diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2')
16 files changed, 534 insertions, 112 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml index 7bbf826a..49e4984c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/pom.xml +++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml @@ -6,7 +6,7 @@ <parent> <groupId>at.asitplus.eidas.ms_specific</groupId> <artifactId>modules</artifactId> - <version>1.1.1-SNAPSHOT</version> + <version>1.2.2</version> </parent> <groupId>at.asitplus.eidas.ms_specific.modules</groupId> <artifactId>authmodule-eIDAS-v2</artifactId> @@ -132,6 +132,10 @@ </dependency> <dependency> <groupId>org.apache.cxf</groupId> + <artifactId>cxf-core</artifactId> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-frontend-jaxws</artifactId> </dependency> <dependency> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 70bade43..5dfc9e68 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -67,6 +67,8 @@ public class Constants { // configuration properties public static final String CONIG_PROPS_EIDAS_PREFIX = "auth.eIDAS"; + public static final String CONIG_PROPS_EIDAS_IS_TEST_IDENTITY = CONIG_PROPS_EIDAS_PREFIX + + ".eid.testidentity.default"; public static final String CONIG_PROPS_EIDAS_NODE = CONIG_PROPS_EIDAS_PREFIX + ".node_v2"; public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode"; public static final String CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS = CONIG_PROPS_EIDAS_NODE @@ -82,15 +84,23 @@ public class Constants { CONIG_PROPS_EIDAS_NODE + ".attributes.requested.{0}.onlynatural"; public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_REPRESENTATION = CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation"; + + public static final String CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION = + CONIG_PROPS_EIDAS_NODE + ".requesterId.useHashedForm"; + public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_REQUESTERID_FOR_LUX = + CONIG_PROPS_EIDAS_NODE + ".requesterId.lu.useStaticRequesterForAll"; + public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME = - CONIG_PROPS_EIDAS_NODE + ".workarounds.addAlwaysProviderName"; + CONIG_PROPS_EIDAS_NODE + ".workarounds.addAlwaysProviderName"; public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER = CONIG_PROPS_EIDAS_NODE + ".workarounds.useRequestIdAsTransactionIdentifier"; - public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = - CONIG_PROPS_EIDAS_NODE + ".workarounds.useStaticProviderNameForPublicSPs"; + + public static final String CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT = + CONIG_PROPS_EIDAS_NODE + ".requested.nameIdFormat"; + public static final String CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = CONIG_PROPS_EIDAS_NODE + ".staticProviderNameForPublicSPs"; - public static final String DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = "ERnP"; + public static final String DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = "Austria"; public static final String FORWARD_METHOD_POST = "POST"; public static final String FORWARD_METHOD_GET = "GET"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java index 1050f8d9..64c6adeb 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java @@ -24,17 +24,20 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processCountryCode; import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processDateOfBirthToString; +import java.nio.charset.StandardCharsets; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.Base64; import java.util.Map; import java.util.regex.Matcher; import java.util.regex.Pattern; import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.lang.NonNull; @@ -55,9 +58,10 @@ import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.light.impl.LightRequest.Builder; import eu.eidas.auth.commons.protocol.eidas.SpType; +import lombok.extern.slf4j.Slf4j; +@Slf4j public abstract class AbstractEidProcessor implements INationalEidProcessor { - private static final Logger log = LoggerFactory.getLogger(AbstractEidProcessor.class); @Autowired protected EidasAttributeRegistry attrRegistry; @@ -68,7 +72,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { public final void preProcess(IRequest pendingReq, Builder authnRequestBuilder) { buildLevelOfAssurance(pendingReq.getServiceProviderConfiguration(), authnRequestBuilder); - buildProviderNameAttribute(pendingReq, authnRequestBuilder); + buildProviderNameAndRequesterIdAttribute(pendingReq, authnRequestBuilder); buildRequestedAttributes(authnRequestBuilder); } @@ -200,6 +204,83 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { return EidasResponseUtils.processPseudonym(personalIdObj); } + /** + * Set ProviderName and RequestId into eIDAS AuthnRequest. + * + * @param pendingReq Current pendingRequest + * @param authnRequestBuilder AuthnREquest builer + */ + protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) { + final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); + + // set correct SPType for requested target sector + final String publicSectorTargetSelector = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS, + Constants.POLICY_DEFAULT_ALLOWED_TARGETS); + final Pattern p = Pattern.compile(publicSectorTargetSelector); + final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier()); + if (m.matches()) { + log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'"); + authnRequestBuilder.spType(SpType.PUBLIC.getValue()); + + final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME, + false)) { + //TODO: only for eIDAS ref. node 2.0 and 2.1 because it need 'Providername' for + if (StringUtils.isNotEmpty(providerName)) { + log.debug("Set 'providername' to: {}", providerName); + authnRequestBuilder.providerName(providerName); + + } else { + authnRequestBuilder.providerName(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, + Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP)); + + } + } + + } else { + log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PrivateSector'"); + authnRequestBuilder.spType(SpType.PRIVATE.getValue()); + + // TODO: switch to RequesterId in further version + // set provider name for private sector applications + final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); + if (StringUtils.isNotEmpty(providerName)) { + authnRequestBuilder.providerName(providerName); + + } + + authnRequestBuilder.requesterId( + generateRequesterId(pendingReq.getRawData(Constants.DATA_REQUESTERID, String.class))); + + } + } + + private String generateRequesterId(String requesterId) { + if (requesterId != null && basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION, true)) { + try { + log.trace("Building hashed 'requesterId' for private SP ... "); + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + String encodedRequesterId = Base64.getEncoder().encodeToString( + digest.digest(requesterId.getBytes(StandardCharsets.UTF_8))); + log.debug("Set 'requesterId' for: {} to: {}", requesterId, encodedRequesterId); + return encodedRequesterId; + + } catch (NoSuchAlgorithmException e) { + log.error("Can NOT generate hashed 'requesterId' from: {}. Use it as it is", requesterId, e); + + } + + } + + return requesterId; + + } + + private void buildRequestedAttributes(Builder authnRequestBuilder) { // build and add requested attribute set final Map<String, Boolean> ccSpecificReqAttr = getCountrySpecificRequestedAttributes(); @@ -237,55 +318,6 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { } - private void buildProviderNameAttribute(IRequest pendingReq, Builder authnRequestBuilder) { - final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); - - // set correct SPType for requested target sector - final String publicSectorTargetSelector = basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS, - Constants.POLICY_DEFAULT_ALLOWED_TARGETS); - final Pattern p = Pattern.compile(publicSectorTargetSelector); - final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier()); - if (m.matches()) { - log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'"); - authnRequestBuilder.spType(SpType.PUBLIC.getValue()); - - if (basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, - true)) { - authnRequestBuilder.providerName(basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, - Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP)); - - } else { - // TODO: only for eIDAS ref. node 2.0 and 2.1 because it need 'Providername' for - // any SPType - final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); - if (StringUtils.isNotEmpty(providerName) - && basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME, - false)) { - authnRequestBuilder.providerName(providerName); - - } - } - - } else { - log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PrivateSector'"); - authnRequestBuilder.spType(SpType.PRIVATE.getValue()); - - // TODO: switch to RequesterId in further version - // set provider name for private sector applications - final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); - if (StringUtils.isNotEmpty(providerName)) { - authnRequestBuilder.providerName(providerName); - authnRequestBuilder.requesterId(providerName); - - } - - } - } - private void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) { // TODO: set matching mode if eIDAS ref. impl. support this method diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/LuEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/LuEidProcessor.java new file mode 100644 index 00000000..8402457f --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/LuEidProcessor.java @@ -0,0 +1,61 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import java.util.HashMap; +import java.util.Map; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.gv.egiz.eaaf.core.api.IRequest; +import eu.eidas.auth.commons.light.impl.LightRequest.Builder; +import lombok.Getter; +import lombok.Setter; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class LuEidProcessor extends AbstractEidProcessor { + + + + private static final String canHandleCC = "LU"; + + @Getter + @Setter + private int priority = 1; + + @Override + public String getName() { + return "LU-PostProcessor"; + + } + + @Override + public boolean canHandle(String countryCode) { + return countryCode != null && countryCode.equalsIgnoreCase(canHandleCC); + + } + + @Override + protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) { + super.buildProviderNameAndRequesterIdAttribute(pendingReq, authnRequestBuilder); + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_REQUESTERID_FOR_LUX, true)) { + String staticName = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, + Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP); + authnRequestBuilder.providerName(staticName); + authnRequestBuilder.requesterId(staticName); + log.debug("Use static name: {} as 'providerName' and 'RequesterId' for all 'LU' requests ", staticName); + + } else { + log.info("Static 'providerName' and 'RequesterId' for country: LU is deactivated"); + + } + + } + + @Override + protected Map<String, Boolean> getCountrySpecificRequestedAttributes() { + return new HashMap<>(); + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java index 234d52dd..a2af4342 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java @@ -18,6 +18,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import com.fasterxml.jackson.annotation.JsonFormat; +import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; @@ -81,6 +82,14 @@ public class AuthBlockSigningService { authBlock.setTimestamp(LocalDateTime.now().truncatedTo(ChronoUnit.SECONDS)); authBlock.setUniqueId(pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class)); authBlock.setPiiTransactionId(pendingReq.getUniquePiiTransactionIdentifier()); + + //set Binding PublicKey if available + Object bindingPubKey = pendingReq.getRawData(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME); + if (bindingPubKey instanceof String) { + authBlock.setBindingPublicKey((String) bindingPubKey); + + } + String jwsPayload = mapper.writeValueAsString(authBlock); log.debug("Building and sign authBlock with data: {}", jwsPayload); @@ -172,6 +181,7 @@ public class AuthBlockSigningService { * */ @Data + @JsonInclude(JsonInclude.Include.NON_NULL) private static class EidasAuchBlock { @JsonProperty("challenge") @@ -189,6 +199,8 @@ public class AuthBlockSigningService { @JsonProperty("piiTransactionId") private String piiTransactionId; + @JsonProperty("bindingPublicKey") + private String bindingPublicKey; } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java index 2b3fabd9..74525e65 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java @@ -113,6 +113,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { final String environment = (String) executionContext.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT); final String issuer = loadIssuerFromConfig(); final LightRequest lightAuthnReq = buildEidasAuthnRequest(citizenCountryCode, issuer); + final BinaryLightToken token = putRequestInCommunicationCache(lightAuthnReq); final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token); workaroundRelayState(lightAuthnReq); @@ -165,7 +166,11 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { throws EidPostProcessingException { final LightRequest.Builder builder = LightRequest.builder(); builder.id(UUID.randomUUID().toString()); - builder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT); + + // set nameIDFormat + builder.nameIdFormat( + authConfig.getBasicConfiguration(Constants.CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT)); + builder.citizenCountryCode(citizenCountryCode); builder.issuer(issuer); // Add country-specific information into eIDAS request diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java index ae582e91..86cd2164 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java @@ -23,6 +23,13 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.jetbrains.annotations.NotNull; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + import at.asitplus.eidas.specific.connector.MsConnectorEventCodes; import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; @@ -34,16 +41,10 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import eu.eidas.auth.commons.light.ILightResponse; import lombok.extern.slf4j.Slf4j; -import org.jetbrains.annotations.NotNull; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; /** @@ -83,6 +84,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { checkStatusCode(eidasResponse); validateMsSpecificResponse(executionContext, eidasResponse); storeInSession(eidasResponse); + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_VALID); } catch (final EaafException e) { revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_NOT_VALID); @@ -129,10 +131,17 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { private void storeInSession(ILightResponse eidasResponse) throws EaafException { log.debug("Store eIDAS response information into pending-request."); - final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + final EidAuthProcessDataWrapper authProcessData = pendingReq.getSessionData(EidAuthProcessDataWrapper.class); authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance()); + + //inject set flag to inject + authProcessData.setTestIdentity( + basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_IS_TEST_IDENTITY, false)); + + authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse); requestStoreage.storePendingRequest(pendingReq); + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 5a113550..85b49186 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -61,6 +61,11 @@ <property name="priority" value="1" /> </bean> + <bean id="LU-Processor" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.LuEidProcessor"> + <property name="priority" value="1" /> + </bean> + <bean id="Default-Processor" class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.GenericEidProcessor"> <property name="priority" value="0" /> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java index 647e5d27..ee1ecf9f 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java @@ -23,51 +23,69 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.clients; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; -import at.gv.egiz.eaaf.core.exceptions.EaafParserException; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; -import at.gv.egiz.eaaf.core.impl.utils.DomUtils; -import com.skjolberg.mockito.soap.SoapServiceRule; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyList; +import static org.mockito.Mockito.when; + +import java.io.IOException; +import java.util.List; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.ws.soap.SOAPFaultException; + import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.RandomStringUtils; import org.apache.commons.lang3.StringUtils; import org.apache.cxf.binding.soap.SoapFault; -import org.junit.*; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Ignore; +import org.junit.Rule; +import org.junit.Test; import org.junit.runner.RunWith; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.w3c.dom.Element; import org.xml.sax.SAXException; -import szrservices.*; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Unmarshaller; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.ws.soap.SOAPFaultException; -import java.io.IOException; -import java.util.List; +import com.github.skjolber.mockito.soap.SoapServiceRule; -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.ArgumentMatchers.anyList; -import static org.mockito.Mockito.when; +import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EaafParserException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import lombok.extern.slf4j.Slf4j; +import szrservices.GetBPKFromStammzahlEncryptedResponse; +import szrservices.GetBPKFromStammzahlEncryptedResponseType; +import szrservices.GetIdentityLinkEidasResponse; +import szrservices.IdentityLinkType; +import szrservices.PersonInfoType; +import szrservices.SZR; +import szrservices.SZRException_Exception; +import szrservices.SignContentEntry; +import szrservices.SignContentResponse; +import szrservices.SignContentResponseType; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(locations = { "/SpringTest-context_tasks_test.xml", "/SpringTest-context_basic_mapConfig.xml"}) +@DirtiesContext(classMode = ClassMode.AFTER_CLASS) +@Slf4j public class SzrClientTest { - private static final Logger log = LoggerFactory.getLogger(SzrClientTest.class); @Autowired SzrClient szrClient; @Autowired MsConnectorDummyConfigMap basicConfig; @@ -89,8 +107,11 @@ public class SzrClientTest { } basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject", "false"); + } + + @Test public void getStammzahlenEcryptedTest() throws SZRException_Exception, SzrCommunicationException { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java index 7af9706e..e3757c0d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java @@ -41,9 +41,9 @@ import org.springframework.web.context.request.ServletRequestAttributes; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; +import com.github.skjolber.mockito.soap.SoapServiceRule; import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; -import com.skjolberg.mockito.soap.SoapServiceRule; import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; @@ -241,7 +241,9 @@ public class CreateIdentityLinkTaskEidNewTest { Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText()); Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty()); Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty()); - + Assert.assertFalse("binding pubKey", authBlockJson.has("bindingPublicKey")); + + // check vsz request ArgumentCaptor<PersonInfoType> argument4 = ArgumentCaptor.forClass(PersonInfoType.class); @@ -331,9 +333,12 @@ public class CreateIdentityLinkTaskEidNewTest { final SignContentEntry signContentEntry = new SignContentEntry(); signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10)); signContentResp.getOut().add(signContentEntry); + when(szrMock.signContent(any(), any(), any())).thenReturn(signContentResp); + String randomTestSp = RandomStringUtils.randomAlphabetic(10); + String bindingPubKey = RandomStringUtils.randomAlphabetic(10); pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); MatchedPersonResult matchingInfos = MatchedPersonResult.builder() @@ -342,9 +347,11 @@ public class CreateIdentityLinkTaskEidNewTest { .familyName(RandomStringUtils.randomAlphabetic(5)) .dateOfBirth(RandomStringUtils.randomAlphabetic(5)) .countryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .build(); - + .build(); MatchingTaskUtils.storeFinalMatchingResult(pendingReq, matchingInfos); + + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey); + //perform test task.execute(pendingReq, executionContext); @@ -360,9 +367,30 @@ public class CreateIdentityLinkTaskEidNewTest { Assert.assertNotNull("AuthProcessData", authProcessData); Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class)); + // check authblock signature String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class); Assert.assertNotNull("AuthBlock", authBlock); + final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT, + BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()])); + Pair<KeyStore, Provider> keyStore = getKeyStore(); + X509Certificate[] trustedCerts = EaafKeyStoreUtils + .getPrivateKeyAndCertificates(keyStore.getFirst(), ALIAS, PW.toCharArray(), true, "junit").getSecond(); + JwsResult result = JoseUtils.validateSignature(authBlock, Arrays.asList(trustedCerts), constraints); + Assert.assertTrue("AuthBlock not valid", result.isValid()); + JsonNode authBlockJson = mapper.readTree(result.getPayLoad()); + Assert.assertNotNull("deserialized AuthBlock", authBlockJson); + + Assert.assertNotNull("no piiTransactionId in pendingRequesdt", + storedPendingReq.getUniquePiiTransactionIdentifier()); + Assert.assertEquals("piiTransactionId", storedPendingReq.getUniquePiiTransactionIdentifier(), + authBlockJson.get("piiTransactionId").asText()); + Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText()); + Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty()); + Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty()); + Assert.assertTrue("binding pubKey", authBlockJson.has("bindingPublicKey")); + Assert.assertEquals("binding PubKey", bindingPubKey, authBlockJson.get("bindingPublicKey").asText()); + Assert.assertTrue("EID process", authProcessData.isEidProcess()); Assert.assertTrue("foreigner process", authProcessData.isForeigner()); Assert.assertEquals("EID-ISSUING_NATION", "LU", diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java index 0a2d4271..7513501e 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java @@ -30,9 +30,9 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; +import com.github.skjolber.mockito.soap.SoapServiceRule; import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; -import com.skjolberg.mockito.soap.SoapServiceRule; import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java index c416b515..4edfe32d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java @@ -1,5 +1,7 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; +import static org.junit.Assert.assertNull; + import java.io.UnsupportedEncodingException; import java.util.HashMap; import java.util.Map; @@ -83,6 +85,7 @@ public class GenerateAuthnRequestTaskTest { pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); pendingReq.setAuthUrl("http://test.com/"); + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm", "true"); basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.entityId", RandomStringUtils.randomAlphabetic(10)); basicConfig.putConfigValue( @@ -90,7 +93,8 @@ public class GenerateAuthnRequestTaskTest { "http://test/" + RandomStringUtils.randomAlphabetic(5)); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); - + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat"); + } @Test @@ -297,7 +301,7 @@ public class GenerateAuthnRequestTaskTest { basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); basicConfig.putConfigValue( - "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true"); + "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderNames", "true"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs", "myNode"); @@ -312,9 +316,8 @@ public class GenerateAuthnRequestTaskTest { Assert.assertEquals("ProviderName is not Static", "myNode", eidasReq.getProviderName()); Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType()); Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance()); - Assert.assertEquals("wrong CC", cc, eidasReq.getCitizenCountryCode()); - Assert.assertEquals("NameIdFormat", Constants.eIDAS_REQ_NAMEID_FORMAT, eidasReq.getNameIdFormat()); - + Assert.assertEquals("wrong CC", cc, eidasReq.getCitizenCountryCode()); + assertNull("NameIdPolicy not null", eidasReq.getNameIdFormat()); } @@ -336,6 +339,10 @@ public class GenerateAuthnRequestTaskTest { basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false"); + String nameIdFormat = RandomStringUtils.randomAlphabetic(10); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat", nameIdFormat); + String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint); @@ -362,6 +369,102 @@ public class GenerateAuthnRequestTaskTest { eidasReq.getLevelOfAssurance()); Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size()); + Assert.assertEquals("NameIdFormat", nameIdFormat, eidasReq.getNameIdFormat()); + + } + + @Test + public void publicSpWithCountryLu() throws TaskExecutionException, + SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException { + //set-up test + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU"); + executionContext.put("selectedEnvironment", "prod"); + + String providerName = RandomStringUtils.randomAlphanumeric(10); + pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName); + + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); + + String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); + + //execute test + task.execute(pendingReq, executionContext); + + //validate state + Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); + Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); + Assert.assertTrue("Wrong redirect endpoint", + ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint)); + + + final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); + + Assert.assertEquals("PrividerName", "myNode", eidasReq.getProviderName()); + Assert.assertEquals("RequesterId found", "myNode", eidasReq.getRequesterId()); + Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType()); + Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH, + eidasReq.getLevelOfAssurance()); + + Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size()); + + } + + @Test + public void privateSpWithCountryLu() throws TaskExecutionException, + SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException { + //set-up test + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU"); + executionContext.put("selectedEnvironment", "prod"); + + String providerName = RandomStringUtils.randomAlphanumeric(10); + String requesterId = RandomStringUtils.randomAlphanumeric(10); + pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName); + pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, requesterId); + + spConfig.put("target", + EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6)); + + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true"); + + String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); + + //execute test + task.execute(pendingReq, executionContext); + + //validate state + Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); + Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); + Assert.assertTrue("Wrong redirect endpoint", + ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint)); + + + final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); + + Assert.assertEquals("PrividerName", "myNode", eidasReq.getProviderName()); + Assert.assertEquals("RequesterId", "myNode", eidasReq.getRequesterId()); + Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType()); + Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH, + eidasReq.getLevelOfAssurance()); + + Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size()); } @@ -409,6 +512,53 @@ public class GenerateAuthnRequestTaskTest { EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6)); String providerName = RandomStringUtils.randomAlphanumeric(10); pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName); + pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, "http://junit.sp"); + + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false"); + + String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); + + + //perform test + task.execute(pendingReq, executionContext); + + //validate state + Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); + Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); + Assert.assertTrue("Wrong redirect endpoint", + ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint)); + + + final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); + + Assert.assertEquals("PrividerName", providerName, eidasReq.getProviderName()); + Assert.assertEquals("RequesterId", "Wr8LrrVf5SYneblOlZdZNaLQQCCgzklfKQvyeZjBx10=", eidasReq.getRequesterId()); + Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType()); + Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance()); + + } + + @Test + public void privateSPWithoutRequestIdHashing() throws TaskExecutionException, + SpecificCommunicationException, EaafStorageException { + //set-up test + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); + spConfig.put("target", + EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6)); + String providerName = RandomStringUtils.randomAlphanumeric(10); + String requesterId = RandomStringUtils.randomAlphanumeric(10); + pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName); + pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, requesterId); basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); basicConfig.putConfigValue( @@ -417,6 +567,7 @@ public class GenerateAuthnRequestTaskTest { "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false"); + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm", "false"); String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); basicConfig.putConfigValue( @@ -438,7 +589,7 @@ public class GenerateAuthnRequestTaskTest { final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); Assert.assertEquals("PrividerName", providerName, eidasReq.getProviderName()); - Assert.assertEquals("RequesterId", providerName, eidasReq.getRequesterId()); + Assert.assertEquals("RequesterId", requesterId, eidasReq.getRequesterId()); Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType()); Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance()); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java index c8e00e72..ea2cda4b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java @@ -37,7 +37,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; import at.gv.egiz.eaaf.core.impl.utils.Random; @@ -81,7 +81,8 @@ public class ReceiveAuthnResponseTaskTest { RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false"); - + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.eid.testidentity.default", "false"); + final Map<String, String> spConfig = new HashMap<>(); spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); @@ -149,16 +150,45 @@ public class ReceiveAuthnResponseTaskTest { //validate state IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); Assert.assertNotNull("pendingReq not stored", storedReq); - - final AuthProcessDataWrapper authProcessData = storedReq.getSessionData(AuthProcessDataWrapper.class); + final EidAuthProcessDataWrapper authProcessData = storedReq.getSessionData(EidAuthProcessDataWrapper.class); Assert.assertEquals("LoA", eidasResponse.getLevelOfAssurance(), authProcessData.getQaaLevel()); Assert.assertNotNull("eIDAS response", authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE)); Assert.assertEquals("eIDAS response", eidasResponse, authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE)); - + + Assert.assertFalse("testIdentity flag", authProcessData.isTestIdentity()); + } - + + @Test + public void successWithTestIdentity() throws URISyntaxException, TaskExecutionException, PendingReqIdValidationException { + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.eid.testidentity.default", "true"); + + @NotNull + AuthenticationResponse eidasResponse = buildDummyAuthResponse(Constants.SUCCESS_URI); + httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse); + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU"); + + //execute test + task.execute(pendingReq, executionContext); + + //validate state + IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + Assert.assertNotNull("pendingReq not stored", storedReq); + + final EidAuthProcessDataWrapper authProcessData = storedReq.getSessionData(EidAuthProcessDataWrapper.class); + Assert.assertEquals("LoA", eidasResponse.getLevelOfAssurance(), authProcessData.getQaaLevel()); + Assert.assertNotNull("eIDAS response", + authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE)); + Assert.assertEquals("eIDAS response", eidasResponse, + authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE)); + Assert.assertTrue("testIdentity flag", authProcessData.isTestIdentity()); + + } + + + @NotNull private AuthenticationResponse buildDummyAuthResponse(String statusCode) throws URISyntaxException { final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java index 35f1a91b..84da2344 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java @@ -149,9 +149,10 @@ public class EidasRequestPreProcessingFirstTest { Assert.assertEquals("ProviderName is not Static", Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, lightReq.getProviderName()); + Assert.assertNotSame("RequesterId was set", lightReq.getRequesterId()); Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); Assert.assertEquals("Requested attribute size not match", 8, lightReq.getRequestedAttributes().size()); } - + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java index 23175a18..6fd4f8a5 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java @@ -86,6 +86,9 @@ public class EidasRequestPreProcessingSecondTest { authnRequestBuilder.issuer("Test"); authnRequestBuilder.levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "true"); + } @Test @@ -106,4 +109,49 @@ public class EidasRequestPreProcessingSecondTest { } + + /* + * Set ProviderName according to general configuration + */ + @Test + public void prePreProcessLuPublicSpWithoutRequestId() throws EidPostProcessingException { + + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "false"); + + final String testCountry = "LU"; + authnRequestBuilder.citizenCountryCode(testCountry); + preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder); + + final LightRequest lightReq = authnRequestBuilder.build(); + + Assert.assertEquals("ProviderName is not Static", "myNode", lightReq.getProviderName()); + Assert.assertNull("RequesterId", lightReq.getRequesterId()); + Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); + Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size()); + + } + + /* + * Always set requesterId and providername in case of country LU + */ + @Test + public void prePreProcessLuPublicSpWithStaticRequesterId() throws EidPostProcessingException { + + + final String testCountry = "LU"; + authnRequestBuilder.citizenCountryCode(testCountry); + preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder); + + final LightRequest lightReq = authnRequestBuilder.build(); + + Assert.assertEquals("ProviderName is not Static", + "myNode", lightReq.getProviderName()); + Assert.assertEquals("RequesterId is not Static", + "myNode", lightReq.getRequesterId()); + Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); + Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size()); + + } + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml index d4783585..f4fc72a7 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml @@ -53,6 +53,11 @@ <property name="priority" value="1" /> </bean> + <bean id="LU-PostProcessor" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.LuEidProcessor"> + <property name="priority" value="1" /> + </bean> + <bean id="eIDASAuthModule" class="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasAuthenticationModulImpl"> <property name="priority" value="2" /> |