:complexType> +								<xs:sequence> +									<xs:any namespace="##any" processContents="skip" minOccurs="0" maxOccurs="unbounded" /> +								</xs:sequence> +								<xs:attribute name="value" type="xs:string" use="required" /> +							</xs:complexType> +						</xs:element> +						<xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"> +							<xs:annotation> +								<xs:documentation>additional authorization properties</xs:documentation> +							</xs:annotation> +						</xs:any> +					</xs:sequence> +				</xs:complexType> +			</xs:element> +			<xs:element name="accounting" minOccurs="0"> +				<xs:complexType> +					<xs:sequence> +						<xs:any processContents="skip" minOccurs="0" maxOccurs="unbounded" /> +					</xs:sequence> +				</xs:complexType> +			</xs:element> +			<xs:element name="pvpChainedToken" type="pvpTokenType" minOccurs="0" /> +			<xs:element name="pvpExtension" block="extension" minOccurs="0"> +				<xs:complexType> +					<xs:sequence> +						<xs:any namespace="##any" processContents="skip" minOccurs="0" maxOccurs="unbounded" /> +					</xs:sequence> +				</xs:complexType> +			</xs:element> +		</xs:sequence> +		<xs:attribute name="version" type="gvVersionType" use="required" /> +		<xs:anyAttribute namespace="##any" processContents="lax" /> +	</xs:complexType> +	<xs:complexType name="pvpPrincipalType"> +		<xs:sequence> +			<xs:element name="userId" type="xs:string" /> +			<xs:element name="cn" type="xs:string" /> +			<xs:element name="gvOuId" type="xs:string" /> +			<xs:element name="ou" type="xs:string" /> +			<xs:element name="gvOuOKZ" type="xs:string" minOccurs="0" /> +			<xs:element name="gvSecClass" type="gvSecClassType" minOccurs="0" /> +			<xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"> +				<xs:annotation> +					<xs:documentation>additional principal attributes</xs:documentation> +				</xs:annotation> +			</xs:any> +		</xs:sequence> +		<xs:anyAttribute namespace="##any" processContents="lax" /> +	</xs:complexType> +	<xs:simpleType name="gvSecClassType"> +		<xs:restriction base="xs:integer"> +			<xs:enumeration value="0" /> +			<xs:enumeration value="1" /> +			<xs:enumeration value="2" /> +			<xs:enumeration value="3" /> +		</xs:restriction> +	</xs:simpleType> +	<xs:simpleType name="gvVersionType"> +		<xs:restriction base="xs:string"> +			<xs:enumeration value="1.0" /> +			<xs:enumeration value="1.1" /> +			<xs:enumeration value="1.2" /> +			<xs:enumeration value="1.8" /> +			<xs:enumeration value="1.9" /> +		</xs:restriction> +	</xs:simpleType> +	<xs:simpleType name="logLevelType"> +		<xs:restriction base="xs:integer"> +			<xs:enumeration value="0" /> +			<xs:enumeration value="1" /> +			<xs:enumeration value="2" /> +			<xs:enumeration value="3" /> +			<xs:enumeration value="4" /> +			<xs:enumeration value="5" /> +		</xs:restriction> +	</xs:simpleType> +</xs:schema> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_ecdsa.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_ecdsa.xsd new file mode 100644 index 00000000..87ee80be --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_ecdsa.xsd @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xs:schema elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema" +           targetNamespace="http://www.w3.org/2001/04/xmldsig-more#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#"> +    <xs:element name="ECDSAKeyValue" type="ecdsa:ECDSAKeyValueType" /> +    <xs:complexType name="ECDSAKeyValueType"> +        <xs:sequence> +            <xs:element name="DomainParameters" type="ecdsa:DomainParamsType" +                        minOccurs="0" /> +            <xs:element name="PublicKey" type="ecdsa:ECPointType" /> +        </xs:sequence> +    </xs:complexType> +    <xs:complexType name="DomainParamsType"> +        <xs:sequence> +            <xs:element name="NamedCurve" minOccurs="0" +                        type="ecdsa:NamedCurveType" /> +        </xs:sequence> +    </xs:complexType> +    <xs:complexType name="NamedCurveType"> +        <xs:attribute name="URN" type="xs:string" use="required" /> +    </xs:complexType> +    <xs:complexType name="ECPointType"> +        <xs:sequence minOccurs="0"> +            <xs:element name="X" type="ecdsa:PrimeFieldElemType" /> +            <xs:element name="Y" type="ecdsa:PrimeFieldElemType" /> +        </xs:sequence> +    </xs:complexType> +    <xs:complexType name="PrimeFieldElemType"> +        <xs:attribute name="Value" type="xs:string" use="required" /> +    </xs:complexType> +</xs:schema>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_persondata.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_persondata.xsd new file mode 100644 index 00000000..3c9ac932 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_persondata.xsd @@ -0,0 +1,54 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xs:schema elementFormDefault="qualified" xmlns:pd="http://reference.e-government.gv.at/namespace/persondata/20020228#" +	targetNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xs="http://www.w3.org/2001/XMLSchema"> +  <xs:complexType name="PhysicalPersonType"> +    <xs:sequence> +      <xs:element minOccurs="0" name="Identification" type="pd:IdentificationType" /> +      <xs:element minOccurs="1" name="Name" type="pd:PersonNameType" /> +      <xs:element minOccurs="0" name="AlternativeName" type="pd:AlternativeNameType" /> +      <xs:element minOccurs="0" name="Sex" type="xs:string" /> +      <xs:element minOccurs="0" name="DateOfBirth" type="xs:string" /> +      <xs:element minOccurs="0" name="PlaceOfBirth" type="xs:string" /> +      <xs:element minOccurs="0" name="CountryOfBirth" type="xs:string" /> +      <xs:element minOccurs="0" name="Nationality" type="xs:string" /> +    </xs:sequence> +  </xs:complexType> +  <xs:complexType name="IdentificationType"> +    <xs:sequence> +      <xs:element minOccurs="0" name="Value" type="xs:string" /> +      <xs:element minOccurs="0" name="Type" type="xs:string" /> +    </xs:sequence> +  </xs:complexType> +  <xs:complexType name="PersonNameType"> +    <xs:sequence> +      <xs:element minOccurs="0" name="PrefixedDegree" type="xs:string" /> +      <xs:element name="GivenName" type="xs:string" nillable="true" /> +      <xs:element name="FamilyName" type="xs:string" nillable="true" /> +      <xs:element minOccurs="0" name="SuffixedDegree" type="xs:string" /> +    </xs:sequence> +  </xs:complexType> +  <xs:complexType name="AlternativeNameType"> +    <xs:sequence> +      <xs:element name="FamilyName" type="xs:string" nillable="true" /> +    </xs:sequence> +  </xs:complexType> +  <xs:complexType name="PostalAddressType"> +    <xs:sequence> +      <xs:element minOccurs="0" name="PostalCode" type="xs:string" /> +      <xs:element minOccurs="0" name="Municipality" type="xs:string" /> +      <xs:element minOccurs="0" name="Locality" type="xs:string" /> +      <xs:element minOccurs="0" name="StateCode3" type="xs:string" /> +      <xs:element minOccurs="0" name="DeliveryAddress" type="pd:DeliveryAddressType" /> +      <xs:element minOccurs="0" name="HistoricRecord" type="xs:boolean" /> +    </xs:sequence> +  </xs:complexType> +  <xs:complexType name="DeliveryAddressType"> +    <xs:sequence> +      <xs:element minOccurs="0" name="AddressLine" type="xs:string" /> +      <xs:element minOccurs="0" name="StreetName" type="xs:string" /> +      <xs:element minOccurs="0" name="BuildingNumber" type="xs:string" /> +      <xs:element minOccurs="0" name="Unit" type="xs:string" /> +      <xs:element minOccurs="0" name="DoorNumber" type="xs:string" /> +    </xs:sequence> +  </xs:complexType> +</xs:schema>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_pvp_sec.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_pvp_sec.xsd new file mode 100644 index 00000000..5001c1b8 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_pvp_sec.xsd @@ -0,0 +1,10 @@ +<xs:schema xmlns:pvp="http://egov.gv.at/pvp1.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://schemas.xmlsoap.org/ws/2002/04/secext" elementFormDefault="qualified"> +	<xs:import namespace="http://egov.gv.at/pvp1.xsd" schemaLocation="pvp19.xsd"/> +	<xs:element name="Security"> +		<xs:complexType> +			<xs:sequence> +				<xs:element ref="pvp:pvpToken"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element>  +</xs:schema> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-schemas.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-schemas.xml new file mode 100644 index 00000000..d40efa45 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-schemas.xml @@ -0,0 +1,54 @@ +<?xml version="1.0" encoding="UTF-8"?> +<bindings version="2.0" xmlns="http://java.sun.com/xml/ns/jaxb" +	xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" +	xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc"> + +  <bindings schemaLocation="../szr_v4/szr_v4.0.xsd"> +		<bindings node="/xsd:schema"> +			<schemaBindings> +				<package name="at.gv.util.xsd.szr_v4" /> +			</schemaBindings> +		</bindings> +	</bindings> +   +	<bindings schemaLocation="../szr/szr_ecdsa.xsd"> +		<bindings node="/xsd:schema"> +			<schemaBindings> +				<package name="at.gv.util.xsd.szr.ecdsa" /> +			</schemaBindings> +		</bindings> +	</bindings> + +	<bindings schemaLocation="../szr_v4/szr_persondata.xsd"> +		<bindings node="/xsd:schema"> +			<schemaBindings> +				<package name="at.gv.util.xsd.szr.persondata" /> +			</schemaBindings> +		</bindings> +	</bindings> + +	<bindings schemaLocation="../szr_v4/szr_pvp_sec.xsd"> +		<bindings node="/xsd:schema"> +			<schemaBindings> +				<package name="at.gv.util.xsd.szr.pvp19.sec" /> +			</schemaBindings> +		</bindings> +	</bindings> + +	<bindings schemaLocation="../szr_v4/pvp19.xsd"> +		<bindings node="/xsd:schema"> +			<schemaBindings> +				<package name="at.gv.util.xsd.szr.pvp19" /> +			</schemaBindings> +		</bindings> +	</bindings> + +  <bindings schemaLocation="../szr/szr_xmldsig.xsd"> +		<bindings node="/xsd:schema"> +			<schemaBindings> +				<package name="at.gv.util.xsd.szr.xmldsig" /> +			</schemaBindings> +		</bindings> +	</bindings> + +</bindings>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-wsdl.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-wsdl.xml new file mode 100644 index 00000000..f95c35f0 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-wsdl.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<bindings xmlns="http://java.sun.com/xml/ns/jaxws" +               xmlns:jaxb="http://java.sun.com/xml/ns/jaxb" +               xmlns:xsd="http://www.w3.org/2001/XMLSchema" +               xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"> + +  <enableWrapperStyle>false</enableWrapperStyle> +  <package name="at.gv.util.wsdl.szr_v4"/>  +      +</bindings>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0.xsd new file mode 100644 index 00000000..2d25f2dc --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0.xsd @@ -0,0 +1,443 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:szr="urn:SZRServices" xmlns:pd="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="urn:SZRServices" elementFormDefault="qualified"> +	<xs:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="szr_persondata.xsd"/> +	<xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="szr_xmldsig.xsd"/> +	<xs:element name="SZRException" type="szr:SZRException"/> +	<xs:complexType name="SZRException"/> +	<xs:complexType name="PersonInfoType"> +		<xs:sequence> +			<xs:element name="Person" type="pd:PhysicalPersonType"/> +			<xs:element name="RegularDomicile" type="pd:PostalAddressType" minOccurs="0"/> +			<xs:element name="AddressCodes" type="szr:AddressCodesType" minOccurs="0"/> +			<xs:element name="TravelDocument" type="szr:TravelDocumentType" minOccurs="0"/> +			<xs:element name="DateOfBirthWildcard" type="xs:boolean" minOccurs="0"/> +			<xs:element name="AuskunftssperreGesetzt" type="xs:boolean" minOccurs="0"/> +		</xs:sequence> +	</xs:complexType> +	<xs:complexType name="TravelDocumentType"> +		<xs:sequence> +			<xs:element name="DocumentNumber" type="xs:string" minOccurs="0"/> +			<xs:element name="DocumentType" type="xs:string" minOccurs="0"/> +			<xs:element name="IssueDate" type="xs:string" minOccurs="0"/> +			<xs:element name="IssuingAuthority" type="xs:string" minOccurs="0"/> +			<xs:element name="IssuingCountry" type="xs:string" minOccurs="0"/> +		</xs:sequence> +	</xs:complexType> +	<xs:complexType name="AddressCodesType"> +		<xs:sequence> +			<xs:element name="GKZ" type="xs:string" minOccurs="0"/> +			<xs:element name="OKZ" type="xs:string" minOccurs="0"/> +			<xs:element name="SKZ" type="xs:string" minOccurs="0"/> +			<xs:element name="ADRCD" type="xs:string" minOccurs="0"/> +			<xs:element name="SUBCD" type="xs:string" minOccurs="0"/> +			<xs:element name="OBJNR" type="xs:string" minOccurs="0"/> +			<xs:element name="NTZLNR" type="xs:string" minOccurs="0"/> +		</xs:sequence> +	</xs:complexType> +	<xs:element name="TransformBPK"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="PersonInfo" type="szr:PersonInfoType"/> +				<xs:element name="InputBPK" type="xs:string"/> +				<xs:element name="InputBereichsKennung" type="xs:string"/> +				<xs:element name="Begruendung" type="xs:string"/> +				<xs:element name="Target" type="szr:FremdBPKRequestType" maxOccurs="unbounded"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="TransformBPKResponse"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="TransformBPKReturn" type="szr:FremdBPKType" maxOccurs="unbounded"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="GetVKZPermission"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="VKZ" type="xs:string"/> +				<xs:element name="BereichsKennung" type="xs:string"/> +				<xs:element name="ParticipantId" type="xs:string" minOccurs="0"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="GetVKZPermissionResponse"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="GetVKZPermissionReturn" type="szr:GetVKZPermissionResponseType"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:complexType name="IdentityLinkType"> +		<xs:sequence> +			<xs:element name="PersonInfo" type="szr:PersonInfoType"/> +			<xs:element name="Assertion" type="xs:anyType"/> +			<xs:element name="AdditionalInfo" type="xs:string" minOccurs="0"/> +		</xs:sequence> +	</xs:complexType> +	<xs:complexType name="ResultRecord"> +		<xs:sequence> +			<xs:element name="PersonInfo" type="szr:PersonInfoType"/> +			<xs:element name="Register" type="xs:string"/> +			<xs:element name="bPK" type="xs:string"/> +			<xs:element name="FremdBPK" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/> +		</xs:sequence> +	</xs:complexType> +	<xs:complexType name="GetBPKKombiRequestType"> +		<xs:sequence> +			<xs:element name="PersonInfo" type="szr:PersonInfoType"/> +			<xs:element name="InsertERnP" minOccurs="0"> +				<xs:simpleType> +					<xs:restriction base="xs:string"> +						<xs:enumeration value="NoInsert"/> +						<xs:enumeration value="InsertOnNoMatch"/> +						<xs:enumeration value="ForceInsert"/> +					</xs:restriction> +				</xs:simpleType> +			</xs:element> +			<xs:element name="Suchwizard" type="xs:boolean" minOccurs="0"/> +			<xs:element name="VKZ" type="xs:string" nillable="true"/> +			<xs:element name="BehoerdenKennzeichen" type="xs:string" minOccurs="0"/> +			<xs:element name="BereichsKennung" type="xs:string" minOccurs="0"/> +			<xs:element name="Target" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/> +			<xs:element name="Sessionid" type="xs:string" minOccurs="0"/> +		</xs:sequence> +	</xs:complexType> +	<xs:complexType name="GetBPKKombiResponseType"> +		<xs:complexContent> +			<xs:extension base="szr:GetBPKZPVResponseType"> +				<xs:sequence> +					<xs:element name="FoundWithSuchwizard" type="xs:boolean"/> +					<xs:element name="Sessionid" type="xs:string"/> +				</xs:sequence> +			</xs:extension> +		</xs:complexContent> +	</xs:complexType> +	<xs:complexType name="GetBPKZPVRequestType"> +		<xs:sequence> +			<xs:element name="PersonInfo" type="szr:PersonInfoType"/> +			<xs:element name="InsertERnP" type="xs:boolean" default="false" minOccurs="0"/> +			<xs:element name="VKZ" type="xs:string" minOccurs="1"/> +			<xs:element name="BehoerdenKennzeichen" type="xs:string" minOccurs="0"/> +			<xs:element name="BereichsKennung" type="xs:string" minOccurs="0"/> +			<xs:element name="Target" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/> +		</xs:sequence> +	</xs:complexType> +	<xs:complexType name="GetBPKZPVResponseType"> +		<xs:sequence> +			<xs:element name="ResultRecord" type="szr:ResultRecord" maxOccurs="unbounded"/> +			<xs:element name="InsertERnPResult" type="xs:boolean"/> +		</xs:sequence> +	</xs:complexType> +	<xs:complexType name="GetBPKFromStammzahlEncryptedRequestType"> +		<xs:sequence> +			<xs:element name="StammzahlEncrypted" type="xs:string" minOccurs="1"/> +			<xs:element name="PersonInfo" type="szr:PersonInfoType" minOccurs="0"/> +			<xs:element name="VKZ" type="xs:string" minOccurs="1"/> +			<xs:element name="BereichsKennung" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> +			<xs:element name="Target" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/> +		</xs:sequence> +		<xs:attribute name="key"/> +	</xs:complexType> +	<xs:complexType name="GetBPKFromStammzahlEncryptedResponseType"> +		<xs:sequence> +			<xs:element name="bPK" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> +			<xs:element name="FremdBPK" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/> +			<xs:element name="Fault" type="szr:Fault" minOccurs="0"/> +		</xs:sequence> +		<xs:attribute name="key"/> +	</xs:complexType> +	<xs:complexType name="Fault"> +		<xs:attribute name="Code" type="xs:string"/> +		<xs:attribute name="String" type="xs:string"/> +	</xs:complexType> +	<xs:complexType name="SignContentResponseType"> +		<xs:sequence> +			<xs:element name="JwsAlg" type="xs:string" minOccurs="0"/> +			<xs:element name="Out" type="szr:SignContentEntry" minOccurs="0" maxOccurs="unbounded"/> +		</xs:sequence> +	</xs:complexType> +	<xs:complexType name="SignContentEntry"> +		<xs:simpleContent> +			<xs:extension base="xs:string"> +				<xs:attribute name="key"/> +			</xs:extension> +		</xs:simpleContent> +	</xs:complexType> +	<xs:element name="GetIdentityLink"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="PersonInfo" type="szr:PersonInfoType"/> +				<xs:element name="KeyValue" type="dsig:KeyValueType" minOccurs="0" maxOccurs="unbounded"/> +				<xs:element name="InsertERnP" type="xs:boolean" minOccurs="0"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="GetIdentityLinkResponse"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="GetIdentityLinkReturn" type="szr:IdentityLinkType"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="GetIdentityLinkEidas"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="PersonInfo" type="szr:PersonInfoType"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="GetIdentityLinkEidasResponse"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="GetIdentityLinkReturn" type="szr:IdentityLinkType"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="GetBPK"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="PersonInfo" type="szr:PersonInfoType"/> +				<xs:element name="BereichsKennung" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> +				<xs:element name="VKZ" type="xs:string" minOccurs="0"/> +				<xs:element name="Target" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/> +				<xs:element name="ListMultiplePersons" type="xs:boolean" minOccurs="0"/> +				<xs:element name="InsertERnP" type="xs:boolean" minOccurs="0"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="GetBPKResponse"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="GetBPKReturn" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> +				<xs:element name="FremdBPK" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/> +				<xs:element name="PersonInfo" type="szr:PersonInfoType" minOccurs="0" maxOccurs="5"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="GetBPKs"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="PersonInfo" type="szr:PersonInfoType" maxOccurs="unbounded"/> +				<xs:element name="BereichsKennung" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> +				<xs:element name="VKZ" type="xs:string"/> +				<xs:element name="Target" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="GetBPKsResponse"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="ResultRecord" type="szr:GetBPKsResponseType" maxOccurs="unbounded"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:complexType name="GetBPKsResponseType"> +		<xs:sequence> +			<xs:element name="BPK" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> +			<xs:element name="FremdBPK" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/> +			<xs:element name="Fault" minOccurs="0"> +				<xs:complexType> +					<xs:attribute name="Code" type="xs:string"/> +					<xs:attribute name="String" type="xs:string"/> +				</xs:complexType> +			</xs:element> +		</xs:sequence> +	</xs:complexType> +	<xs:element name="GetBPKKombi"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="GetBPKKombiRequest" type="szr:GetBPKKombiRequestType"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="GetBPKKombiResponse"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="GetBPKKombiResponse" type="szr:GetBPKKombiResponseType"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="GetBPKZPV"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="GetBPKZPVRequest" type="szr:GetBPKZPVRequestType"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="GetBPKZPVResponse"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="GetBPKZPVResponse" type="szr:GetBPKZPVResponseType"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="GetBPKFromStammzahlEncrypted"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="In" type="szr:GetBPKFromStammzahlEncryptedRequestType" maxOccurs="unbounded"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="GetBPKFromStammzahlEncryptedResponse"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="Out" type="szr:GetBPKFromStammzahlEncryptedResponseType" maxOccurs="unbounded"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="SignContent"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="AppendCert" type="xs:boolean" default="false" minOccurs="0"/> +				<xs:element name="JWSHeaderParam" type="szr:JwsHeaderParam" minOccurs="0" maxOccurs="unbounded"/> +				<xs:element name="In" type="szr:SignContentEntry" minOccurs="0" maxOccurs="unbounded"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:complexType name="JwsHeaderParam"> +		<xs:attribute name="key" type="xs:string" use="required"/> +		<xs:attribute name="value" type="xs:string" use="required"/> +	</xs:complexType> +	<xs:element name="SignContentResponse"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="SignContentResponse" type="szr:SignContentResponseType"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="ValidateIdentityLink"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="IdentityLink" type="szr:IdentityLinkType"/> +				<xs:element name="BereichsKennung" type="xs:string"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="ValidateIdentityLinkResponse"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="ValidateIdentityLinkReturn" type="xs:string"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="BPKzuBasiszahl"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="Bereich" type="xs:string"/> +				<xs:element name="BPK" type="xs:string"/> +				<xs:element name="BasisZahl" type="xs:string" maxOccurs="unbounded"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="BPKzuBasiszahlResponse"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="BPKzuBasiszahlReturn" type="xs:string"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:complexType name="FremdBPKRequestType"> +		<xs:sequence> +			<xs:element name="BereichsKennung" type="xs:string"/> +			<xs:element name="VKZ" type="xs:string"/> +		</xs:sequence> +	</xs:complexType> +	<xs:complexType name="FremdBPKType"> +		<xs:sequence> +			<xs:element name="BereichsKennung" type="xs:string"/> +			<xs:element name="FremdBPK" type="xs:string"/> +		</xs:sequence> +	</xs:complexType> +	<xs:complexType name="GetVKZPermissionResponseType"> +		<xs:sequence> +			<xs:element name="isAllowed" type="xs:boolean"/> +			<xs:element name="behSchluessel" type="xs:string" minOccurs="0"/> +		</xs:sequence> +	</xs:complexType> +	<xs:element name="BasiszahlZuBPK"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="VKZ" type="xs:string" minOccurs="0"/> +				<xs:element name="BasisZahl" type="xs:string" maxOccurs="unbounded"/> +				<xs:element name="Bereich" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> +				<xs:element name="FremdBPKTargets" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:complexType name="BasiszahlZuBPKReturnType"> +		<xs:sequence> +			<xs:element name="BPK" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> +			<xs:element name="FremdBPKs" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/> +		</xs:sequence> +	</xs:complexType> +	<xs:element name="BasiszahlZuBPKResponse"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="BasiszahlZuBPKReturn" type="szr:BasiszahlZuBPKReturnType" maxOccurs="unbounded"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="ZMRAnwendungsIntegration"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="Bereich" type="xs:string"/> +				<xs:element name="FremdBPKTargets" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/> +				<xs:element name="ZMRfremdbPK" type="xs:string" maxOccurs="unbounded"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:complexType name="ZMRAnwendungsIntegrationReturnType"> +		<xs:sequence> +			<xs:element name="BPK" type="xs:string"/> +			<xs:element name="FremdBPKs" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/> +		</xs:sequence> +	</xs:complexType> +	<xs:element name="ZMRAnwendungsIntegrationResponse"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="ZMRAnwendungsIntegrationReturn" type="szr:ZMRAnwendungsIntegrationReturnType" maxOccurs="unbounded"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="GetStammzahl"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="PersonInfo" type="szr:PersonInfoType"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="GetStammzahlResponse"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="Stammzahl" type="xs:string"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="GetStammzahlEncrypted"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="PersonInfo" type="szr:PersonInfoType"/> +				<xs:element name="InsertERnP" type="xs:boolean" minOccurs="0"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="GetStammzahlEncryptedResponse"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="Stammzahl" type="xs:string"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +	<xs:element name="GetVersion" nillable="true"/> +	<xs:element name="GetVersionResponse"> +		<xs:complexType> +			<xs:sequence> +				<xs:element name="Version" type="xs:string"/> +				<xs:element name="Revision" type="xs:string"/> +				<xs:element name="Time" type="xs:string"/> +				<xs:element name="IdentityLinkNotAfter" type="xs:string"/> +			</xs:sequence> +		</xs:complexType> +	</xs:element> +</xs:schema> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_xmldsig.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_xmldsig.xsd new file mode 100644 index 00000000..96b50b40 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_xmldsig.xsd @@ -0,0 +1,31 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xs:schema elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" +           targetNamespace="http://www.w3.org/2000/09/xmldsig#" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> +    <xs:import namespace="http://www.w3.org/2001/04/xmldsig-more#" schemaLocation="szr_ecdsa.xsd"/> +    <xs:complexType name="KeyValueType"> +        <xs:sequence> +            <xs:element name="DSAKeyValue" minOccurs="0" +                        type="dsig:DSAKeyValueType" /> +            <xs:element name="RSAKeyValue" minOccurs="0" +                        type="dsig:RSAKeyValueType" /> +            <xs:element ref="ecdsa:ECDSAKeyValue" /> +        </xs:sequence> +    </xs:complexType> +    <xs:complexType name="DSAKeyValueType"> +        <xs:sequence> +            <xs:element name="P" minOccurs="0" type="xs:string" /> +            <xs:element name="Q" minOccurs="0" type="xs:string" /> +            <xs:element name="J" minOccurs="0" type="xs:string" /> +            <xs:element name="G" minOccurs="0" type="xs:string" /> +            <xs:element name="Y" minOccurs="0" type="xs:string" /> +            <xs:element name="PgenCounter" minOccurs="0" type="xs:string" /> +            <xs:element name="Seed" minOccurs="0" type="xs:string" /> +        </xs:sequence> +    </xs:complexType> +    <xs:complexType name="RSAKeyValueType"> +        <xs:sequence> +            <xs:element name="Modulus" minOccurs="0" type="xs:string" /> +            <xs:element name="Exponent" minOccurs="0" type="xs:string" /> +        </xs:sequence> +    </xs:complexType> +</xs:schema> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java index fca548b7..d9275089 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java @@ -19,17 +19,20 @@   * file for details on the various modules and licenses.   * The "NOTICE" text file is part of the distribution. Any derivative works   * that you distribute must include a readable copy of the "NOTICE" text file. -*/ + */  package at.asitplus.eidas.specific.modules.auth.eidas.v2.test;  import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyList;  import static org.mockito.Mockito.when;  import java.io.IOException;  import java.security.InvalidKeyException;  import java.security.MessageDigest;  import java.security.NoSuchProviderException; +import java.util.Arrays; +import java.util.List;  import javax.xml.bind.JAXBContext;  import javax.xml.bind.JAXBException; @@ -37,6 +40,7 @@ import javax.xml.bind.Unmarshaller;  import javax.xml.parsers.ParserConfigurationException;  import javax.xml.ws.soap.SOAPFaultException; +import org.apache.commons.lang3.RandomStringUtils;  import org.apache.commons.lang3.StringUtils;  import org.apache.cxf.binding.soap.SoapFault;  import org.junit.Assert; @@ -70,12 +74,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafParserException;  import at.gv.egiz.eaaf.core.impl.data.Triple;  import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;  import at.gv.egiz.eaaf.core.impl.utils.DomUtils; -import szrservices.GetIdentityLinkEidasResponse; -import szrservices.IdentityLinkType; -import szrservices.PersonInfoType; -import szrservices.SZR; -import szrservices.SZRException_Exception; -import szrservices.TravelDocumentType; +import szrservices.*;  @RunWith(SpringJUnit4ClassRunner.class)  @ContextConfiguration("/SpringTest-context_tasks_test.xml") @@ -91,12 +90,11 @@ public class SzrClientTest {    private static final String familyName = "Mustermann";    private static final String dateOfBirth = "1989-05-05";    private static final String eIDASeID = "IS/AT/1234sdgsdfg56789ABCDEF"; -    private static final String DUMMY_TARGET = EaafConstants.URN_PREFIX_CDID + "ZP";    /**     * jUnit class initializer. -   *  +   *     * @throws IOException In case of an error     */    @BeforeClass @@ -109,6 +107,49 @@ public class SzrClientTest {    @Rule    public SoapServiceRule soap = SoapServiceRule.newInstance(); + + +  @Test +public void getStammzahlenEcryptedTest() throws JAXBException, SZRException_Exception { +    SZR szrMock = soap.mock(SZR.class, "hhttp://localhost:1234/demoszr"); + +    final GetBPKFromStammzahlEncryptedResponse szrResponse = new GetBPKFromStammzahlEncryptedResponse(); +    final GetBPKFromStammzahlEncryptedResponseType result1 = new GetBPKFromStammzahlEncryptedResponseType(); +    szrResponse.getOut().add(result1); + +    when(szrMock.getBPKFromStammzahlEncrypted(anyList())) +        .thenReturn(Arrays.asList(result1)); + +//    szrMock.getStammzahlEncrypted() TODO ??? +  } + +  @Test +  public void getBcBindValid() throws SZRException_Exception, SzrCommunicationException { +    SZR szrMock = soap.mock(SZR.class, "http://localhost:1234/demoszr"); + +    final SignContentResponse szrResponse = new SignContentResponse(); +    final SignContentEntry result1 = new SignContentEntry(); +    final SignContentResponseType content = new SignContentResponseType(); +    content.getOut().add(result1); +    szrResponse.setSignContentResponse(content); + +    result1.setKey("bcBindReq"); +    result1.setValue(RandomStringUtils.randomAlphanumeric(100)); + +    when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(content); + +    final String bcBind = szrClient.getBcBind( +        RandomStringUtils.randomAlphabetic(10), +        RandomStringUtils.randomAlphabetic(10), +        RandomStringUtils.randomAlphabetic(10)); + +    Assert.assertNotNull("bcBind is null", bcBind); +    Assert.assertEquals("bcBind not match", result1.getValue(), bcBind); + + +  } + +    @Test    public void getIdentityLinkRawModeValidResponse() throws SZRException_Exception, EaafParserException,        NoSuchProviderException, IOException, InvalidKeyException, EidasSAuthenticationException, JAXBException { @@ -164,7 +205,7 @@ public class SzrClientTest {        checkElement("p344:F455", ((SOAPFaultException) e.getCause()).getFault().getFaultCode());        checkElement(            "The travel document you sent to insert a person already exists for another person. " -          + "Either check the document or have the person altered accordingly", +              + "Either check the document or have the person altered accordingly",            ((SOAPFaultException) e.getCause()).getFault().getFaultString());      } @@ -174,13 +215,18 @@ public class SzrClientTest {    @Ignore    @Test    public void getBpkTest() throws SZRException_Exception, EidasSAuthenticationException { -    final String bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET, +    final List<String> bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET,          basicConfig.getBasicConfiguration(              Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ,              "no VKZ defined")); -    if (StringUtils.isEmpty(bPK)) { -      throw new SzrCommunicationException("ernb.01", new Object[] { "bPK is null or empty" }); +    if (bPK.isEmpty()) { +      throw new SzrCommunicationException("ernb.01", new Object[]{"bPK list is empty"}); +    } +    for (String b : bPK) { +      if (StringUtils.isEmpty(b)) { +        throw new SzrCommunicationException("ernb.01", new Object[]{"bPK is null or empty"}); +      }      }    } @@ -217,7 +263,7 @@ public class SzrClientTest {      final javax.xml.namespace.QName qName = new javax.xml.namespace.QName("urn:SZRServices", "F455", "p344");      final SoapFault fault = new SoapFault(          "The travel document you sent to insert a person already exists for another person. " -        + "Either check the document or have the person altered accordingly", +            + "Either check the document or have the person altered accordingly",          qName);      fault.setRole("urn:SZRServices");      fault.setDetail(detailerror); @@ -233,7 +279,7 @@ public class SzrClientTest {        return hashBase64;      } catch (final Exception ex) { -      throw new EidasSAuthenticationException("internal.03", new Object[] {}, ex); +      throw new EidasSAuthenticationException("internal.03", new Object[]{}, ex);      }    } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java index 2f6a989e..a30ea2a0 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java @@ -27,6 +27,7 @@ import java.io.IOException;  import java.security.InvalidKeyException;  import java.security.MessageDigest;  import java.security.NoSuchProviderException; +import java.util.List;  import org.apache.commons.lang3.StringUtils;  import org.junit.Ignore; @@ -132,13 +133,18 @@ public class SzrClientTestProduction {    @Ignore    @Test    public void getBpkTest() throws SZRException_Exception, EidasSAuthenticationException { -    final String bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET, +    final List<String> bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET,          basicConfig.getBasicConfiguration(              Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ,              "no VKZ defined")); -    if (StringUtils.isEmpty(bPK)) { -      throw new SzrCommunicationException("ernb.01", new Object[] { "bPK is null or empty" }); +    if (bPK.isEmpty()) { +      throw new SzrCommunicationException("ernb.01", new Object[]{"bPK list is empty"}); +    } +    for (String b : bPK) { +      if (StringUtils.isEmpty(b)) { +        throw new SzrCommunicationException("ernb.01", new Object[]{"bPK is null or empty"}); +      }      }    } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewSimpleTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewSimpleTest.java new file mode 100644 index 00000000..6eeb437d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewSimpleTest.java @@ -0,0 +1,119 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService; +import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import com.google.common.collect.ImmutableMap; +import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse; +import lombok.val; +import org.joda.time.DateTime; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.powermock.modules.junit4.PowerMockRunner; +import org.powermock.modules.junit4.PowerMockRunnerDelegate; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import java.io.IOException; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.util.HashMap; +import java.util.Map; + +import static org.mockito.ArgumentMatchers.any; +import static org.powermock.api.mockito.PowerMockito.doReturn; +import static org.powermock.api.mockito.PowerMockito.spy; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_tasks_test.xml") +@DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS) +@PrepareForTest(CreateIdentityLinkTask.class) +public class CreateIdentityLinkTaskEidNewSimpleTest { + + +  @Autowired(required = true) +  private CreateIdentityLinkTask task; +  @Autowired(required = true) +  private DummySpecificCommunicationService commService; +  @Autowired(required = true) +  private IConfiguration basicConfig; +  @Autowired +  protected EidasAttributeRegistry attrRegistry; + +  final ExecutionContext executionContext = new ExecutionContextImpl(); +  private MockHttpServletRequest httpReq; +  private MockHttpServletResponse httpResp; +  private TestRequestImpl pendingReq; +  private DummySpConfiguration oaParam; + +  /** +   * jUnit class initializer. +   * +   * @throws IOException In case of an error +   */ +  @BeforeClass +  public static void classInitializer() throws IOException { +    final String current = new java.io.File(".").toURI().toString(); +    System.setProperty("eidas.ms.configuration", current +        + "src/test/resources/config/junit_config_3.properties"); + +  } + +  /** +   * jUnit test set-up. +   */ +  @Before +  public void setUp() throws EaafStorageException { + +    httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); +    httpResp = new MockHttpServletResponse(); +    RequestContextHolder.resetRequestAttributes(); +    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + +    final Map<String, String> spConfig = new HashMap<>(); +    spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); +    spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); +    oaParam = new DummySpConfiguration(spConfig, basicConfig); +    pendingReq = new TestRequestImpl(); +    val b = new AuthenticationResponse.Builder(); +    val response = b.id("aasdf").issuer("asd").subject("asf").statusCode("200").inResponseTo("asdf").subjectNameIdFormat("afaf").build(); + +    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); +    pendingReq.setSpConfig(oaParam); +    pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); +    pendingReq.setAuthUrl("http://test.com/"); + +    executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "XX"); +  } + +  @Test +  public void getPkFromKeystoreTest() throws NoSuchMethodException, InvocationTargetException, IllegalAccessException { + +    Method method = CreateIdentityLinkTask.class.getDeclaredMethod("getPkFromKeystore"); +    method.setAccessible(true); +    String returnValue = (String) method.invoke(task); +  } +} + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java new file mode 100644 index 00000000..185181dd --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java @@ -0,0 +1,217 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeEidProcessor; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService; +import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSortedSet; +import com.google.common.collect.Maps; +import com.skjolberg.mockito.soap.SoapServiceRule; +import eu.eidas.auth.commons.EIDASStatusCode; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.AttributeValueMarshaller; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.attribute.PersonType; +import eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller; +import eu.eidas.auth.commons.attribute.impl.StringAttributeValueMarshaller; +import eu.eidas.auth.commons.light.ILightRequest; +import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.auth.commons.light.impl.LightRequest; +import eu.eidas.auth.commons.light.impl.LightResponse; +import eu.eidas.auth.commons.light.impl.ResponseStatus; +import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse; +import eu.eidas.specificcommunication.exception.SpecificCommunicationException; +import lombok.val; +import org.apache.commons.codec.binary.Hex; +import org.apache.commons.lang3.RandomStringUtils; +import org.apache.commons.lang3.StringUtils; +import org.jetbrains.annotations.NotNull; +import org.joda.time.DateTime; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.internal.builders.JUnit3Builder; +import org.junit.runner.RunWith; +import org.mockito.ArgumentMatchers; +import org.mockito.Mockito; +import org.mockito.Spy; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.powermock.modules.junit4.PowerMockRunner; +import org.powermock.modules.junit4.PowerMockRunnerDelegate; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; +import szrservices.SZR; +import szrservices.SZRException_Exception; + +import javax.xml.namespace.QName; +import java.io.IOException; +import java.net.URI; +import java.net.URISyntaxException; +import java.util.HashMap; +import java.util.Map; +import java.util.Random; + +import static org.mockito.ArgumentMatchers.any; +import static org.powermock.api.mockito.PowerMockito.*; + +@RunWith(SpringJUnit4ClassRunner.class) +//@RunWith(PowerMockRunner.class) +//@PowerMockRunnerDelegate(SpringJUnit4ClassRunner.class) +@PrepareForTest(CreateIdentityLinkTask.class) +@DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS) +@ContextConfiguration("/SpringTest-context_tasks_test.xml") +public class CreateIdentityLinkTaskEidNewTest { + + +  @Autowired(required = true) +  private CreateIdentityLinkTask task; +  @Autowired(required = true) +  private DummySpecificCommunicationService commService; +  @Autowired(required = true) +  private IConfiguration basicConfig; +  @Autowired +  protected EidasAttributeRegistry attrRegistry; + +  final ExecutionContext executionContext = new ExecutionContextImpl(); +  private MockHttpServletRequest httpReq; +  private MockHttpServletResponse httpResp; +  private TestRequestImpl pendingReq; +  private DummySpConfiguration oaParam; +  private SZR szrMock; +  final SoapServiceRule soap = SoapServiceRule.newInstance(); + +  /** +   * jUnit class initializer. +   * +   * @throws IOException In case of an error +   */ +  @BeforeClass +  public static void classInitializer() throws IOException { +    final String current = new java.io.File(".").toURI().toString(); +    System.setProperty("eidas.ms.configuration", current +        + "src/test/resources/config/junit_config_3.properties"); + +  } + +  /** +   * jUnit test set-up. +   */ +  @Before +  public void setUp() throws EaafStorageException, URISyntaxException { + +    httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); +    httpResp = new MockHttpServletResponse(); +    RequestContextHolder.resetRequestAttributes(); +    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + +    final Map<String, String> spConfig = new HashMap<>(); +    spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); +    spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); +    spConfig.put("eidMode", "new"); +    oaParam = new DummySpConfiguration(spConfig, basicConfig); +    pendingReq = new TestRequestImpl(); + +    AuthenticationResponse response = buildDummyAuthResponse(); + + +    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); +    pendingReq.setSpConfig(oaParam); +    pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); +    pendingReq.setAuthUrl("http://test.com/"); + +    executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "XX"); + +    szrMock = soap.mock(SZR.class, "http://localhost:2526/szrService"); +  } + +  @NotNull +  private AuthenticationResponse buildDummyAuthResponse() throws URISyntaxException { +    AttributeDefinition attributeDef = AttributeDefinition.builder().friendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER) +        .nameUri(new URI("ad", "sd", "ff")).personType(PersonType.LEGAL_PERSON) +        .xmlType(new QName("http://saf", "as", "af")) +        .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); +    AttributeDefinition attributeDef2 = AttributeDefinition.builder().friendlyName(Constants.eIDAS_ATTR_CURRENTFAMILYNAME) +        .nameUri(new URI("ad", "sd", "fff")).personType(PersonType.LEGAL_PERSON) +        .xmlType(new QName("http://saf", "as", "aff")) +        .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); +    AttributeDefinition attributeDef3 = AttributeDefinition.builder().friendlyName(Constants.eIDAS_ATTR_CURRENTGIVENNAME) +        .nameUri(new URI("ad", "sd", "ffff")).personType(PersonType.LEGAL_PERSON) +        .xmlType(new QName("http://saf", "as", "afff")) +        .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); +    AttributeDefinition attributeDef4 = AttributeDefinition.builder().friendlyName(Constants.eIDAS_ATTR_DATEOFBIRTH) +        .nameUri(new URI("ad", "sd", "fffff")).personType(PersonType.LEGAL_PERSON) +        .xmlType(new QName("http://saf", "as", "affff")) +        .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller").build(); + +    ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder().put(attributeDef, "de/st/" + RandomStringUtils.randomNumeric(64)) +        .put(attributeDef2, RandomStringUtils.randomAlphabetic(10)) +        .put(attributeDef3, RandomStringUtils.randomAlphabetic(10)) +        .put(attributeDef4, "2001-01-01") +        .build(); + + +    val b = new AuthenticationResponse.Builder(); +    return b.id("aasdf").issuer("asd").subject("asf").statusCode("200").inResponseTo("asdf") +        .subjectNameIdFormat("afaf").attributes(attributeMap).build(); +  } + +  @Test(expected = RuntimeException.class) +  public void firstTest() { +    // keystore password f/+saJBc3a}*/T^s +    try { + +      SZR szrMock2 = Mockito.mock(SZR.class, Mockito.CALLS_REAL_METHODS); +//      when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10)); +      when(szrMock2, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10)); +      // Wie kann ich das vom Bean rein gehängte SZR mit dem Mock überschreiben? + +      task.execute(pendingReq, executionContext); +    } catch (Exception e) { +      e.printStackTrace(); +      Assert.fail(); +    } + +//    val spyTask = spy(task); +//    Map<String, Object> requiredAttributes = new HashMap<>(); +//    requiredAttributes.put(Constants.eIDAS_ATTR_PERSONALIDENTIFIER, "asdf"); +//    requiredAttributes.put(Constants.eIDAS_ATTR_CURRENTFAMILYNAME, "asdf"); +//    requiredAttributes.put(Constants.eIDAS_ATTR_CURRENTGIVENNAME, "asdf"); +//    requiredAttributes.put(Constants.eIDAS_ATTR_DATEOFBIRTH, new DateTime()); +//    requiredAttributes.put(Constants.eIDAS_ATTR_PLACEOFBIRTH, "adf"); +//    requiredAttributes.put(Constants.eIDAS_ATTR_BIRTHNAME, "adf"); +//    requiredAttributes.put(Constants.eIDAS_ATTR_CURRENTADDRESS, new PostalAddressType()); +//    try { +//    doReturn(requiredAttributes).when(spyTask, "convertEidasAttrToSimpleMap", (any(ImmutableMap.class))); +//      spyTask.execute(pendingReq, executionContext); +//    } catch (final Exception e) { +//      e.printStackTrace(); +//      Assert.fail(); +//    } +  } + +} + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties new file mode 100644 index 00000000..326e14fe --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties @@ -0,0 +1,109 @@ +## Basic service configuration +eidas.ms.context.url.prefix= +eidas.ms.context.url.request.validation=false + +eidas.ms.context.use.clustermode=true + +##Monitoring +eidas.ms.monitoring.eIDASNode.metadata.url= + + +##Specific logger configuration +eidas.ms.technicallog.write.MDS.into.techlog=true +eidas.ms.revisionlog.write.MDS.into.revisionlog=true +eidas.ms.revisionlog.logIPAddressOfUser=true + +##Directory for static Web content +eidas.ms.webcontent.static.directory=webcontent/ +eidas.ms.webcontent.templates=templates/ +eidas.ms.webcontent.properties=properties/messages + +## extended validation of pending-request Id's +eidas.ms.core.pendingrequestid.maxlifetime=300 +eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256 +eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret + +## eIDAS Ref. Implementation connector ### +eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector +eidas.ms.auth.eIDAS.node_v2.forward.endpoint=http://test.com/ +eidas.ms.auth.eIDAS.node_v2.forward.method=POST +eidas.ms.auth.eIDAS.node_v2.countrycode=AT +eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.* +eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true +eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true +eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true +eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs=myNode + +eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high + +eidas.ms.auth.eIDAS.szrclient.useTestService=true +eidas.ms.auth.eIDAS.szrclient.endpoint.prod= +eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/..... +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password= +eidas.ms.auth.eIDAS.szrclient.timeout.connection=15 +eidas.ms.auth.eIDAS.szrclient.timeout.response=30 +eidas.ms.auth.eIDAS.szrclient.params.vkz= + +eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false + + +#Raw eIDAS Id data storage +eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true + +eidas.ms.auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true +eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true + +eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true +eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false + +##without mandates +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.3=DateOfBirth,true + +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.4=PlaceOfBirth,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.5=BirthName,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.6=Gender,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.7=CurrentAddress,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.8=testtest,false + +##with mandates ---- NOT FULLY SUPPORTED AT THE MOMENT ----- +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.3=DateOfBirth,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true + + +## PVP2 S-Profile end-point configuration +eidas.ms.pvp2.keystore.path=keys/..... +eidas.ms.pvp2.keystore.password= +eidas.ms.pvp2.key.metadata.alias= +eidas.ms.pvp2.key.metadata.password= +eidas.ms.pvp2.key.signing.alias= +eidas.ms.pvp2.key.signing.password= +eidas.ms.pvp2.metadata.validity=24 + +## Service Provider configuration +eidas.ms.sp.0.uniqueID= +eidas.ms.sp.0.pvp2.metadata.truststore= +eidas.ms.sp.0.pvp2.metadata.truststore.password= +eidas.ms.sp.0.eidMode=new + +#eidas.ms.sp.0.friendlyName= +#eidas.ms.sp.0.pvp2.metadata.url= +#eidas.ms.sp.0.policy.allowed.requested.targets=.* +#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false + + +##only for advanced config +eidas.ms.configuration.sp.disableRegistrationRequirement= +eidas.ms.configuration.restrictions.baseID.spTransmission= +eidas.ms.configuration.auth.default.countrycode= +eidas.ms.configuration.pvp.scheme.validation= +eidas.ms.configuration.pvp.enable.entitycategories=
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/teststore.jks b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/teststore.jksBinary files differ new file mode 100644 index 00000000..fcc6400c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/teststore.jks | 
