aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java60
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java39
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java22
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java4
4 files changed, 57 insertions, 68 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
index dc6df967..5bad738b 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
@@ -27,6 +27,7 @@ import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.URL;
+import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
@@ -34,7 +35,7 @@ import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.util.ArrayList;
-import java.util.Arrays;
+import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -117,6 +118,7 @@ public class SzrClient {
private static final String JOSE_HEADER_USERCERTPINNING_EIDASBIND = "urn:at.gv.eid:eidasBind";
public static final String ATTR_NAME_MDS = "urn:eidgvat:mds";
+ @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection")
@Autowired
private IConfiguration basicConfig;
@@ -126,10 +128,6 @@ public class SzrClient {
// RAW client is needed for identitylink
private Dispatch<Source> dispatch = null;
- private SzrService szrService = null;
- private String szrUrl = null;
- private QName qname = null;
-
final ObjectMapper mapper = new ObjectMapper();
/**
@@ -164,7 +162,7 @@ public class SzrClient {
.createUnmarshaller().unmarshal(new ByteArrayInputStream(szrResponse));
// build response
- log.trace(new String(szrResponse, "UTF-8"));
+ log.trace(new String(szrResponse, StandardCharsets.UTF_8));
// ok, we have success
final Document doc = DomUtils.parseDocument(
@@ -223,7 +221,11 @@ public class SzrClient {
}
/**
- * Request a encryped baseId from SRZ.
+ * Request a encrypted baseId from SZR.
+ *
+ * <b>Note</b>: Previously, this method did create a new ERnP entry, if it did not exist. This is
+ * <b>not</b> the case any more. See
+ * {@link at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateNewErnpEntryTask} for that functionality.
*
* @param personInfo Minimum dataset of person
* @return encrypted baseId
@@ -234,10 +236,7 @@ public class SzrClient {
final String resp;
try {
- //TODO wirklich immer "insertERnP=true"?
- // wenn insertErnP=false dann returns vsz oder fehler
- // wenn insertErnp = true dann returns vsz, ggf vom neuen Eintrag
- resp = this.szr.getStammzahlEncrypted(personInfo, true);
+ resp = this.szr.getStammzahlEncrypted(personInfo, false);
} catch (SZRException_Exception e) {
throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e);
}
@@ -253,8 +252,8 @@ public class SzrClient {
/**
* Sign an eidasBind data-structure that combines vsz with user's pubKey and E-ID status.
*
- * @param vsz encryped baseId
- * @param bindingPubKey binding PublikKey as PKCS1# (ASN.1) container
+ * @param vsz encrypted baseId
+ * @param bindingPubKey binding PublicKey as PKCS1# (ASN.1) container
* @param eidStatus Status of the E-ID
* @param eidData eID information that was used for ERnP registration
* @return bPK for this person
@@ -266,7 +265,7 @@ public class SzrClient {
final Map<String, Object> eidsaBindMap = new HashMap<>();
eidsaBindMap.put(ATTR_NAME_VSZ, vsz);
eidsaBindMap.put(ATTR_NAME_STATUS, eidStatus);
- eidsaBindMap.put(ATTR_NAME_PUBKEYS, Arrays.asList(bindingPubKey));
+ eidsaBindMap.put(ATTR_NAME_PUBKEYS, Collections.singletonList(bindingPubKey));
eidsaBindMap.put(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, eidData.getCitizenCountryCode());
injectMdsIfAvailableAndActive(eidsaBindMap, eidData);
@@ -296,7 +295,7 @@ public class SzrClient {
return resp.getOut().get(0).getValue();
} catch (final JsonProcessingException | SZRException_Exception e) {
- log.warn("Requesting bcBind by using SZR FAILED. Reason: {}", e.getMessage(), null, e);
+ log.warn("Requesting bcBind by using SZR FAILED.", e);
throw new SzrCommunicationException("ernb.02",
new Object[]{e.getMessage()}, e);
}
@@ -311,6 +310,9 @@ public class SzrClient {
Constants.CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE,
true);
+ SzrService szrService;
+ QName qname;
+ String szrUrl;
if (useTestSzr) {
log.debug("Initializing SZR test environment configuration.");
qname = SzrService.SZRTestumgebung;
@@ -350,20 +352,20 @@ public class SzrClient {
// inject handler
log.info("Use SZR service-URL: " + szrUrl);
- injectBindingProvider((BindingProvider) szr, CLIENT_DEFAULT);
- injectBindingProvider(dispatch, CLIENT_RAW);
+ injectBindingProvider((BindingProvider) szr, CLIENT_DEFAULT, szrUrl);
+ injectBindingProvider(dispatch, CLIENT_RAW, szrUrl);
// inject http parameters and SSL context
log.debug("Inject HTTP client settings ... ");
- injectHttpClient(szr, CLIENT_DEFAULT);
- injectHttpClient(dispatch, CLIENT_RAW);
+ injectHttpClient(szr, CLIENT_DEFAULT, szrUrl);
+ injectHttpClient(dispatch, CLIENT_RAW, szrUrl);
log.info("SZR-Client initialization successfull");
}
- private void injectHttpClient(Object raw, String clientType) {
+ private void injectHttpClient(Object raw, String clientType, String szrUrl) {
// extract client from implementation
- Client client = null;
+ Client client;
if (raw instanceof DispatchImpl<?>) {
client = ((DispatchImpl<?>) raw).getClient();
} else if (raw instanceof Client) {
@@ -378,14 +380,12 @@ public class SzrClient {
// set timeout policy
final HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
- httpClientPolicy.setConnectionTimeout(
- Integer.parseInt(basicConfig.getBasicConfiguration(
- Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION,
- Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION)) * 1000);
- httpClientPolicy.setReceiveTimeout(
- Integer.parseInt(basicConfig.getBasicConfiguration(
- Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE,
- Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE)) * 1000);
+ String connectionTimeout = basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION, Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION);
+ httpClientPolicy.setConnectionTimeout(Integer.parseInt(connectionTimeout) * 1000L);
+ String responseTimeout = basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE, Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE);
+ httpClientPolicy.setReceiveTimeout(Integer.parseInt(responseTimeout) * 1000L);
http.setClient(httpClientPolicy);
// inject SSL context in case of https
@@ -400,7 +400,7 @@ public class SzrClient {
}
- private void injectBindingProvider(BindingProvider bindingProvider, String clientType) {
+ private void injectBindingProvider(BindingProvider bindingProvider, String clientType, String szrUrl) {
final Map<String, Object> requestContext = bindingProvider.getRequestContext();
requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, szrUrl);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java
index 99c221d8..5deb5f31 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java
@@ -28,10 +28,10 @@ import static org.mockito.ArgumentMatchers.anyList;
import static org.mockito.Mockito.when;
import java.io.IOException;
-import java.security.InvalidKeyException;
+import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
-import java.security.NoSuchProviderException;
import java.util.List;
+import java.util.Objects;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
@@ -44,7 +44,6 @@ import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.cxf.binding.soap.SoapFault;
import org.joda.time.DateTime;
-import org.jose4j.lang.JoseException;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Ignore;
@@ -60,9 +59,6 @@ import org.springframework.util.Base64Utils;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.JsonMappingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
import com.skjolberg.mockito.soap.SoapServiceRule;
import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
@@ -102,8 +98,6 @@ public class SzrClientTest {
@Autowired SzrClient szrClient;
@Autowired MsConnectorDummyConfigMap basicConfig;
- private static ObjectMapper mapper = new ObjectMapper();
-
private static final String givenName = "Franz";
private static final String familyName = "Mustermann";
private static final String dateOfBirth = "1989-05-05";
@@ -139,7 +133,7 @@ public class SzrClientTest {
@Test
- public void getStammzahlenEcryptedTest() throws JAXBException, SZRException_Exception, SzrCommunicationException {
+ public void getStammzahlenEcryptedTest() throws SZRException_Exception, SzrCommunicationException {
final GetBPKFromStammzahlEncryptedResponse szrResponse = new GetBPKFromStammzahlEncryptedResponse();
final GetBPKFromStammzahlEncryptedResponseType result1 = new GetBPKFromStammzahlEncryptedResponseType();
szrResponse.getOut().add(result1);
@@ -156,7 +150,7 @@ public class SzrClientTest {
when(szrMock.getStammzahlEncrypted(any(), any())).thenReturn(null);
try {
- stammzahlEncrypted = szrClient.getEncryptedStammzahl(new PersonInfoType());
+ szrClient.getEncryptedStammzahl(new PersonInfoType());
} catch (SzrCommunicationException e) {
Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01"));
}
@@ -234,8 +228,7 @@ public class SzrClientTest {
}
@Test
- public void eidasBindValid() throws SZRException_Exception, SzrCommunicationException, JsonMappingException,
- JsonProcessingException, JoseException {
+ public void eidasBindValid() throws SZRException_Exception, SzrCommunicationException {
final SignContentResponse szrResponse = new SignContentResponse();
final SignContentEntry result1 = new SignContentEntry();
final SignContentResponseType content = new SignContentResponseType();
@@ -257,8 +250,7 @@ public class SzrClientTest {
}
@Test
- public void eidasBindValidWithMds() throws SZRException_Exception, SzrCommunicationException, JoseException,
- JsonMappingException, JsonProcessingException {
+ public void eidasBindValidWithMds() throws SZRException_Exception, SzrCommunicationException {
basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject", "true");
final SignContentResponse szrResponse = new SignContentResponse();
@@ -283,7 +275,7 @@ public class SzrClientTest {
@Test
public void getIdentityLinkRawModeValidResponse()
- throws SZRException_Exception, EaafParserException, NoSuchProviderException, IOException, InvalidKeyException,
+ throws SZRException_Exception, EaafParserException,
EidasSAuthenticationException, JAXBException {
setSzrResponseIdentityLink("/data/szr/szr_resp_valid_1.xml");
@@ -317,8 +309,8 @@ public class SzrClientTest {
@Test
public void getIdentityLinkRawModeErrorTravelerDocExists()
- throws SZRException_Exception, EaafParserException, NoSuchProviderException, IOException, InvalidKeyException,
- EidasSAuthenticationException, JAXBException, ParserConfigurationException, SAXException {
+ throws SZRException_Exception, IOException,
+ EidasSAuthenticationException, ParserConfigurationException, SAXException {
setSzrExceptionIdentityLink("/data/szr/szr_resp_error_travelerdocexists.xml");
try {
@@ -342,7 +334,7 @@ public class SzrClientTest {
@Ignore
@Test
- public void getBpkTest() throws SZRException_Exception, EidasSAuthenticationException {
+ public void getBpkTest() throws EidasSAuthenticationException {
final List<String> bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET, basicConfig
.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined"));
@@ -363,6 +355,7 @@ public class SzrClientTest {
}
+ @SuppressWarnings("SameParameterValue")
private void setSzrResponseIdentityLink(String responseXmlPath) throws JAXBException, SZRException_Exception {
final JAXBContext jaxbContext = JAXBContext
.newInstance(szrservices.ObjectFactory.class, org.w3._2001._04.xmldsig_more.ObjectFactory.class,
@@ -375,8 +368,9 @@ public class SzrClientTest {
}
+ @SuppressWarnings("SameParameterValue")
private void setSzrExceptionIdentityLink(String responseXmlPath)
- throws JAXBException, ParserConfigurationException, SAXException, IOException, SZRException_Exception {
+ throws ParserConfigurationException, SAXException, IOException, SZRException_Exception {
final Element detailerror = DomUtils.parseXmlNonValidating(this.getClass().getResourceAsStream(responseXmlPath));
final javax.xml.namespace.QName qName = new javax.xml.namespace.QName("urn:SZRServices", "F455", "p344");
final SoapFault fault = new SoapFault(
@@ -391,9 +385,8 @@ public class SzrClientTest {
private String createHashFromUniqueId(String uniqueId) throws EidasSAuthenticationException {
try {
final MessageDigest md = MessageDigest.getInstance("SHA-256");
- final byte[] hash = md.digest(uniqueId.getBytes("UTF-8"));
- final String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", "");
- return hashBase64;
+ final byte[] hash = md.digest(uniqueId.getBytes(StandardCharsets.UTF_8));
+ return new String(Base64Utils.encode(hash), StandardCharsets.UTF_8).replaceAll("\r\n", "");
} catch (final Exception ex) {
throw new EidasSAuthenticationException("internal.03", new Object[]{}, ex);
@@ -413,7 +406,7 @@ public class SzrClientTest {
// parse some eID attributes
final Triple<String, String, String> eIdentifier = EidasResponseUtils.parseEidasPersonalIdentifier(eIDASeID);
- final String uniqueId = createHashFromUniqueId(eIdentifier.getThird());
+ final String uniqueId = createHashFromUniqueId(Objects.requireNonNull(eIdentifier).getThird());
final String citizenCountry = eIdentifier.getFirst();
// person information
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java
index abebf0da..38829d67 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java
@@ -23,11 +23,10 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.test;
-import java.io.IOException;
-import java.security.InvalidKeyException;
+import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
-import java.security.NoSuchProviderException;
import java.util.List;
+import java.util.Objects;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
@@ -63,7 +62,6 @@ import at.gv.egiz.eaaf.core.impl.data.Triple;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
import szrservices.IdentityLinkType;
import szrservices.PersonInfoType;
-import szrservices.SZRException_Exception;
import szrservices.TravelDocumentType;
@@ -98,14 +96,14 @@ public class SzrClientTestProduction {
}
@Test
- public void getVsz() throws SzrCommunicationException, EidasSAuthenticationException {
+ public void getVsz() throws EidasSAuthenticationException {
String vsz = szrClient.getEncryptedStammzahl(getPersonInfo());
Assert.assertNotNull("vsz", vsz);
}
@Test
- public void getEidasBind() throws SzrCommunicationException, EidasSAuthenticationException {
+ public void getEidasBind() throws EidasSAuthenticationException {
String vsz = RandomStringUtils.randomAlphanumeric(10);
String bindingPubKey = Base64.toBase64String(RandomStringUtils.random(20).getBytes());
String eidStatus = "urn:eidgvat:eid.status.eidas";
@@ -125,8 +123,7 @@ public class SzrClientTestProduction {
@Test
- public void getIdentityLinkRawMode() throws SZRException_Exception, EaafParserException,
- NoSuchProviderException, IOException, InvalidKeyException, EidasSAuthenticationException {
+ public void getIdentityLinkRawMode() throws EaafParserException, EidasSAuthenticationException {
log.debug("Starting connecting SZR Gateway");
final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(
getPersonInfo());
@@ -173,7 +170,7 @@ public class SzrClientTestProduction {
@Ignore
@Test
- public void getBpkTest() throws SZRException_Exception, EidasSAuthenticationException {
+ public void getBpkTest() throws EidasSAuthenticationException {
final List<String> bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET,
basicConfig.getBasicConfiguration(
Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ,
@@ -193,9 +190,8 @@ public class SzrClientTestProduction {
private String createHashFromUniqueId(String uniqueId) throws EidasSAuthenticationException {
try {
final MessageDigest md = MessageDigest.getInstance("SHA-256");
- final byte[] hash = md.digest(uniqueId.getBytes("UTF-8"));
- final String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", "");
- return hashBase64;
+ final byte[] hash = md.digest(uniqueId.getBytes(StandardCharsets.UTF_8));
+ return new String(Base64Utils.encode(hash), StandardCharsets.UTF_8).replaceAll("\r\n", "");
} catch (final Exception ex) {
throw new EidasSAuthenticationException("internal.03", new Object[] {}, ex);
@@ -216,7 +212,7 @@ public class SzrClientTestProduction {
// parse some eID attributes
final Triple<String, String, String> eIdentifier =
EidasResponseUtils.parseEidasPersonalIdentifier(eIDASeID);
- final String uniqueId = createHashFromUniqueId(eIdentifier.getThird());
+ final String uniqueId = createHashFromUniqueId(Objects.requireNonNull(eIdentifier).getThird());
final String citizenCountry = eIdentifier.getFirst();
// person information
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
index c29c82c7..ee7d2ebd 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -227,7 +227,7 @@ public class CreateIdentityLinkTaskEidNewTest {
verify(szrMock, times(1)).getStammzahlEncrypted(argument4.capture(), argument5.capture());
Boolean param5 = argument5.getValue();
- Assert.assertTrue("insertERnP flag", param5);
+ Assert.assertFalse("insertERnP flag", param5);
PersonInfoType person = argument4.getValue();
Assert.assertEquals("FamilyName",
response.getAttributes().getAttributeValuesByFriendlyName("FamilyName").getFirstValue(
@@ -344,7 +344,7 @@ public class CreateIdentityLinkTaskEidNewTest {
verify(szrMock, times(1)).getStammzahlEncrypted(argument4.capture(), argument5.capture());
Boolean param5 = argument5.getValue();
- Assert.assertTrue("insertERnP flag", param5);
+ Assert.assertFalse("insertERnP flag", param5);
PersonInfoType person = argument4.getValue();
Assert.assertEquals("FamilyName",
response.getAttributes().getAttributeValuesByFriendlyName("FamilyName").getFirstValue(