aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/pom.xml41
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationSpringResourceProvider.java6
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/config/EidasConnectorMessageSource.java21
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java121
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java55
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java18
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/controller/IdAustriaClientAuthMetadataController.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java)82
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/controller/IdAustriaClientAuthSignalController.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java)9
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthCredentialProvider.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java)10
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthHealthCheck.java56
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthMetadataProvider.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataProvider.java)28
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java91
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java154
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml60
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml39
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties15
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/config/EidasConnectorMessageSourceTest.java43
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaAuthSignalControllerTest.java197
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthHealthCheckTest.java128
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java44
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderFirstTest.java238
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderSecondTest.java66
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientCredentialProviderTest.java414
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java245
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java564
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_lazy.xml (renamed from eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_mapConfig1.xml)22
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml3
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test1.xml63
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml104
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test1.xml149
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1-.properties252
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties17
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID.xml6
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID_wrong_data.xml46
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy.xml55
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy_and_EID.xml58
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_classpath_entityid.xml6
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error.xml6
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_empty_subcode.xml6
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_userstop.xml6
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_without_subcode.xml6
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_classpath_entity1.xml146
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_no_sig.xml46
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_no_sig2.xml46
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_sig_notvalid.xml84
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_sig_valid_wrong_alg.xml74
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/sp_metadata_junit.xml2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/pvp.p12bin0 -> 5494 bytes
50 files changed, 2006 insertions, 1946 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml b/eidas_modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml
index 7d7467aa..82306a57 100644
--- a/eidas_modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml
@@ -12,7 +12,7 @@
</Match>
<Match>
<!-- CSFR protection is implemented by pendingRequestId that is an one-time token -->
- <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthSignalController" />
+ <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.controller.IdAustriaClientAuthSignalController" />
<Method name="performAuthentication" />
<Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" />
</Match>
diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml
index 6773cc41..1b2681c3 100644
--- a/eidas_modules/authmodule-eIDAS-v2/pom.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml
@@ -101,6 +101,10 @@
<!-- other third party libs -->
<dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-actuator</artifactId>
+ </dependency>
+ <dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</dependency>
@@ -134,6 +138,19 @@
</dependency>
<dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ <version>2.11.2</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.bitbucket.b_c</groupId>
+ <artifactId>jose4j</artifactId>
+ <version>0.7.2</version>
+ </dependency>
+
+
+ <dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<scope>provided</scope>
@@ -188,17 +205,23 @@
<type>test-jar</type>
</dependency>
<dependency>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-databind</artifactId>
- <version>2.11.2</version>
- <scope>compile</scope>
- </dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf_module_pvp2_core</artifactId>
+ <scope>test</scope>
+ <type>test-jar</type>
+ </dependency>
<dependency>
- <groupId>org.bitbucket.b_c</groupId>
- <artifactId>jose4j</artifactId>
- <version>0.7.2</version>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf_module_pvp2_idp</artifactId>
+ <scope>test</scope>
+ <type>test-jar</type>
+ </dependency>
+ <dependency>
+ <groupId>com.squareup.okhttp3</groupId>
+ <artifactId>mockwebserver</artifactId>
+ <scope>test</scope>
</dependency>
-
+
</dependencies>
<build>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index b603774b..e7190ab4 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -27,6 +27,8 @@ import at.gv.egiz.eaaf.core.api.data.EaafConstants;
public class Constants {
+ public static final String ERRORCODE_00 = "module.eidasauth.00";
+
public static final String DATA_REQUESTERID = "req_requesterId";
public static final String DATA_PROVIDERNAME = "req_providerName";
public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationSpringResourceProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationSpringResourceProvider.java
index 535e4f97..e5b10185 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationSpringResourceProvider.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationSpringResourceProvider.java
@@ -45,8 +45,10 @@ public class EidasAuthenticationSpringResourceProvider implements SpringResource
public Resource[] getResourcesToLoad() {
final ClassPathResource eidasAuthConfig = new ClassPathResource("/eidas_v2_auth.beans.xml",
EidasAuthenticationSpringResourceProvider.class);
-
- return new Resource[] { eidasAuthConfig };
+ final ClassPathResource eidasRefImplConfig = new ClassPathResource("/eidas_v2_auth_ref_impl_config.beans.xml",
+ EidasAuthenticationSpringResourceProvider.class);
+
+ return new Resource[] { eidasRefImplConfig, eidasAuthConfig };
}
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/config/EidasConnectorMessageSource.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/config/EidasConnectorMessageSource.java
new file mode 100644
index 00000000..7a9f472a
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/config/EidasConnectorMessageSource.java
@@ -0,0 +1,21 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.config;
+
+import java.util.Arrays;
+import java.util.List;
+
+import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
+
+/**
+ * Inject eIDAS Connector specific messages into Spring based message-source.
+ *
+ * @author tlenz
+ *
+ */
+public class EidasConnectorMessageSource implements IMessageSourceLocation {
+
+ @Override
+ public List<String> getMessageSourceLocation() {
+ return Arrays.asList("classpath:/messages/eidas_connector_message");
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java
deleted file mode 100644
index 30c8b65f..00000000
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java
+++ /dev/null
@@ -1,121 +0,0 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
-
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import org.apache.commons.lang3.StringUtils;
-import org.opensaml.saml.saml2.metadata.ContactPerson;
-import org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration;
-import org.opensaml.saml.saml2.metadata.EmailAddress;
-import org.opensaml.saml.saml2.metadata.GivenName;
-import org.opensaml.saml.saml2.metadata.Organization;
-import org.opensaml.saml.saml2.metadata.OrganizationDisplayName;
-import org.opensaml.saml.saml2.metadata.OrganizationName;
-import org.opensaml.saml.saml2.metadata.OrganizationURL;
-import org.opensaml.saml.saml2.metadata.SurName;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import java.util.Arrays;
-import java.util.List;
-
-public class IdAustriaAuthPvpConfiguration implements IPvp2BasicConfiguration {
-
- private static final String DEFAULT_XML_LANG = "en";
-
- @Autowired
- private IConfiguration basicConfig;
-
- @Override
- public String getIdpEntityId(String authUrl) throws EaafException {
- return authUrl + IdAustriaClientAuthConstants.ENDPOINT_METADATA;
-
- }
-
- @Override
- public String getIdpSsoPostService(String authUrl) throws EaafException {
- return null;
-
- }
-
- @Override
- public String getIdpSsoRedirectService(String authUrl) throws EaafException {
- return null;
-
- }
-
- @Override
- public String getIdpSsoSoapService(String extractAuthUrlFromRequest) throws EaafException {
- return null;
-
- }
-
- @Override
- public List<ContactPerson> getIdpContacts() throws EaafException {
- final ContactPerson contactPerson = Saml2Utils.createSamlObject(ContactPerson.class);
- final GivenName givenName = Saml2Utils.createSamlObject(GivenName.class);
- final SurName surname = Saml2Utils.createSamlObject(SurName.class);
- final EmailAddress emailAddress = Saml2Utils.createSamlObject(EmailAddress.class);
-
- givenName.setName(getAndVerifyFromConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_GIVENNAME));
- surname.setName(getAndVerifyFromConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_SURNAME));
- emailAddress.setAddress(getAndVerifyFromConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_EMAIL));
-
- contactPerson.setType(ContactPersonTypeEnumeration.TECHNICAL);
- contactPerson.setGivenName(givenName);
- contactPerson.setSurName(surname);
- contactPerson.getEmailAddresses().add(emailAddress);
-
- return Arrays.asList(contactPerson);
-
- }
-
- @Override
- public Organization getIdpOrganisation() throws EaafException {
- final Organization organisation = Saml2Utils.createSamlObject(Organization.class);
- final OrganizationName orgName = Saml2Utils.createSamlObject(OrganizationName.class);
- final OrganizationDisplayName orgDisplayName = Saml2Utils.createSamlObject(OrganizationDisplayName.class);
- final OrganizationURL orgUrl = Saml2Utils.createSamlObject(OrganizationURL.class);
-
- orgName.setXMLLang(DEFAULT_XML_LANG);
- orgName.setValue(getAndVerifyFromConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_NAME));
-
- orgDisplayName.setXMLLang(DEFAULT_XML_LANG);
- orgDisplayName.setValue(getAndVerifyFromConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME));
-
- orgUrl.setXMLLang(DEFAULT_XML_LANG);
- orgUrl.setValue(getAndVerifyFromConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_URL));
-
-
- organisation.getOrganizationNames().add(orgName);
- organisation.getDisplayNames().add(orgDisplayName);
- organisation.getURLs().add(orgUrl);
-
- return organisation;
- }
-
-
- @Override
- public IConfiguration getBasicConfiguration() {
- return basicConfig;
-
- }
-
- private String getAndVerifyFromConfiguration(String configKey) throws EaafConfigurationException {
- final String value = basicConfig.getBasicConfiguration(configKey);
- if (StringUtils.isEmpty(value)) {
- throw new EaafConfigurationException("module.eidasauth.00",
- new Object[]{configKey});
-
- }
-
- return value;
- }
-}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java
index 8cbfb5f8..46d0e77d 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java
@@ -1,21 +1,24 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
-import at.gv.egiz.eaaf.core.api.data.EaafConstants;
-import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
-import at.gv.egiz.eaaf.core.impl.data.Triple;
-
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.impl.data.Triple;
+
public class IdAustriaClientAuthConstants {
private IdAustriaClientAuthConstants() {
}
-
+
+ public static final String ERRORCODE_02 = "module.eidasauth.idaustria.02";
+ public static final String ERRORCODE_05 = "module.eidasauth.idaustria.05";
+
public static final String SAML2_STATUSCODE_USERSTOP = "1005";
public static final String MODULE_NAME_FOR_LOGGING = "ID Austria Client";
@@ -25,16 +28,15 @@ public class IdAustriaClientAuthConstants {
// public static final String HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION =
// AuthHandlerConstants.HTTP_PARAM_EIDAS_PROCESS;
- public static final String ENDPOINT_POST = "/idAustriaSp/post";
- public static final String ENDPOINT_REDIRECT = "/idAustriaSp/redirect";
- public static final String ENDPOINT_METADATA = "/idAustriaSp/metadata";
+ public static final String ENDPOINT_POST = "/sp/idaustria/post";
+ public static final String ENDPOINT_REDIRECT = "/sp/idaustria/redirect";
+ public static final String ENDPOINT_METADATA = "/sp/idaustria/metadata";
public static final String CONFIG_PROPS_PREFIX = "modules.idaustriaclient.";
public static final String CONFIG_PROPS_KEYSTORE_TYPE = CONFIG_PROPS_PREFIX + "keystore.type";
public static final String CONFIG_PROPS_KEYSTORE_NAME = CONFIG_PROPS_PREFIX + "keystore.name";
public static final String CONFIG_PROPS_KEYSTORE_PATH = CONFIG_PROPS_PREFIX + "keystore.path";
public static final String CONFIG_PROPS_KEYSTORE_PASSWORD = CONFIG_PROPS_PREFIX + "keystore.password";
- public static final String CONFIG_PROPS_AUTH_URL = CONFIG_PROPS_PREFIX + "authurl";
public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX
+ "metadata.sign.password";
public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS = CONFIG_PROPS_PREFIX
@@ -57,28 +59,9 @@ public class IdAustriaClientAuthConstants {
+ "required.additional.attributes";
public static final String CONFIG_PROPS_REQUIRED_LOA = CONFIG_PROPS_PREFIX
+ "required.loa";
- public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "node.entityId";
- public static final String CONFIG_PROPS_SP_ENTITYID = CONFIG_PROPS_PREFIX + "sp.entityId";
- public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "node.metadataUrl";
- public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID";
-
-
- public static final String CONFIG_PROPS_METADATA_CONTACT_GIVENNAME =
- CONFIG_PROPS_PREFIX + "metadata.contact.givenname";
- public static final String CONFIG_PROPS_METADATA_CONTACT_SURNAME =
- CONFIG_PROPS_PREFIX + "metadata.contact.surname";
- public static final String CONFIG_PROPS_METADATA_CONTACT_EMAIL =
- CONFIG_PROPS_PREFIX + "metadata.contact.email";
- public static final String CONFIG_PROPS_METADATA_ORGANISATION_NAME =
- CONFIG_PROPS_PREFIX + "metadata.organisation.name";
- public static final String CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME =
- CONFIG_PROPS_PREFIX + "metadata.organisation.friendyname";
- public static final String CONFIG_PROPS_METADATA_ORGANISATION_URL =
- CONFIG_PROPS_PREFIX + "metadata.organisation.url";
-
- public static final String CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL = "auth.eidas.node.entityId";
-
-
+ public static final String CONFIG_PROPS_ID_AUSTRIA_ENTITYID = CONFIG_PROPS_PREFIX + "idaustria.idp.entityId";
+ public static final String CONFIG_PROPS_ID_AUSTRIA_METADATAURL = CONFIG_PROPS_PREFIX + "idaustria.idp.metadataUrl";
+
public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EaafConstants.EIDAS_LOA_HIGH;
public static final List<Triple<String, String, Boolean>> DEFAULT_REQUIRED_PVP_ATTRIBUTES =
@@ -105,16 +88,6 @@ public class IdAustriaClientAuthConstants {
add(Triple.newInstance(PvpAttributeDefinitions.BPK_NAME,
PvpAttributeDefinitions.BPK_FRIENDLY_NAME, true));
- // entity eID information
- // add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME,
- // ExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, true));
- // add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME,
- // ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, true));
-
- //request pII transactionId from MS-Connector
- // add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME,
- // ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_FRIENDLY_NAME, false));
-
}
});
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java
index 4e7f86f1..4527ced4 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java
@@ -8,6 +8,14 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import org.opensaml.saml.saml2.core.Attribute;
+import org.opensaml.saml.saml2.core.NameIDType;
+import org.opensaml.saml.saml2.metadata.ContactPerson;
+import org.opensaml.saml.saml2.metadata.Organization;
+import org.opensaml.saml.saml2.metadata.RequestedAttribute;
+import org.opensaml.security.credential.Credential;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.data.Triple;
@@ -16,14 +24,6 @@ import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder;
-
-import org.opensaml.saml.saml2.core.Attribute;
-import org.opensaml.saml.saml2.core.NameIDType;
-import org.opensaml.saml.saml2.metadata.ContactPerson;
-import org.opensaml.saml.saml2.metadata.Organization;
-import org.opensaml.saml.saml2.metadata.RequestedAttribute;
-import org.opensaml.security.credential.Credential;
-
import lombok.extern.slf4j.Slf4j;
/**
@@ -357,7 +357,7 @@ public class IdAustriaClientAuthMetadataConfiguration implements IPvpMetadataBui
final Map<String, RequestedAttribute> requestedAttributes = new HashMap<>();
- log.trace("Build required attributes for E-ID operaton ... ");
+ log.trace("Build required attributes for ID Austria operaton ... ");
injectDefinedAttributes(requestedAttributes,
IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/controller/IdAustriaClientAuthMetadataController.java
index 00b742dd..1e4b27f7 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/controller/IdAustriaClientAuthMetadataController.java
@@ -1,21 +1,30 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.controller;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
-import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder;
-import com.google.common.net.MediaType;
-import lombok.extern.slf4j.Slf4j;
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
+import com.google.common.net.MediaType;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataConfiguration;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider;
+import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.http.HttpUtils;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder;
+import lombok.extern.slf4j.Slf4j;
/**
* Controller that generates SAML2 metadata for eIDAS authentication client.
@@ -27,7 +36,7 @@ import java.io.IOException;
@Controller
public class IdAustriaClientAuthMetadataController extends AbstractController {
- //private static final String ERROR_CODE_INTERNAL_00 = "eaaf.core.00";
+ private static final String ERROR_CODE_INTERNAL_00 = "eaaf.core.00";
@Autowired
PvpMetadataBuilder metadatabuilder;
@@ -35,8 +44,6 @@ public class IdAustriaClientAuthMetadataController extends AbstractController {
IdAustriaClientAuthCredentialProvider credentialProvider;
@Autowired
IPvp2BasicConfiguration pvpConfiguration;
- @Autowired
- private IConfiguration basicConfig;
/**
* Default construction with logging.
@@ -64,8 +71,7 @@ public class IdAustriaClientAuthMetadataController extends AbstractController {
EaafException {
// check PublicURL prefix
try {
- final String authUrl = basicConfig.getBasicConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_AUTH_URL);
+ final String authUrl = getAuthUrlFromHttpContext(req);
// initialize metadata builder configuration
final IdAustriaClientAuthMetadataConfiguration metadataConfig =
@@ -90,29 +96,27 @@ public class IdAustriaClientAuthMetadataController extends AbstractController {
}
+ private String getAuthUrlFromHttpContext(HttpServletRequest req) throws EaafException {
+ // check if End-Point is valid
+ final String authUrlString = HttpUtils.extractAuthUrlFromRequest(req);
+ URL authReqUrl;
+ try {
+ authReqUrl = new URL(authUrlString);
- // private List<Pair<String, Boolean>> getAdditionalRequiredAttributes() {
- // final List<Pair<String, Boolean>> result = new ArrayList<>();
- //
- // // load attributes from configuration
- // final Map<String, String> addReqAttributes = authConfig.getBasicConfigurationWithPrefix(
- // IdAustriaClientAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST);
- // for (final String el : addReqAttributes.values()) {
- // if (StringUtils.isNotEmpty(el)) {
- // log.trace("Parse additional attr. definition: " + el);
- // final List<String> attr = KeyValueUtils.getListOfCsvValues(el.trim());
- // if (attr.size() == 2) {
- // result.add(Pair.newInstance(attr.get(0), Boolean.parseBoolean(attr.get(1))));
- //
- // } else {
- // log.info("IGNORE additional attr. definition: " + el
- // + " Reason: Format not valid");
- // }
- // }
- // }
- //
- // return result;
- //
- // }
+ } catch (final MalformedURLException e) {
+ log.warn("Requested URL: {} is not a valid URL.", authUrlString);
+ throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString }, e);
+
+ }
+
+ final String idpAuthUrl = authConfig.validateIdpUrl(authReqUrl);
+ if (idpAuthUrl == null) {
+ log.warn("Requested URL: {} is NOT found in configuration.", authReqUrl);
+ throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString });
+
+ }
+
+ return idpAuthUrl;
+ }
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/controller/IdAustriaClientAuthSignalController.java
index 1aceb88e..eca21683 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/controller/IdAustriaClientAuthSignalController.java
@@ -1,4 +1,4 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.controller;
import java.io.IOException;
@@ -12,13 +12,13 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
import lombok.extern.slf4j.Slf4j;
/**
- * IdAustria client controller that receives the response from national
- * IdAustria node.
+ * IdAustria client controller that receives the response from ID Austria system.
*
* @author tlenz
*
@@ -28,7 +28,6 @@ import lombok.extern.slf4j.Slf4j;
public class IdAustriaClientAuthSignalController extends AbstractProcessEngineSignalController {
public static final String HTTP_PARAM_RELAYSTATE = "RelayState";
- public static final String HTTP_PARAM_PENDINGREQUESTID = "pendingid";
/**
* Default constructor with logging.
@@ -43,7 +42,7 @@ public class IdAustriaClientAuthSignalController extends AbstractProcessEngineSi
}
/**
- * HTTP end-point for incoming SAML2 Response from ID Austria node.
+ * HTTP end-point for incoming SAML2 Response from ID Austria system.
*
* @param req HTTP request
* @param resp HTTP response
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthCredentialProvider.java
index 2608cad1..5b6085c1 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthCredentialProvider.java
@@ -1,13 +1,15 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
-import org.springframework.beans.factory.annotation.Autowired;
-
/**
* Credential provider for eIDAS PVP S-Profile client.
*
@@ -42,7 +44,7 @@ public class IdAustriaClientAuthCredentialProvider extends AbstractCredentialPro
final String path = authConfig.getBasicConfiguration(
IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH);
if (path == null) {
- throw new EaafConfigurationException("module.eidasauth.00",
+ throw new EaafConfigurationException(Constants.ERRORCODE_00,
new Object[] { IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH });
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthHealthCheck.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthHealthCheck.java
new file mode 100644
index 00000000..b54b501d
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthHealthCheck.java
@@ -0,0 +1,56 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider;
+
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.actuate.health.Health;
+import org.springframework.boot.actuate.health.HealthIndicator;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import lombok.extern.slf4j.Slf4j;
+import net.shibboleth.utilities.java.support.resolver.ResolverException;
+
+/**
+ * Spring Actuator HealthCheck for ID Austria client that evaluates the current status of
+ * ID Austria SAML2 metadata that are loaded into MS-Connector.
+ *
+ * @author tlenz
+ *
+ */
+@Slf4j
+public class IdAustriaClientAuthHealthCheck implements HealthIndicator {
+
+ @Autowired IConfiguration authConfig;
+ @Autowired IdAustriaClientAuthMetadataProvider metadataService;
+
+ @Override
+ public Health health() {
+ String msNodeEntityID = authConfig.getBasicConfiguration(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID);
+
+ if (StringUtils.isEmpty(msNodeEntityID)) {
+ log.trace("No ID Austria EntityId in configuration. Skipping tests ... ");
+ return Health.unknown().build();
+
+ }
+
+ try {
+ EntityDescriptor connectorMetadata =
+ metadataService.getEntityDescriptor(msNodeEntityID);
+ if (connectorMetadata != null) {
+ return Health.up().build();
+
+ } else {
+ return Health.outOfService().withDetail("Reason", "No SAML2 metadata").build();
+
+ }
+
+ } catch (ResolverException e) {
+ return Health.down(e).build();
+
+ }
+
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthMetadataProvider.java
index 46278ad8..7c87548f 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataProvider.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthMetadataProvider.java
@@ -1,4 +1,4 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider;
import java.io.IOException;
import java.security.KeyStore;
@@ -11,6 +11,13 @@ import java.util.List;
import javax.annotation.PostConstruct;
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.saml.metadata.resolver.MetadataResolver;
+import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
+import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
@@ -24,17 +31,10 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvid
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter;
-
-import org.apache.commons.lang3.StringUtils;
-import org.opensaml.saml.metadata.resolver.MetadataResolver;
-import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
-import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain;
-import org.springframework.beans.factory.annotation.Autowired;
-
import lombok.extern.slf4j.Slf4j;
/**
- * SAML2 metadata-provider implementation for eIDAS client.
+ * SAML2 metadata-provider implementation for ID Austria client.
*
* @author tlenz
*
@@ -42,9 +42,9 @@ import lombok.extern.slf4j.Slf4j;
@Slf4j
public class IdAustriaClientAuthMetadataProvider extends AbstractChainingMetadataProvider {
- private static final String FRIENDLYNAME_METADATA_TRUSTSTORE = "'eIDAS_client metadata truststore'";
+ private static final String FRIENDLYNAME_METADATA_TRUSTSTORE = "'ID Austria client metadata truststore'";
private static final String PROVIDER_ID_PATTERN = "eIDAS resolver: {0}";
- public static final String PROVIDER_ID = "'eIDAS_client metadata provider'";
+ public static final String PROVIDER_ID = "'ID Austria client metadata-provider'";
@Autowired
private IConfiguration basicConfig;
@@ -61,7 +61,7 @@ public class IdAustriaClientAuthMetadataProvider extends AbstractChainingMetadat
@Override
protected String getMetadataUrl(String entityId) throws EaafConfigurationException {
- log.trace("eIDAS Auth. uses SAML2 well-known location approach. EntityId is Metadata-URL");
+ log.trace("ID Austria. uses SAML2 well-known location approach. EntityId is Metadata-URL");
return entityId;
}
@@ -85,7 +85,7 @@ public class IdAustriaClientAuthMetadataProvider extends AbstractChainingMetadat
} catch (final Pvp2MetadataException e) {
log.info("Can NOT build metadata provider for entityId: {}", entityId);
- throw new EaafConfigurationException("module.eidasauth.04",
+ throw new EaafConfigurationException(IdAustriaClientAuthConstants.ERRORCODE_05,
new Object[] { entityId, e.getMessage() }, e);
}
@@ -127,7 +127,7 @@ public class IdAustriaClientAuthMetadataProvider extends AbstractChainingMetadat
private void initializeFileSystemMetadata() {
try {
final String metadataUrl = basicConfig.getBasicConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_METADATAURL);
+ IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_METADATAURL);
if (StringUtils.isNotEmpty(metadataUrl)) {
log.info("Use not recommended metadata-provider initialization!"
+ " SAML2 'Well-Known-Location' is the preferred methode.");
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
index b4fe8bd7..4d305c7d 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
@@ -23,13 +23,21 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
+import java.text.MessageFormat;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthRequestBuilderConfiguration;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
-import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
@@ -37,36 +45,19 @@ import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.core.impl.utils.Random;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PvpAuthnRequestBuilder;
import lombok.extern.slf4j.Slf4j;
import net.shibboleth.utilities.java.support.security.SecureRandomIdentifierGenerationStrategy;
-import org.apache.commons.lang3.StringUtils;
-import org.opensaml.saml.saml2.core.Attribute;
-import org.opensaml.saml.saml2.metadata.EntityDescriptor;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.text.MessageFormat;
-import java.util.ArrayList;
-import java.util.List;
/**
- * Task that searches ErnB and ZMR before adding person to SZR.
+ * Generate a SAML2 AuthnRequest to authenticate the user at ID Austria system.
*
- * @author amarsalek
+ * @author tlenz
*/
@Slf4j
@Component("GenerateMobilePhoneSignatureRequestTask")
public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServletTask {
-
- private static final String ERROR_CODE_02 = "module.eidasauth.02";
-
private static final String ERROR_MSG_1 =
"Requested 'ms-specific eIDAS node' {0} has no valid metadata or metadata is not found";
@@ -89,21 +80,20 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet
//step 15a
// get entityID for ms-specific ID Austria node
- //TODO load from config
final String msNodeEntityID = basicConfig.getBasicConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
- // final String msNodeEntityID = "classpath:/data/idp_metadata_classpath_entity.xml";
+ IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID);
if (StringUtils.isEmpty(msNodeEntityID)) {
- log.info("eIDAS authentication not possible -> NO EntityID for central eIDAS node FOUND!");
- throw new TaskExecutionException(pendingReq, "", null);
+ log.warn("ID Austria authentication not possible -> NO EntityID for ID Austria System FOUND!");
+ throw new EaafConfigurationException(Constants.ERRORCODE_00,
+ new Object[]{IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID});
}
// load IDP SAML2 entitydescriptor
final EntityDescriptor entityDesc = metadataService.getEntityDescriptor(msNodeEntityID);
if (entityDesc == null) {
- throw new EaafConfigurationException(ERROR_CODE_02,
+ throw new EaafConfigurationException(IdAustriaClientAuthConstants.ERRORCODE_02,
new Object[]{MessageFormat.format(ERROR_MSG_1, msNodeEntityID)});
}
@@ -117,16 +107,12 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet
authnReqConfig.setIdpEntity(entityDesc);
authnReqConfig.setPassive(false);
authnReqConfig.setSignCred(credential.getMessageSigningCredential());
- authnReqConfig.setSpEntityID(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_METADATA);
+ authnReqConfig.setSpEntityID(
+ pendingReq.getAuthUrlWithOutSlash() + IdAustriaClientAuthConstants.ENDPOINT_METADATA);
authnReqConfig.setRequestedLoA(authConfig.getBasicConfiguration(
IdAustriaClientAuthConstants.CONFIG_PROPS_REQUIRED_LOA,
IdAustriaClientAuthConstants.CONFIG_DEFAULT_LOA_EIDAS_LEVEL));
- authnReqConfig.setScopeRequesterId(authConfig.getBasicConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_SP_ENTITYID));
- authnReqConfig.setProviderName(pendingReq.getServiceProviderConfiguration().getFriendlyName());
- authnReqConfig.setRequestedAttributes(buildRequestedAttributes(pendingReq));
-
/*build relayState for session synchronization, because SAML2 only allows RelayState with 80 characters
* but encrypted PendingRequestId is much longer.
*/
@@ -136,37 +122,10 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet
// build and transmit AuthnRequest
authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig, relayState, response);
-
- //TODO
} catch (final Exception e) {
- e.printStackTrace();
- log.error("Initial search FAILED.", e);
- throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e);
+ throw new TaskExecutionException(pendingReq,
+ "Generation of SAML2 AuthnRequest to ID Austria System FAILED", e);
+
}
}
-
- private List<EaafRequestedAttribute> buildRequestedAttributes(IRequest pendingReq) {
- final List<EaafRequestedAttribute> attributes = new ArrayList<>();
-
- //build TransactionId attribute
- final Attribute attrTransId = PvpAttributeBuilder.buildEmptyAttribute(
- ExtendedPvpAttributeDefinitions.EID_TRANSACTION_ID_NAME);
- final EaafRequestedAttribute attrTransIdReqAttr = Saml2Utils.generateReqAuthnAttributeSimple(
- attrTransId,
- true,
- pendingReq.getUniqueTransactionIdentifier());
- attributes.add(attrTransIdReqAttr);
-
- // build EID sector for identification attribute
- final Attribute attr = PvpAttributeBuilder.buildEmptyAttribute(
- PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME);
- final EaafRequestedAttribute bpkTargetReqAttr = Saml2Utils.generateReqAuthnAttributeSimple(
- attr,
- true,
- pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
- attributes.add(bpkTargetReqAttr);
-
- return attributes;
- }
-
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
index 1dc8befd..44e13d78 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
@@ -23,6 +23,24 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
+
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.core.xml.io.MarshallingException;
+import org.opensaml.messaging.decoder.MessageDecodingException;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.core.StatusCode;
+import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
@@ -31,10 +49,10 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleMobileSignatur
import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthEventConstants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthEventConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient;
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
@@ -60,27 +78,11 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang3.StringUtils;
-import org.opensaml.core.xml.io.MarshallingException;
-import org.opensaml.messaging.decoder.MessageDecodingException;
-import org.opensaml.saml.saml2.core.Response;
-import org.opensaml.saml.saml2.core.StatusCode;
-import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.transform.TransformerException;
-import java.io.IOException;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Set;
/**
- * Task that searches ErnB and ZMR before adding person to SZR.
+ * Task that receives the SAML2 response from ID Austria system.
*
- * @author amarsalek
+ * @author tlenz
*/
@Slf4j
@Component("ReceiveMobilePhoneSignatureResponseTask")
@@ -102,9 +104,9 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
private static final String ERROR_PVP_12 = "sp.pvp2.12";
private static final String ERROR_MSG_00 =
- "Receive INVALID PVP Response from federated IDP";
+ "Receive INVALID PVP Response from ID Austria system";
private static final String ERROR_MSG_01 =
- "Processing PVP response from 'ms-specific eIDAS node' FAILED.";
+ "Processing PVP response from 'ID Austria system' FAILED.";
private static final String ERROR_MSG_02 =
"PVP response decrytion FAILED. No credential found.";
private static final String ERROR_MSG_03 =
@@ -124,29 +126,21 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
throws TaskExecutionException {
try {
log.trace("Starting ReceiveMobilePhoneSignatureResponseTask");//Node 15
- final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
- MergedRegisterSearchResult initialSearchResult =
- authProcessData.getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT,
- MergedRegisterSearchResult.class);
- SimpleEidasData eidData = authProcessData.getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS,
- SimpleEidasData.class);
-
-
InboundMessage msg = null;
-
IDecoder decoder = null;
EaafUriCompare comperator = null;
+
// select Response Binding
if (request.getMethod().equalsIgnoreCase("POST")) {
decoder = new PostBinding();
comperator = new EaafUriCompare(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_POST);
- log.trace("Receive PVP Response from 'ID Austria node', by using POST-Binding.");
+ log.trace("Receive PVP Response from 'ID Austria system', by using POST-Binding.");
} else if (request.getMethod().equalsIgnoreCase("GET")) {
decoder = new RedirectBinding();
comperator = new EaafUriCompare(pendingReq.getAuthUrl()
+ IdAustriaClientAuthConstants.ENDPOINT_REDIRECT);
- log.trace("Receive PVP Response from 'ID Austria node', by using Redirect-Binding.");
+ log.trace("Receive PVP Response from 'ID Austria system', by using Redirect-Binding.");
} else {
log.warn("Receive PVP Response, but Binding ("
@@ -180,10 +174,10 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
} else {
// validate entityId of response
final String msNodeEntityID = authConfig.getBasicConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+ IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID);
final String respEntityId = msg.getEntityID();
if (!msNodeEntityID.equals(respEntityId)) {
- log.warn("Response Issuer is not a 'ID Austria node'. Stopping eIDAS authentication ...");
+ log.warn("Response Issuer is not from valid 'ID Austria IDP'. Stopping ID Austria authentication ...");
throw new AuthnResponseValidationException(ERROR_PVP_08,
new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING,
msg.getEntityID()});
@@ -194,6 +188,29 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
final AssertionAttributeExtractor extractor =
new AssertionAttributeExtractor(processedMsg.getFirst().getResponse());
+
+
+
+ /*
+ * SAML2 response ist bereits vollständig validiert und die Attribute können aus dem
+ * <AssertionAttributeExtractor extractor> ausgelesen werden.
+ * Die AttributeNamen sind entsprechend PVP Spezifikation, z.B. PvpAttributeDefinitions.GIVEN_NAME_NAME
+ *
+ * ---------------------------------------------------------------------------------------------
+ *
+ * TODO: ab hier müssen wir wohl was anpassen
+ *
+ */
+
+ //load additional search-data from pendingRequest
+ final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ MergedRegisterSearchResult initialSearchResult =
+ authProcessData.getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT,
+ MergedRegisterSearchResult.class);
+ SimpleEidasData eidData = authProcessData.getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS,
+ SimpleEidasData.class);
+
+
SimpleMobileSignatureData simpleMobileSignatureData =
getAuthDataFromInterfederation(extractor, authProcessData);
if (!simpleMobileSignatureData.equalsSimpleEidasData(eidData)) {
@@ -278,8 +295,8 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
return Pair.newInstance(msg, false);
} else {
- log.info("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue()
- + " from 'ms-specific eIDAS node'.");
+ log.info("Receive StatusCode {} from 'ms-specific eIDAS node'.",
+ samlResp.getStatus().getStatusCode().getValue());
StatusCode subStatusCode = getSubStatusCode(samlResp);
if (subStatusCode != null
&& IdAustriaClientAuthConstants.SAML2_STATUSCODE_USERSTOP.equals(subStatusCode.getValue())) {
@@ -311,6 +328,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
&& StringUtils.isNotEmpty(samlResp.getStatus().getStatusCode().getStatusCode().getValue())) {
return samlResp.getStatus().getStatusCode().getStatusCode();
}
+
return null;
}
@@ -352,34 +370,8 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
}
- //set piiTransactionId from eIDAS Connector
- // String piiTransactionId = extractor.getSingleAttributeValue(
- // ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME);
- // if (StringUtils.isNotEmpty(piiTransactionId) && pendingReq instanceof RequestImpl) {
- // log.info("Receive piiTransactionId from Austrian eIDAS Connector. Use this for further processing");
- // ((RequestImpl) pendingReq).setUniquePiiTransactionIdentifier(piiTransactionId);
- //
- // } else {
- // log.debug("Receive no piiTransactionId from Austrian eIDAS Connector.");
- //
- // }
-
- // set foreigner flag
- // session.setForeigner(true);
-
- // set IssuerInstant from Assertion
authProcessData.setIssueInstant(extractor.getAssertionIssuingDate());
- // set CCE URL
- //if (extractor.getFullAssertion().getIssuer() != null
- //&& StringUtils.isNotEmpty(extractor.getFullAssertion().getIssuer().getValue())) {
- // session.setVdaUrl(extractor.getFullAssertion().getIssuer().getValue());
-
- //} //else {
- // session.setVdaUrl("eIDAS_Authentication");
-
- //}
-
} catch (final AssertionValidationExeption e) {
throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e);
@@ -387,39 +379,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
return simpleMobileSignatureData;
}
- // private void injectAuthInfosIntoSession(AhAuthProcessDataWrapper session, String attrName, String attrValue)
- // throws EaafStorageException, MisException, IOException {
- // log.trace("Inject attribute: {} with value: {} into AuthSession", attrName, attrValue);
- // log.debug("Inject attribute: {} into AuthSession", attrName);
- //
- // if (ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME.equals(attrName)) {
- // log.debug("Find eidasBind attribute. Switching to E-ID mode ... ");
- // session.setEidProcess(true);
- // session.setQcBind(attrValue);
- // // session.setVsz(extractVszFromEidasBind(attrValue));
- // //T
- //
- // } else if (ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME.equals(attrName)) {
- // session.setSignedAuthBlock(Base64.getDecoder().decode(attrValue));
- // session.setSignedAuthBlockType(AuthHandlerConstants.AuthBlockType.JWS);
- //
- // } else if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) {
- // session.setQaaLevel(attrValue);
- //
- // // } else if (ExtendedPvpAttributeDefinitions.EID_MIS_MANDATE_NAME.equals(attrName)
- // // && authConfig.getBasicConfigurationBoolean(
- // // IdAustriaClientAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) {
- // // session.setMandateDate(new SignedMandateDao(attrValue));
- // // session.setUseMandates(true);
- // //
- // } else {
- // session.setGenericDataToSession(attrName, attrValue);
- //
- // }
- //
- // }
-
-
+
private MergedRegisterSearchResult searchInZmrAndErnp(String bpkzp) {
List<RegisterResult> resultsZmr = zmrClient.searchWithBpkZp(bpkzp);
List<RegisterResult> resultsErnp = ernpClient.searchWithBpkZp(bpkzp);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
index 019cb03c..a720c1f8 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
@@ -11,8 +11,8 @@
<context:annotation-config />
- <import
- resource="classpath:specificCommunicationDefinitionApplicationContext.xml" />
+ <bean id="eidasConnectorMessageSource"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.config.EidasConnectorMessageSource"/>
<bean id="SZRClientForeIDAS"
class="at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient" />
@@ -22,29 +22,7 @@
<bean id="ZmrClientForeIDAS"
class="at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.DummyZmrClient" />
-
- <bean id="specificConnectorAttributesFile"
- class="java.lang.String">
- <constructor-arg value="eidas-attributes.xml" />
- </bean>
-
- <bean id="specificAdditionalAttributesFile"
- class="java.lang.String">
- <constructor-arg value="additional-attributes.xml" />
- </bean>
-
- <bean id="specificConnectorAttributesFileWithPath"
- class="java.lang.String">
- <constructor-arg
- value="#{specificConnectorConfigRepository}#{specificConnectorAttributesFile}" />
- </bean>
-
- <bean id="specificConnectorAdditionalAttributesFileWithPath"
- class="java.lang.String">
- <constructor-arg
- value="#{specificConnectorConfigRepository}#{specificAdditionalAttributesFile}" />
- </bean>
-
+
<bean id="eIDASAuthModule"
class="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasAuthenticationModulImpl">
<property name="priority" value="2" />
@@ -88,6 +66,24 @@
class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ItSpecificDetailSearchProcessor">
</bean>
+
+ <!-- ID Austria client specific services -->
+ <bean id="idAustriaClientAuthCredentialProvider"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider" />
+
+ <bean id="idAustriaClientAuthMetadataProvider"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider" />
+
+ <bean id="idAustriaClientMetadataHealthCheck"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthHealthCheck" />
+
+ <bean id="idAustriaClientAuthMetadataController"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.controller.IdAustriaClientAuthMetadataController" />
+
+ <bean id="idAustriaClientAuthSignalController"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.controller.IdAustriaClientAuthSignalController" />
+
+
<!-- Authentication Process Tasks -->
<bean id="ConnecteIDASNodeTask"
class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask"
@@ -134,19 +130,5 @@
class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveGuiAustrianResidenceResponseTask"
scope="prototype" />
- <bean id="idAustriaClientAuthCredentialProvider"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider" />
-
- <bean id="idAustriaClientAuthMetadataProvider"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider" />
-
- <bean id="idAustriaClientAuthMetadataController"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController" />
-
- <bean id="idAustriaClientAuthSignalController"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthSignalController" />
-
-
-
</beans> \ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml
new file mode 100644
index 00000000..cde9687e
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <context:annotation-config />
+
+ <import
+ resource="classpath:specificCommunicationDefinitionApplicationContext.xml" />
+
+ <bean id="specificConnectorAttributesFile"
+ class="java.lang.String">
+ <constructor-arg value="eidas-attributes.xml" />
+ </bean>
+
+ <bean id="specificAdditionalAttributesFile"
+ class="java.lang.String">
+ <constructor-arg value="additional-attributes.xml" />
+ </bean>
+
+ <bean id="specificConnectorAttributesFileWithPath"
+ class="java.lang.String">
+ <constructor-arg
+ value="#{specificConnectorConfigRepository}#{specificConnectorAttributesFile}" />
+ </bean>
+
+ <bean id="specificConnectorAdditionalAttributesFileWithPath"
+ class="java.lang.String">
+ <constructor-arg
+ value="#{specificConnectorConfigRepository}#{specificAdditionalAttributesFile}" />
+ </bean>
+
+</beans> \ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
new file mode 100644
index 00000000..a2437ce6
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
@@ -0,0 +1,15 @@
+module.eidasauth.00=Wrong configuration. Missing property: {0}
+
+module.eidasauth.idaustria.02=eIDAS module has an error in configuration. Reason: {0}
+module.eidasauth.idaustria.05=eIDAS module can not initialize SAML2 metadata provider for entityId: {0}. Reason: {1}
+
+
+module.eidasauth.01=eIDAS module has an error in configuration: {0}. Reason: {1}
+
+module.eidasauth.03=eIDAS module has a general error during request pre-processing. Reason: {0}
+module.eidasauth.04=eIDAS module has a general error during response post-processing.
+module.eidasauth.06=eIDAS module was selected, but eIDAS is NOT enabled for SP: {0}
+
+
+module.eidasauth.98=eIDAS module has an internal error. Reason: {0}
+module.eidasauth.99=eIDAS module has an generic internal error.
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/config/EidasConnectorMessageSourceTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/config/EidasConnectorMessageSourceTest.java
new file mode 100644
index 00000000..1f96b25c
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/config/EidasConnectorMessageSourceTest.java
@@ -0,0 +1,43 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.config;
+
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = {
+ "/SpringTest-context_tasks_test.xml",
+ "/SpringTest-context_basic_mapConfig.xml"})
+@DirtiesContext
+public class EidasConnectorMessageSourceTest {
+
+ @Autowired
+ private ResourceLoader loader;
+ @Autowired(required = false)
+ private List<IMessageSourceLocation> messageSources;
+
+ @Test
+ public void checkMessageSources() {
+ Assert.assertNotNull("No messageSource", messageSources);
+
+ for (final IMessageSourceLocation messageSource : messageSources) {
+ Assert.assertNotNull("No sourcePath", messageSource.getMessageSourceLocation());
+
+ for (final String el : messageSource.getMessageSourceLocation()) {
+ final Resource messages = loader.getResource(el + ".properties");
+ Assert.assertTrue("Source not exist", messages.exists());
+
+ }
+ }
+ }
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaAuthSignalControllerTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaAuthSignalControllerTest.java
new file mode 100644
index 00000000..cddcd11c
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaAuthSignalControllerTest.java
@@ -0,0 +1,197 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.util.SerializationUtils;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.controller.IdAustriaClientAuthSignalController;
+import at.gv.egiz.eaaf.core.api.IRequestStorage;
+import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
+import at.gv.egiz.eaaf.core.api.data.ExceptionContainer;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyProtocolAuthService;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.process.spring.test.DummyTransactionStorage.DummyDbEntry;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = {
+ "/SpringTest-context_tasks_test.xml",
+ "/SpringTest-context_basic_mapConfig.xml"
+})
+public class IdAustriaAuthSignalControllerTest {
+
+ @Autowired(required = true)
+ private IdAustriaClientAuthSignalController controller;
+ @Autowired(required = true)
+ private ITransactionStorage cache;
+ @Autowired(required = true)
+ private IPendingRequestIdGenerationStrategy pendingReqGeneration;
+ @Autowired(required = true)
+ private IRequestStorage reqStorage;
+ @Autowired(required = true)
+ private IConfiguration basicConfig;
+ @Autowired private ITransactionStorage transactionStorage;
+
+ @Autowired private DummyProtocolAuthService protAuthService;
+
+ @Test
+ public void noRelayState() throws IOException, EaafException {
+ final MockHttpServletRequest httpReq =
+ new MockHttpServletRequest("POST", "https://localhost/authhandler");
+ final MockHttpServletResponse httpResp = new MockHttpServletResponse();
+
+ controller.performAuthentication(httpReq, httpResp);
+ Assert.assertEquals("httpStausCode", 200, httpResp.getStatus());
+
+ final String errorId = protAuthService.getErrorKey();
+ final Object error = cache.get(errorId);
+ Assert.assertNotNull("Error is null", error);
+ org.springframework.util.Assert.isInstanceOf(byte[].class,
+ ((DummyDbEntry) error).getObj());
+ final Object errorObj = SerializationUtils.deserialize((byte[]) ((DummyDbEntry) error).getObj());
+ org.springframework.util.Assert.isInstanceOf(ExceptionContainer.class, errorObj);
+ org.springframework.util.Assert.isInstanceOf(EaafException.class,
+ ((ExceptionContainer) errorObj).getExceptionThrown());
+
+ }
+
+ @Test
+ public void validRelayStateNoPendingReqId() throws EaafException, IOException {
+ final String pendingReqId = pendingReqGeneration.generateExternalPendingRequestId();
+ final MockHttpServletRequest httpReq =
+ new MockHttpServletRequest("POST", "https://localhost/authhandler");
+ httpReq.addParameter(IdAustriaClientAuthSignalController.HTTP_PARAM_RELAYSTATE, pendingReqId);
+ final MockHttpServletResponse httpResp = new MockHttpServletResponse();
+
+ controller.performAuthentication(httpReq, httpResp);
+ Assert.assertEquals("httpStausCode", 200, httpResp.getStatus());
+
+ final String errorId = protAuthService.getErrorKey();
+ final Object error = cache.get(errorId);
+ Assert.assertNotNull("Error is null", error);
+ org.springframework.util.Assert.isInstanceOf(byte[].class,
+ ((DummyDbEntry) error).getObj());
+ final Object errorObj = SerializationUtils.deserialize((byte[]) ((DummyDbEntry) error).getObj());
+ org.springframework.util.Assert.isInstanceOf(ExceptionContainer.class, errorObj);
+ org.springframework.util.Assert.isInstanceOf(EaafException.class,
+ ((ExceptionContainer) errorObj).getExceptionThrown());
+ //TODO:
+ Assert.assertEquals("ErrorCode not match", "auth.26",
+ ((EaafException) ((ExceptionContainer) errorObj).getExceptionThrown()).getErrorId());
+
+ }
+
+ @Test
+ public void validRelayStateSuspectPendingReqId() throws EaafException, IOException {
+ String relayState = RandomStringUtils.randomAlphanumeric(10);
+ transactionStorage.put(relayState, false, -1);
+
+ final MockHttpServletRequest httpReq =
+ new MockHttpServletRequest("POST", "https://localhost/authhandler");
+ httpReq.addParameter(IdAustriaClientAuthSignalController.HTTP_PARAM_RELAYSTATE, relayState);
+ final MockHttpServletResponse httpResp = new MockHttpServletResponse();
+
+ controller.performAuthentication(httpReq, httpResp);
+ Assert.assertEquals("httpStausCode", 200, httpResp.getStatus());
+
+ final String errorId = protAuthService.getErrorKey();
+ final Object error = cache.get(errorId);
+ Assert.assertNotNull("Error is null", error);
+ org.springframework.util.Assert.isInstanceOf(byte[].class,
+ ((DummyDbEntry) error).getObj());
+ final Object errorObj = SerializationUtils.deserialize((byte[]) ((DummyDbEntry) error).getObj());
+ org.springframework.util.Assert.isInstanceOf(ExceptionContainer.class, errorObj);
+ org.springframework.util.Assert.isInstanceOf(EaafException.class,
+ ((ExceptionContainer) errorObj).getExceptionThrown());
+ //TODO:
+ Assert.assertEquals("ErrorCode not match", "auth.26",
+ ((EaafException) ((ExceptionContainer) errorObj).getExceptionThrown()).getErrorId());
+
+ Assert.assertNull("RelayState was not removed", transactionStorage.get(relayState));
+
+ }
+
+ @Test
+ public void validRelayStateNoPendingReq() throws EaafException, IOException {
+ final String pendingReqId = pendingReqGeneration.generateExternalPendingRequestId();
+ String relayState = RandomStringUtils.randomAlphanumeric(10);
+ transactionStorage.put(relayState, pendingReqId, -1);
+
+ final MockHttpServletRequest httpReq =
+ new MockHttpServletRequest("POST", "https://localhost/authhandler");
+ httpReq.addParameter(IdAustriaClientAuthSignalController.HTTP_PARAM_RELAYSTATE, relayState);
+ final MockHttpServletResponse httpResp = new MockHttpServletResponse();
+
+ controller.performAuthentication(httpReq, httpResp);
+ Assert.assertEquals("httpStausCode", 200, httpResp.getStatus());
+
+ final String errorId = protAuthService.getErrorKey();
+ final Object error = cache.get(errorId);
+ Assert.assertNotNull("Error is null", error);
+ org.springframework.util.Assert.isInstanceOf(byte[].class,
+ ((DummyDbEntry) error).getObj());
+ final Object errorObj = SerializationUtils.deserialize((byte[]) ((DummyDbEntry) error).getObj());
+ org.springframework.util.Assert.isInstanceOf(ExceptionContainer.class, errorObj);
+ org.springframework.util.Assert.isInstanceOf(EaafException.class,
+ ((ExceptionContainer) errorObj).getExceptionThrown());
+ Assert.assertEquals("ErrorCode not match", "auth.28",
+ ((EaafException) ((ExceptionContainer) errorObj).getExceptionThrown()).getErrorId());
+
+ Assert.assertNull("RelayState was not removed", transactionStorage.get(relayState));
+
+ }
+
+ @Test
+ public void validRelayStateWithPendingReq() throws EaafException, IOException {
+ final String pendingReqId = pendingReqGeneration.generateExternalPendingRequestId();
+
+ String relayState = RandomStringUtils.randomAlphanumeric(10);
+ transactionStorage.put(relayState, pendingReqId, -1);
+
+ final TestRequestImpl pendingReq = new TestRequestImpl();
+ pendingReq.setPendingReqId(pendingReqId);
+ pendingReq.setAuthUrl("http://localhost/idp");
+ final Map<String, String> spConfigMap = new HashMap<>();
+ spConfigMap.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "http://test.sp");
+ final DummySpConfiguration spConfig = new DummySpConfiguration(spConfigMap, basicConfig);
+ pendingReq.setSpConfig(spConfig);
+ reqStorage.storePendingRequest(pendingReq);
+
+ final MockHttpServletRequest httpReq =
+ new MockHttpServletRequest("POST", "https://localhost/authhandler");
+ httpReq.addParameter(IdAustriaClientAuthSignalController.HTTP_PARAM_RELAYSTATE, relayState);
+ final MockHttpServletResponse httpResp = new MockHttpServletResponse();
+
+ controller.performAuthentication(httpReq, httpResp);
+
+ Assert.assertEquals("httpStausCode", 200, httpResp.getStatus());
+
+ final String errorId = protAuthService.getErrorKey();
+ final Object error = cache.get(errorId);
+ Assert.assertNotNull("Error is null", error);
+ org.springframework.util.Assert.isInstanceOf(byte[].class,
+ ((DummyDbEntry) error).getObj());
+ final Object errorObj = SerializationUtils.deserialize((byte[]) ((DummyDbEntry) error).getObj());
+ org.springframework.util.Assert.isInstanceOf(ExceptionContainer.class, errorObj);
+ org.springframework.util.Assert.isInstanceOf(EaafException.class,
+ ((ExceptionContainer) errorObj).getExceptionThrown());
+ Assert.assertEquals("ErrorCode not match",
+ "PendingRequest object is not of type 'RequestImpl.class'",
+ ((EaafException) ((ExceptionContainer) errorObj).getExceptionThrown()).getErrorId());
+ }
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthHealthCheckTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthHealthCheckTest.java
new file mode 100644
index 00000000..a583ab2a
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthHealthCheckTest.java
@@ -0,0 +1,128 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient;
+
+import org.joda.time.DateTime;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.MarshallingException;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.actuate.health.Health;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.w3c.dom.Element;
+
+import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthHealthCheck;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import net.shibboleth.utilities.java.support.resolver.ResolverException;
+import net.shibboleth.utilities.java.support.xml.SerializeSupport;
+import net.shibboleth.utilities.java.support.xml.XMLParserException;
+import okhttp3.HttpUrl;
+import okhttp3.mockwebserver.MockResponse;
+import okhttp3.mockwebserver.MockWebServer;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = {
+ "/SpringTest-context_tasks_test.xml",
+ "/SpringTest-context_basic_mapConfig.xml"
+})
+public class IdAustriaClientAuthHealthCheckTest {
+
+ @Autowired private IdAustriaClientAuthHealthCheck toCheck;
+ @Autowired protected MsConnectorDummyConfigMap config;
+ @Autowired private IPvp2CredentialProvider credentialProvider;
+ @Autowired IdAustriaClientAuthMetadataProvider provider;
+
+ private static MockWebServer mockWebServer;
+ private static HttpUrl mockServerUrl;
+
+ /**
+ * JUnit class initializer.
+ *
+ * @throws Exception In case of an OpenSAML3 initialization error
+ */
+ @BeforeClass
+ public static void classInitializer() throws Exception {
+ EaafOpenSaml3xInitializer.eaafInitialize();
+
+ mockWebServer = new MockWebServer();
+ mockServerUrl = mockWebServer.url("/sp/metadata");
+
+ }
+
+ @Test
+ public void notActive() {
+ //set-up test
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID,
+ null);
+
+ //perform check
+ Health status = toCheck.health();
+
+ //evaluate status
+ Assert.assertEquals("wrong status", Health.unknown().build().getStatus(), status.getStatus());
+
+ }
+
+ @Test
+ public void success() throws SamlSigningException, CredentialsNotAvailableException,
+ XMLParserException, UnmarshallingException, MarshallingException {
+
+ //set-up test
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID,
+ mockServerUrl.url().toString());
+ injectValidHttpMetadata(mockServerUrl.url().toString());
+
+ //perform check
+ Health status = toCheck.health();
+
+ //evaluate status
+ Assert.assertEquals("wrong status", Health.up().build().getStatus(), status.getStatus());
+
+ }
+
+ @Test
+ public void invalid() throws SamlSigningException, CredentialsNotAvailableException,
+ XMLParserException, UnmarshallingException, MarshallingException, ResolverException {
+ //set-up test
+ provider.clear();
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID,
+ "http://localhost:1234/junit/metadata");
+
+ //perform check
+ Health status = toCheck.health();
+
+ //evaluate status
+ Assert.assertEquals("wrong status", Health.outOfService().build().getStatus(), status.getStatus());
+
+ }
+
+ private String injectValidHttpMetadata(String dynEntityId) throws XMLParserException,
+ UnmarshallingException, MarshallingException, SamlSigningException, CredentialsNotAvailableException {
+ final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
+ XMLObjectProviderRegistrySupport.getParserPool(),
+ IdAustriaClientAuthHealthCheckTest.class.getResourceAsStream("/data/idp_metadata_no_sig.xml"));
+ metadata.setValidUntil(DateTime.now().plusDays(1));
+ metadata.setSignature(null);
+ metadata.setEntityID(dynEntityId);
+ Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true);
+ final Element metadataElement = XMLObjectSupport.marshall(metadata);
+ mockWebServer.enqueue(new MockResponse().setResponseCode(200)
+ .setBody(SerializeSupport.nodeToString(metadataElement))
+ .setHeader("Content-Type", "text/html;charset=utf-8"));
+ return dynEntityId;
+
+}
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java
index c99c6e6a..4671684f 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java
@@ -3,18 +3,10 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController;
-import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
-import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
@@ -24,16 +16,16 @@ import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.metadata.resolver.filter.FilterException;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.security.x509.BasicX509Credential;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.controller.IdAustriaClientAuthMetadataController;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
@@ -43,14 +35,11 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException;
@RunWith(SpringJUnit4ClassRunner.class)
-//@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties"})
-@TestPropertySource(locations = { "classpath:/config/junit_config_1_springboot.properties" })
@ContextConfiguration(locations = {
"/SpringTest-context_tasks_test.xml",
"/SpringTest-context_basic_mapConfig.xml"
})
@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS)
-@Ignore
public class IdAustriaClientAuthMetadataControllerTest {
private MockHttpServletRequest httpReq;
@@ -58,7 +47,6 @@ public class IdAustriaClientAuthMetadataControllerTest {
@Autowired private IdAustriaClientAuthMetadataController controller;
@Autowired private IdAustriaClientAuthCredentialProvider credProvider;
- @Autowired private DummyAuthConfigMap config;
/**
* JUnit class initializer.
@@ -80,28 +68,17 @@ public class IdAustriaClientAuthMetadataControllerTest {
httpReq.setContextPath("/authhandler");
httpResp = new MockHttpServletResponse();
- config.removeConfigValue("core.legacy.allowLegacyMode");
- config.removeConfigValue("modules.eidascentralauth.semper.mandates.active");
- config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.1");
- config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.2");
- config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.3");
- config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.4");
- config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.5");
- config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.6");
-
}
@Test
public void buildMetadataValidInEidMode() throws IOException, EaafException,
XMLParserException, UnmarshallingException, FilterException {
- config.putConfigValue("core.legacy.allowLegacyMode", "false");
- config.putConfigValue("modules.eidascentralauth.semper.mandates.active", "false");
//build metdata
controller.getSpMetadata(httpReq, httpResp);
//check result
- validateResponse(6);
+ validateResponse(7);
}
@@ -137,10 +114,6 @@ public class IdAustriaClientAuthMetadataControllerTest {
Assert.assertFalse("AssertionConsumerServices",
spSsoDesc.getAssertionConsumerServices().isEmpty());
- Assert.assertFalse("ContactPersons",
- metadata.getContactPersons().isEmpty());
- Assert.assertNotNull("ContactPersons",
- metadata.getOrganization());
Assert.assertFalse("KeyDescriptors",
spSsoDesc.getKeyDescriptors().isEmpty());
@@ -157,13 +130,4 @@ public class IdAustriaClientAuthMetadataControllerTest {
spSsoDesc.getAttributeConsumingServices().get(0).getRequestAttributes().size());
}
-
- private List<BasicX509Credential> convertX509Certs(List<X509Certificate> certs) {
- final List<BasicX509Credential> result = new ArrayList<>();
- for (final X509Certificate cert : certs) {
- result.add(new BasicX509Credential(cert));
-
- }
- return result;
- }
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderFirstTest.java
new file mode 100644
index 00000000..da10fc54
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderFirstTest.java
@@ -0,0 +1,238 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient;
+
+import java.io.IOException;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.joda.time.DateTime;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.criterion.EntityIdCriterion;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.MarshallingException;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.w3c.dom.Element;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest;
+import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
+import net.shibboleth.utilities.java.support.resolver.ResolverException;
+import net.shibboleth.utilities.java.support.xml.SerializeSupport;
+import net.shibboleth.utilities.java.support.xml.XMLParserException;
+import okhttp3.HttpUrl;
+import okhttp3.mockwebserver.MockResponse;
+import okhttp3.mockwebserver.MockWebServer;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = {
+ "/SpringTest-context_tasks_test.xml",
+ "/SpringTest-context_basic_mapConfig.xml"
+})
+public class IdAustriaClientAuthMetadataProviderFirstTest {
+
+ @Autowired
+ IPvp2CredentialProvider credentialProvider;
+ @Autowired
+ IdAustriaClientAuthMetadataProvider provider;
+ @Autowired
+ PvpMetadataResolverFactory resolverFactory;
+
+ private static MockWebServer mockWebServer;
+ private static HttpUrl mockServerUrl;
+
+ /**
+ * JUnit class initializer.
+ *
+ * @throws Exception In case of an OpenSAML3 initialization error
+ */
+ @BeforeClass
+ public static void classInitializer() throws Exception {
+ EaafOpenSaml3xInitializer.eaafInitialize();
+
+ mockWebServer = new MockWebServer();
+ mockServerUrl = mockWebServer.url("/sp/metadata");
+
+ }
+
+ /**
+ * jUnit test set-up.
+ *
+ * @throws ResolverException
+ *
+ */
+ @Before
+ public void testSetup() {
+ provider.fullyDestroy();
+
+ }
+
+ @Test
+ public void simpleManuelAddingTest() throws Pvp2MetadataException, ResolverException {
+ final IPvp2MetadataProvider resolver1 = resolverFactory.createMetadataProvider(
+ "classpath:/data/idp_metadata_sig_notvalid.xml",
+ null, "junit", null);
+ Assert.assertNotNull("Resolver 1 is null", resolver1);
+ provider.addMetadataResolverIntoChain(resolver1);
+
+ final IPvp2MetadataProvider resolver2 = resolverFactory.createMetadataProvider(
+ "classpath:/data/idp_metadata_sig_valid_wrong_alg.xml",
+ null, "junit", null);
+ Assert.assertNotNull("Resolver 2 is null", resolver2);
+ provider.addMetadataResolverIntoChain(resolver2);
+
+ final EntityDescriptor entity1 = provider.getEntityDescriptor("https://localEntity");
+ Assert.assertNotNull("Entity 1 not found", entity1);
+
+ final EntityDescriptor entity2 = provider.getEntityDescriptor(
+ "https://vidp.gv.at/ms_connector/pvp/metadata");
+ Assert.assertNotNull("Entity 2 not found", entity2);
+
+ final EntityDescriptor entity3 = provider.getEntityDescriptor("https://egiz.gv.at/abababa");
+ Assert.assertNull("Entity 3 found", entity3);
+
+ }
+
+ @Test
+ public void dynamicLoadingNoValidSignature() throws ResolverException {
+ final EntityDescriptor entity = provider.getEntityDescriptor("classpath:/data/idp_metadata_no_sig2.xml");
+ Assert.assertNull("Entity found", entity);
+
+ }
+
+ @Test
+ public void dynamicLoadingValidSignature() throws XMLParserException, UnmarshallingException,
+ SamlSigningException, CredentialsNotAvailableException, MarshallingException, ResolverException {
+
+ final String entityId = injectValidHttpMetadata();
+ final EntityDescriptor entity = provider.getEntityDescriptor(entityId);
+ Assert.assertNotNull("Entity not found", entity);
+
+ }
+
+ @Test
+ public void reloadNotPossible() throws XMLParserException, UnmarshallingException,
+ SamlSigningException, CredentialsNotAvailableException, MarshallingException, ResolverException {
+
+ final String entityId = injectValidHttpMetadata();
+ final EntityDescriptor entity = provider.getEntityDescriptor(entityId);
+ Assert.assertNotNull("Entity not found", entity);
+ Assert.assertNotNull("Entity not found",
+ provider.resolveSingle(generateEntityIdCreteria(entityId)));
+
+ Assert.assertFalse("Refresh should not be possible",
+ provider.refreshMetadataProvider(entityId));
+
+ final EntityDescriptor entity2 = provider.getEntityDescriptor(entityId);
+ Assert.assertNull("Entity not found", entity2);
+ Assert.assertNull("Entity not found",
+ provider.resolveSingle(generateEntityIdCreteria(entityId)));
+
+ Assert.assertFalse("Last refresh", provider.wasLastRefreshSuccess());
+
+ }
+
+ @Test
+ public void refeshTest() throws Pvp2MetadataException, ResolverException {
+ Assert.assertFalse("Last refresh", provider.wasLastRefreshSuccess());
+ Assert.assertNull("LastRefresh", provider.getLastRefresh());
+ Assert.assertNull("LastSuccessfulRefresh", provider.getLastSuccessfulRefresh());
+ Assert.assertNull("LastUpdate", provider.getLastUpdate());
+
+ final IPvp2MetadataProvider resolver1 = resolverFactory.createMetadataProvider(
+ "classpath:/data/idp_metadata_sig_notvalid.xml",
+ null, "junit", null);
+ Assert.assertNotNull("Resolver 1 is null", resolver1);
+ provider.addMetadataResolverIntoChain(resolver1);
+
+ final IPvp2MetadataProvider resolver2 = resolverFactory.createMetadataProvider(
+ "classpath:/data/idp_metadata_sig_valid_wrong_alg.xml",
+ null, "junit", null);
+ Assert.assertNotNull("Resolver 2 is null", resolver2);
+ provider.addMetadataResolverIntoChain(resolver2);
+
+ provider.refresh();
+
+ Assert.assertTrue("Last refresh", provider.wasLastRefreshSuccess());
+ Assert.assertNotNull("LastRefresh", provider.getLastRefresh());
+ Assert.assertNotNull("LastSuccessfulRefresh", provider.getLastSuccessfulRefresh());
+ Assert.assertNotNull("LastUpdate", provider.getLastUpdate());
+
+ }
+
+ @Test
+ public void reloadPossible() throws XMLParserException, UnmarshallingException,
+ SamlSigningException, CredentialsNotAvailableException, MarshallingException, ResolverException,
+ IOException {
+
+ mockWebServer.shutdown();
+ mockWebServer = new MockWebServer();
+ mockServerUrl = mockWebServer.url("/sp/metadata");
+
+ final String entityId = injectValidHttpMetadata();
+ final EntityDescriptor entity = provider.getEntityDescriptor(entityId);
+ Assert.assertNotNull("Entity not found", entity);
+ Assert.assertNotNull("Entity not found",
+ provider.resolveSingle(generateEntityIdCreteria(entityId)));
+
+ Assert.assertFalse("Last refresh", provider.wasLastRefreshSuccess());
+
+ injectValidHttpMetadata(entityId);
+ Assert.assertTrue("Refresh should not be possible",
+ provider.refreshMetadataProvider(entityId));
+
+ final EntityDescriptor entity2 = provider.getEntityDescriptor(entityId);
+ Assert.assertNotNull("Entity not found", entity2);
+ Assert.assertNotNull("Entity not found",
+ provider.resolveSingle(generateEntityIdCreteria(entityId)));
+
+ Assert.assertFalse("Last refresh", provider.wasLastRefreshSuccess());
+
+ }
+
+ private String injectValidHttpMetadata() throws SamlSigningException, CredentialsNotAvailableException,
+ XMLParserException, UnmarshallingException, MarshallingException {
+ return injectValidHttpMetadata(mockServerUrl.url().toString()
+ + "/" + RandomStringUtils.randomAlphabetic(5));
+ }
+
+ private String injectValidHttpMetadata(String dynEntityId) throws XMLParserException,
+ UnmarshallingException,
+ MarshallingException, SamlSigningException, CredentialsNotAvailableException {
+ final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
+ XMLObjectProviderRegistrySupport.getParserPool(),
+ MetadataResolverTest.class.getResourceAsStream("/data/idp_metadata_no_sig.xml"));
+ metadata.setValidUntil(DateTime.now().plusDays(1));
+ metadata.setSignature(null);
+ metadata.setEntityID(dynEntityId);
+ Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true);
+ final Element metadataElement = XMLObjectSupport.marshall(metadata);
+ mockWebServer.enqueue(new MockResponse().setResponseCode(200)
+ .setBody(SerializeSupport.nodeToString(metadataElement))
+ .setHeader("Content-Type", "text/html;charset=utf-8"));
+
+ return dynEntityId;
+
+ }
+
+ private CriteriaSet generateEntityIdCreteria(String entityId) {
+ final CriteriaSet result = new CriteriaSet();
+ result.add(new EntityIdCriterion(entityId));
+ return result;
+
+ }
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderSecondTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderSecondTest.java
new file mode 100644
index 00000000..3ee6ddcd
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderSecondTest.java
@@ -0,0 +1,66 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import net.shibboleth.utilities.java.support.resolver.ResolverException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = {
+ "/SpringTest-context_tasks_test.xml",
+ "/SpringTest-context_basic_mapConfig.xml"
+})
+public class IdAustriaClientAuthMetadataProviderSecondTest {
+
+ @Autowired
+ IdAustriaClientAuthMetadataProvider provider;
+
+ /**
+ * JUnit class initializer.
+ *
+ * @throws Exception In case of an OpenSAML3 initialization error
+ */
+ @BeforeClass
+ public static void classInitializer() throws Exception {
+ EaafOpenSaml3xInitializer.eaafInitialize();
+
+ }
+
+ /**
+ * jUnit test set-up.
+ *
+ * @throws ResolverException
+ *
+ */
+ @Before
+ public void testSetup() {
+ provider.fullyDestroy();
+
+ }
+
+ @Test
+ public void notTrustedX509CertsInTrustStore() throws ResolverException {
+ final EntityDescriptor entity = provider.getEntityDescriptor("classpath:/data/idp_metadata_no_sig2.xml");
+ Assert.assertNull("Entity found", entity);
+
+ }
+
+ @Test
+ public void readStaticInfos() {
+ Assert.assertEquals("wrong providerId",
+ IdAustriaClientAuthMetadataProvider.PROVIDER_ID, provider.getId());
+
+ provider.runGarbageCollector();
+
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientCredentialProviderTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientCredentialProviderTest.java
new file mode 100644
index 00000000..3e37e1a6
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientCredentialProviderTest.java
@@ -0,0 +1,414 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import com.google.common.base.Optional;
+import com.google.common.base.Predicates;
+import com.google.common.base.Throwables;
+import com.google.common.collect.FluentIterable;
+
+import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = {
+ "/SpringTest-context_basic_lazy.xml",
+ "/SpringTest-context_basic_mapConfig.xml"
+})
+@DirtiesContext
+public class IdAustriaClientCredentialProviderTest {
+
+ private static final String PATH_JKS = "../keystore/junit_test.jks";
+ private static final String ALIAS_METADATA = "meta";
+ private static final String ALIAS_SIGN = "sig";
+ private static final String ALIAS_ENC = "enc";
+ private static final String PASSWORD = "password";
+
+ @Autowired
+ private ApplicationContext context;
+ @Autowired(required = true)
+ protected MsConnectorDummyConfigMap config;
+
+ /**
+ * jUnit test initializer.
+ */
+ @Before
+ public void initialize() {
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH, PATH_JKS);
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PASSWORD, PASSWORD);
+
+ config.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS);
+ config.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD);
+
+ config.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS);
+ config.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD);
+
+ config.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS);
+ config.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD);
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void noKeyStoreUrl() {
+ config.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH);
+ try {
+ context.getBean(IdAustriaClientAuthCredentialProvider.class);
+ Assert.fail("No KeyStore not detected");
+
+ } catch (final BeansException e) {
+ org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class,
+ e.getCause(), "Wrong exception");
+ }
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void noKeyStore() {
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH,
+ "src/test/resources/config/notExist.p12");
+ try {
+ context.getBean(IdAustriaClientAuthCredentialProvider.class);
+ Assert.fail("No KeyStore not detected");
+
+ } catch (final BeansException e) {
+ final Optional<Throwable> eaafException = FluentIterable.from(
+ Throwables.getCausalChain(e)).filter(
+ Predicates.instanceOf(EaafConfigurationException.class)).first();
+ Assert.assertTrue("Wrong exception", eaafException.isPresent());
+ Assert.assertEquals("Wrong errorId", "internal.keystore.06",
+ ((EaafException) eaafException.get()).getErrorId());
+
+ }
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void noWrongKeyStorePassword() {
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PASSWORD, "test");
+ try {
+ context.getBean(IdAustriaClientAuthCredentialProvider.class);
+ Assert.fail("No KeyStore not detected");
+
+ } catch (final BeansException e) {
+ final Optional<Throwable> eaafException = FluentIterable.from(
+ Throwables.getCausalChain(e)).filter(
+ Predicates.instanceOf(EaafFactoryException.class)).first();
+ Assert.assertTrue("Wrong exception", eaafException.isPresent());
+ Assert.assertEquals("Wrong errorId", "internal.keystore.06",
+ ((EaafException) eaafException.get()).getErrorId());
+
+ }
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void notKeyConfigurationWrongAlias() {
+ final IdAustriaClientAuthCredentialProvider credential = context.getBean(
+ IdAustriaClientAuthCredentialProvider.class);
+
+ Assert.assertNotNull("Credetialprovider", credential);
+ Assert.assertNotNull("Friendlyname", credential.getFriendlyName());
+
+ try {
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS,
+ RandomStringUtils.randomAlphabetic(5));
+ credential.getMetaDataSigningCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS,
+ RandomStringUtils.randomAlphabetic(5));
+ credential.getMessageSigningCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS,
+ RandomStringUtils.randomAlphabetic(5));
+ credential.getMessageEncryptionCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void notKeyConfigurationWrongPassword() {
+ final IdAustriaClientAuthCredentialProvider credential = context.getBean(
+ IdAustriaClientAuthCredentialProvider.class);
+
+ Assert.assertNotNull("Credetialprovider", credential);
+ Assert.assertNotNull("Friendlyname", credential.getFriendlyName());
+
+ try {
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD,
+ RandomStringUtils.randomAlphabetic(5));
+ credential.getMetaDataSigningCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD,
+ RandomStringUtils.randomAlphabetic(5));
+ credential.getMessageSigningCredential();
+ Assert.fail("No message signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD,
+ RandomStringUtils.randomAlphabetic(5));
+ final EaafX509Credential encCred = credential.getMessageEncryptionCredential();
+ Assert.assertNull("No encryption signing credentials not detected", encCred);
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void notKeyConfigurationValidAliasWrongPassword() {
+ final IdAustriaClientAuthCredentialProvider credential = context.getBean(
+ IdAustriaClientAuthCredentialProvider.class);
+
+ Assert.assertNotNull("Credetialprovider", credential);
+ Assert.assertNotNull("Friendlyname", credential.getFriendlyName());
+
+ try {
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS,
+ ALIAS_METADATA);
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD,
+ RandomStringUtils.randomAlphabetic(5));
+ credential.getMetaDataSigningCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS,
+ ALIAS_SIGN);
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD,
+ RandomStringUtils.randomAlphabetic(5));
+ credential.getMessageSigningCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS,
+ ALIAS_ENC);
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD,
+ RandomStringUtils.randomAlphabetic(5));
+ credential.getMessageEncryptionCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+ }
+
+ @Test
+ @DirtiesContext
+ public void notKeyConfigurationWrongAliasValidPassword() {
+ final IdAustriaClientAuthCredentialProvider credential = context.getBean(
+ IdAustriaClientAuthCredentialProvider.class);
+
+ Assert.assertNotNull("Credetialprovider", credential);
+ Assert.assertNotNull("Friendlyname", credential.getFriendlyName());
+
+ try {
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS,
+ RandomStringUtils.randomAlphabetic(5));
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD,
+ PASSWORD);
+ credential.getMetaDataSigningCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS,
+ RandomStringUtils.randomAlphabetic(5));
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD,
+ PASSWORD);
+ credential.getMessageSigningCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS,
+ RandomStringUtils.randomAlphabetic(5));
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD,
+ PASSWORD);
+ credential.getMessageEncryptionCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+ }
+
+ @Test
+ @DirtiesContext
+ public void validonfiguration() throws CredentialsNotAvailableException {
+ final IdAustriaClientAuthCredentialProvider credential = context.getBean(
+ IdAustriaClientAuthCredentialProvider.class);
+
+ Assert.assertNotNull("Credetialprovider", credential);
+ Assert.assertNotNull("Friendlyname", credential.getFriendlyName());
+
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS,
+ ALIAS_METADATA);
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD,
+ PASSWORD);
+ credential.getMetaDataSigningCredential();
+
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS,
+ ALIAS_SIGN);
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD,
+ PASSWORD);
+ credential.getMessageSigningCredential();
+
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS,
+ ALIAS_ENC);
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD,
+ PASSWORD);
+ credential.getMessageEncryptionCredential();
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void notKeyConfiguration() {
+ final IdAustriaClientAuthCredentialProvider credential = context.getBean(
+ IdAustriaClientAuthCredentialProvider.class);
+
+ Assert.assertNotNull("Credetialprovider", credential);
+ Assert.assertNotNull("Friendlyname", credential.getFriendlyName());
+
+ try {
+ credential.getMetaDataSigningCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ credential.getMessageSigningCredential();
+ Assert.fail("No message signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ final EaafX509Credential encCred = credential.getMessageEncryptionCredential();
+ Assert.assertNull("No encryption signing credentials not detected", encCred);
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void notKeyConfigurationPkcs12() {
+ config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH,
+ "../keystore/pvp.p12");
+ final IdAustriaClientAuthCredentialProvider credential = context.getBean(
+ IdAustriaClientAuthCredentialProvider.class);
+
+ Assert.assertNotNull("Credetialprovider", credential);
+ Assert.assertNotNull("Friendlyname", credential.getFriendlyName());
+
+ try {
+ credential.getMetaDataSigningCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ credential.getMessageSigningCredential();
+ Assert.fail("No message signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ final EaafX509Credential encCred = credential.getMessageEncryptionCredential();
+ Assert.assertNull("No encryption signing credentials not detected", encCred);
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+ }
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java
index 2579bb40..4fb05a35 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java
@@ -1,38 +1,19 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateMobilePhoneSignatureRequestTask;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyAuthConfigMap;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA;
-import at.gv.egiz.eaaf.core.api.data.EaafConstants;
-import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
-import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory;
-import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
-import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
+import static org.junit.Assert.assertThrows;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.util.Base64;
+import java.util.Map;
+
import org.apache.commons.lang3.RandomStringUtils;
-import org.apache.commons.lang3.StringUtils;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
-import org.opensaml.core.xml.schema.XSString;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.core.AuthnRequest;
@@ -41,23 +22,38 @@ import org.springframework.context.ApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-import java.util.Base64;
-import java.util.Map;
+import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateMobilePhoneSignatureRequestTask;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
@RunWith(SpringJUnit4ClassRunner.class)
-@TestPropertySource(locations = {"classpath:/config/junit_config_1-.properties" })
-//@ContextConfiguration({"/spring/SpringTest-context_mapConfig_full.xml", "classpath:/spring/test_eaaf_core.beans.xml"})
-//@TestPropertySource(locations = { "classpath:/config/junit_config_1_springboot.properties" })
@ContextConfiguration(locations = {
- "/SpringTest-context_tasks_test1.xml",
- "/SpringTest-context_basic_mapConfig1.xml"
+ "/SpringTest-context_tasks_test.xml",
+ "/SpringTest-context_basic_mapConfig.xml",
+ "classpath:/eaaf_pvp_sp.beans.xml"
})
public class GenerateMobilePhoneSignatureRequestTaskTest {
@@ -68,7 +64,7 @@ public class GenerateMobilePhoneSignatureRequestTaskTest {
@Autowired(required = true)
private ApplicationContext context;
@Autowired(required = true)
- protected DummyAuthConfigMap authConfig;
+ protected MsConnectorDummyConfigMap authConfig;
@Autowired
private IdAustriaClientAuthMetadataProvider metadataProvider;
@Autowired
@@ -77,8 +73,8 @@ public class GenerateMobilePhoneSignatureRequestTaskTest {
private DummyGuiBuilderConfigurationFactory guiBuilderConfigFactory;
@Autowired
private SamlVerificationEngine samlVerifyEngine;
-// @Autowired
-// private ITransactionStorage transactionStorage;
+ @Autowired
+ private ITransactionStorage transactionStorage;
final ExecutionContext executionContext = new ExecutionContextImpl();
private MockHttpServletRequest httpReq;
@@ -106,27 +102,26 @@ public class GenerateMobilePhoneSignatureRequestTaskTest {
*/
@Before
public void setUp() throws Exception {
- task = (GenerateMobilePhoneSignatureRequestTask) context.getBean("GenerateMobilePhoneSignatureRequestTask");
+ task = (GenerateMobilePhoneSignatureRequestTask) context.getBean(
+ "GenerateMobilePhoneSignatureRequestTask");
httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
httpResp = new MockHttpServletResponse();
RequestContextHolder.resetRequestAttributes();
RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
- authConfig.putConfigValue("modules.idaustriaclient.request.sign.alias", "sig");
+ authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID,
+ METADATA_PATH);
+ authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS,
+ "sig");
oaParam = new DummyOA();
oaParam.setUniqueAppId("http://test.com/test");
- oaParam.setBmiUniqueIdentifier(oaParam.getUniqueIdentifier() + "#" + RandomStringUtils.randomAlphanumeric(5));
+ oaParam.setBmiUniqueIdentifier(oaParam.getUniqueIdentifier() + "#" + RandomStringUtils.randomAlphanumeric(
+ 5));
oaParam.setTargetIdentifier(
EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2));
oaParam.setEidasEnabled(true);
- oaParam.putGenericConfigurationKey(
- IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, null);
- // oaParam.setMandateProfilesCsv(
- // RandomStringUtils.randomAlphabetic(5)
- // + "," + RandomStringUtils.randomAlphabetic(5)
- // + "," + RandomStringUtils.randomAlphabetic(5));
pendingReq = new TestRequestImpl();
pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
@@ -140,108 +135,69 @@ public class GenerateMobilePhoneSignatureRequestTaskTest {
@Test
public void noMetadataAvailableOnGlobalConfig() {
- authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID,
- RandomStringUtils.randomAlphabetic(10));
-
- try {
- task.execute(pendingReq, executionContext);
- Assert.fail();
-
- } catch (final TaskExecutionException e) {
- Assert.assertNotNull(e.getPendingRequestID());
- Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- Assert.assertNotNull(e.getOriginalException());
- org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class,
- e.getOriginalException());
- Assert.assertEquals("module.eidasauth.02",
- ((EaafConfigurationException) e.getOriginalException()).getErrorId());
-
- }
+ authConfig.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID);
+
+ final TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("module.eidasauth.00",
+ ((EaafConfigurationException) e.getOriginalException()).getErrorId());
+
}
@Test
- public void noMetadataAvailableOnSpConfig() {
- oaParam.putGenericConfigurationKey(IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL,
- RandomStringUtils.randomAlphabetic(10));
-
- try {
- task.execute(pendingReq, executionContext);
- Assert.fail();
-
- } catch (final TaskExecutionException e) {
- Assert.assertNotNull(e.getPendingRequestID());
- Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- Assert.assertNotNull(e.getOriginalException());
- org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class,
- e.getOriginalException());
- Assert.assertEquals("module.eidasauth.02",
- ((EaafConfigurationException) e.getOriginalException()).getErrorId());
-
- }
+ public void wrongMetadataAvailableOnGlobalConfig() {
+ authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID,
+ "http://wrong.path/" + RandomStringUtils.randomAlphabetic(5));
+
+ final TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("module.eidasauth.idaustria.02",
+ ((EaafConfigurationException) e.getOriginalException()).getErrorId());
+
}
@Test
public void noMetadataSigningKeyStore() throws Pvp2MetadataException {
- oaParam.putGenericConfigurationKey(IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL,
- METADATA_PATH);
-
- authConfig.removeConfigValue("modules.idaustriaclient.request.sign.alias");
+ authConfig.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS);
metadataProvider.addMetadataResolverIntoChain(
metadataFactory.createMetadataProvider(METADATA_PATH, null, "jUnitTest", null));
- try {
- task.execute(pendingReq, executionContext);
- Assert.fail();
-
- } catch (final TaskExecutionException e) {
- Assert.assertNotNull(e.getPendingRequestID());
- Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- Assert.assertNotNull(e.getOriginalException());
- org.springframework.util.Assert.isInstanceOf(CredentialsNotAvailableException.class,
- e.getOriginalException());
- Assert.assertEquals("internal.pvp.01",
- ((CredentialsNotAvailableException) e.getOriginalException()).getErrorId());
+ final TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(CredentialsNotAvailableException.class,
+ e.getOriginalException());
+ Assert.assertEquals("internal.pvp.01",
+ ((CredentialsNotAvailableException) e.getOriginalException()).getErrorId());
- }
}
@Test
public void success() throws Exception {
- oaParam.putGenericConfigurationKey(IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL,
- METADATA_PATH);
metadataProvider.addMetadataResolverIntoChain(
metadataFactory.createMetadataProvider(METADATA_PATH, null, "jUnitTest", null));
pendingReq.setTransactionId(RandomStringUtils.randomAlphanumeric(10));
task.execute(pendingReq, executionContext);
- final EaafRequestedAttributes reqAttr = validate();
- Assert.assertEquals("#Req Attribute", 2, reqAttr.getAttributes().size());
-
- Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.transactionId",
- reqAttr.getAttributes().get(0).getName());
- Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(0).getAttributeValues());
- Assert.assertEquals("#Req. Attr value", 1,
- reqAttr.getAttributes().get(0).getAttributeValues().size());
- org.springframework.util.Assert.isInstanceOf(XSString.class,
- reqAttr.getAttributes().get(0).getAttributeValues().get(0), "Wrong requested Attributes Value type");
- Assert.assertEquals("Req. Attr. Value", pendingReq.getUniqueTransactionIdentifier(),
- ((XSString) reqAttr.getAttributes().get(0).getAttributeValues().get(0)).getValue());
-
- Assert.assertEquals("Wrong req attr.", "urn:oid:1.2.40.0.10.2.1.1.261.34",
- reqAttr.getAttributes().get(1).getName());
- Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(1).getAttributeValues());
- Assert.assertEquals("#Req. Attr value", 1,
- reqAttr.getAttributes().get(1).getAttributeValues().size());
- org.springframework.util.Assert.isInstanceOf(XSString.class,
- reqAttr.getAttributes().get(1).getAttributeValues().get(0), "Wrong requested Attributes Value type");
- Assert.assertEquals("Req. Attr. Value", oaParam.getAreaSpecificTargetIdentifier(),
- ((XSString) reqAttr.getAttributes().get(1).getAttributeValues().get(0)).getValue());
+ validate();
}
- private EaafRequestedAttributes validate() throws Exception {
+ private void validate() throws Exception {
Assert.assertEquals("HTTP Statuscode", 200, httpResp.getStatus());
Assert.assertEquals("ContentType", "text/html;charset=UTF-8", httpResp.getContentType());
Assert.assertEquals("ContentEncoding", "UTF-8", httpResp.getCharacterEncoding());
@@ -252,18 +208,15 @@ public class GenerateMobilePhoneSignatureRequestTaskTest {
final int startIndex = html.indexOf("SAMLRequest=");
Assert.assertTrue("No SAMLRequest in html", startIndex >= 0);
final String authnXml = html.substring(startIndex + "SAMLRequest=".length());
- //TODO why do i have to do that?? => remove "} from end
-// String authnXml2 = authnXml1.substring(0,authnXml1.length()-2);
- //check if relaystate was stored
+ // check if relaystate was stored
final int startIndexRelayState = html.indexOf("RelayState=");
Assert.assertTrue("wrong RelayState in HTML",
startIndexRelayState >= 0);
- String relayState = html.substring(startIndexRelayState + "RelayState=".length(), startIndex);
-// String storedPendingReqId = transactionStorage.get(relayState, String.class);
-// Assert.assertEquals("relayStore not map to pendingRequestId",
-// pendingReq.getPendingRequestId(), storedPendingReqId);
-
+ final String relayState = html.substring(startIndexRelayState + "RelayState=".length(), startIndex);
+ final String storedPendingReqId = transactionStorage.get(relayState, String.class);
+ Assert.assertEquals("relayStore not map to pendingRequestId",
+ pendingReq.getPendingRequestId(), storedPendingReqId);
final AuthnRequest authnRequest = (AuthnRequest) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(), new ByteArrayInputStream(
@@ -275,25 +228,17 @@ public class GenerateMobilePhoneSignatureRequestTaskTest {
"https://localhost/authhandler" + IdAustriaClientAuthConstants.ENDPOINT_METADATA,
authnRequest.getIssuer().getValue());
- //check XML scheme
+ // check XML scheme
Saml2Utils.schemeValidation(authnRequest);
-
- //check signature
+ // check signature
final PvpSProfileRequest msg = new PvpSProfileRequest(
authnRequest,
SAMLConstants.SAML2_POST_BINDING_URI);
msg.setEntityID(authnRequest.getIssuer().getValue());
metadataProvider.addMetadataResolverIntoChain(
metadataFactory.createMetadataProvider(METADATA_SP_PATH, null, "jUnit SP", null));
- //samlVerifyEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
-//TODO
- //check other elements
-// Assert.assertNotNull("Proxy-Scope", authnRequest.getScoping());
-// Assert.assertNotNull("RequesterIds", authnRequest.getScoping().getRequesterIDs());
-// Assert.assertEquals("#RequesterIds", 1, authnRequest.getScoping().getRequesterIDs().size());
-// Assert.assertEquals("RequesterId", oaParam.getUniqueApplicationRegisterIdentifier(),
-// authnRequest.getScoping().getRequesterIDs().get(0).getRequesterID());
+ samlVerifyEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
Assert.assertNotNull("RequestedAuthnContext", authnRequest.getRequestedAuthnContext());
Assert.assertNotNull("AuthnContextClassRef",
@@ -303,15 +248,6 @@ public class GenerateMobilePhoneSignatureRequestTaskTest {
Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/high",
authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().get(0).getAuthnContextClassRef());
- Assert.assertNotNull("Extensions", authnRequest.getExtensions());
- Assert.assertFalse("No Requested attributes",
- authnRequest.getExtensions().getUnknownXMLObjects().isEmpty());
-
- Assert.assertEquals("#ReqAttributes", 1, authnRequest.getExtensions().getUnknownXMLObjects().size());
- org.springframework.util.Assert.isInstanceOf(EaafRequestedAttributes.class,
- authnRequest.getExtensions().getUnknownXMLObjects().get(0), "No Requested Attributes object");
-
- return (EaafRequestedAttributes) authnRequest.getExtensions().getUnknownXMLObjects().get(0);
}
private IVelocityGuiBuilderConfiguration createDummyGuiConfig() {
@@ -334,7 +270,8 @@ public class GenerateMobilePhoneSignatureRequestTaskTest {
@Override
public InputStream getTemplate(String viewName) {
- return GenerateMobilePhoneSignatureRequestTaskTest.class.getResourceAsStream("/data/pvp_postbinding_template.html");
+ return GenerateMobilePhoneSignatureRequestTaskTest.class.getResourceAsStream(
+ "/data/pvp_postbinding_template.html");
}
@Override
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java
index 550c2f13..fb34a2dd 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java
@@ -1,24 +1,12 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
+import static org.junit.Assert.assertThrows;
import java.io.IOException;
import java.util.Base64;
import javax.xml.transform.TransformerException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyAuthConfigMap;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyPendingRequest;
-import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.joda.time.DateTime;
@@ -42,11 +30,22 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
+import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyPendingRequest;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
-import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
@@ -60,29 +59,24 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationExceptio
import net.shibboleth.utilities.java.support.xml.XMLParserException;
@RunWith(SpringJUnit4ClassRunner.class)
-//@ContextConfiguration({"/spring/SpringTest-context_mapConfig_full.xml", "classpath:/spring/test_eaaf_core.beans.xml"})
@ContextConfiguration(locations = {
- "/SpringTest-context_tasks_test1.xml",
- "/SpringTest-context_basic_mapConfig1.xml"
+ "/SpringTest-context_tasks_test.xml",
+ "/SpringTest-context_basic_mapConfig.xml"
})
public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml";
- private static final String METADATA_PATH1 = "classpath:/data/idp_metadata_classpath_entity1.xml";
- private static final String TEST_SIGNED_AUTHBLOCK = "MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQG"
- + "EwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMw"
- + "MDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0"
- + "YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SYO4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eT"
- + "OWdiQX0GpDIBspYMZh8ZKcwwCgYIKoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImnAiA2KwFt"
- + "zO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA==";
@Autowired(required = true)
private ApplicationContext context;
@Autowired(required = true)
- protected DummyAuthConfigMap authConfig;
- @Autowired private IdAustriaClientAuthMetadataProvider metadataProvider;
- @Autowired private IdAustriaClientAuthCredentialProvider credentialProvider;
- @Autowired private PvpMetadataResolverFactory metadataFactory;
+ protected MsConnectorDummyConfigMap authConfig;
+ @Autowired
+ private IdAustriaClientAuthMetadataProvider metadataProvider;
+ @Autowired
+ private IdAustriaClientAuthCredentialProvider credentialProvider;
+ @Autowired
+ private PvpMetadataResolverFactory metadataFactory;
final ExecutionContext executionContext = new ExecutionContextImpl();
private MockHttpServletRequest httpReq;
@@ -110,7 +104,8 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
*/
@Before
public void setUp() throws Exception {
- task = (ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask) context.getBean("ReceiveMobilePhoneSignatureResponseTask");
+ task = (ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask) context.getBean(
+ "ReceiveMobilePhoneSignatureResponseTask");
httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
httpReq.setScheme("https");
@@ -120,28 +115,18 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
RequestContextHolder.resetRequestAttributes();
RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
- authConfig.putConfigValue("modules.eidascentralauth.request.sign.alias", "sig");
-// authConfig.putConfigValue(AuthHandlerConstants.PROP_CONFIG_LEGACY_ALLOW, "false");
+ authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID,
+ METADATA_PATH);
oaParam = new DummyOA();
oaParam.setUniqueAppId("http://test.com/test");
oaParam.setTargetIdentifier(
EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2));
- oaParam.setEidasEnabled(true);
- oaParam.putGenericConfigurationKey(
- IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
- oaParam.putGenericConfigurationKey(
- IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, null);
- oaParam.setMandateProfilesCsv(
- RandomStringUtils.randomAlphabetic(5)
- + "," + RandomStringUtils.randomAlphabetic(5)
- + "," + RandomStringUtils.randomAlphabetic(5));
pendingReq = new DummyPendingRequest();
pendingReq.initialize(httpReq, authConfig);
pendingReq.setPendingRequestId(RandomStringUtils.randomAlphanumeric(10));
pendingReq.setOnlineApplicationConfiguration(oaParam);
- //pendingReq.setAuthUrl("https://localhost/authhandler");
metadataProvider.fullyDestroy();
@@ -153,20 +138,17 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
RequestContextHolder.resetRequestAttributes();
RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
- try {
- task.execute(pendingReq, executionContext);
- Assert.fail("Invalid response not detected");
+ final TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
- } catch (final TaskExecutionException e) {
- Assert.assertNotNull(e.getPendingRequestID());
- Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- Assert.assertNotNull(e.getOriginalException());
- org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
- e.getOriginalException());
- Assert.assertEquals("sp.pvp2.03",
- ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.03",
+ ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
- }
}
@Test
@@ -175,61 +157,52 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
RequestContextHolder.resetRequestAttributes();
RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
- try {
- task.execute(pendingReq, executionContext);
- Assert.fail("Invalid response not detected");
+ final TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
- } catch (final TaskExecutionException e) {
- Assert.assertNotNull(e.getPendingRequestID());
- Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- Assert.assertNotNull(e.getOriginalException());
- org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
- e.getOriginalException());
- Assert.assertEquals("sp.pvp2.12",
- ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.12",
+ ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
- }
}
@Test
public void httpPostNoMessage() {
- try {
- task.execute(pendingReq, executionContext);
- Assert.fail("Invalid response not detected");
+ final TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
- } catch (final TaskExecutionException e) {
- Assert.assertNotNull(e.getPendingRequestID());
- Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- Assert.assertNotNull(e.getOriginalException());
- org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
- e.getOriginalException());
- Assert.assertEquals("sp.pvp2.12",
- ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.12",
+ ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
- }
}
@Test
public void httpPostMessageNotSigned() throws IOException {
httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- IOUtils.toByteArray(ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.class.getResourceAsStream(
- "/data/Response_without_sig_classpath_entityid.xml"))));
-
- try {
- task.execute(pendingReq, executionContext);
- Assert.fail("Invalid response not detected");
+ IOUtils.toByteArray(ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.class
+ .getResourceAsStream(
+ "/data/Response_without_sig_classpath_entityid.xml"))));
+
+ final TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.12",
+ ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
- } catch (final TaskExecutionException e) {
- Assert.assertNotNull(e.getPendingRequestID());
- Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- Assert.assertNotNull(e.getOriginalException());
- org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
- e.getOriginalException());
- Assert.assertEquals("sp.pvp2.12",
- ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
-
- }
}
@Test
@@ -242,22 +215,20 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
"/data/Response_with_wrong_destination_endpoint.xml",
credentialProvider.getMessageSigningCredential(), true);
httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
+ "UTF-8")));
- try {
- task.execute(pendingReq, executionContext);
- Assert.fail("Invalid response not detected");
+ final TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
- } catch (final TaskExecutionException e) {
- Assert.assertNotNull(e.getPendingRequestID());
- Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- Assert.assertNotNull(e.getOriginalException());
- org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
- e.getOriginalException());
- Assert.assertEquals("sp.pvp2.12",
- ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.12",
+ ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
- }
}
@Test
@@ -270,22 +241,19 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
"/data/Response_without_sig_classpath_entityid.xml",
credentialProvider.getMessageSigningCredential(), true);
httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
+ "UTF-8")));
+
+ final TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.11",
+ ((EaafException) e.getOriginalException()).getErrorId());
- try {
- task.execute(pendingReq, executionContext);
- Assert.fail("Invalid response not detected");
-
- } catch (final TaskExecutionException e) {
- Assert.assertNotNull(e.getPendingRequestID());
- Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- Assert.assertNotNull(e.getOriginalException());
- org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
- e.getOriginalException());
- Assert.assertEquals("sp.pvp2.11",
- ((EaafException) e.getOriginalException()).getErrorId());
-
- }
}
@Test
@@ -301,22 +269,20 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
"/data/Response_without_sig_classpath_entityid.xml",
credentialProvider.getMessageSigningCredential(), false);
httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
+ "UTF-8")));
- try {
- task.execute(pendingReq, executionContext);
- Assert.fail("Invalid response not detected");
+ final TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
- } catch (final TaskExecutionException e) {
- Assert.assertNotNull(e.getPendingRequestID());
- Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- Assert.assertNotNull(e.getOriginalException());
- org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
- e.getOriginalException());
- Assert.assertEquals("sp.pvp2.12",
- ((EaafException) e.getOriginalException()).getErrorId());
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.12",
+ ((EaafException) e.getOriginalException()).getErrorId());
- }
}
@Test
@@ -324,36 +290,32 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
MarshallingException, TransformerException {
- oaParam.putGenericConfigurationKey(
- IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, "http://wrong.idp");
-
+ authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID,
+ "http://wrong.idp/" + RandomStringUtils.randomAlphabetic(5));
+
metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
METADATA_PATH, null, "jUnit IDP", null));
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH1, null, "jUnit IDP", null));
final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity1.xml",
+ "classpath:/data/idp_metadata_classpath_entity.xml",
"/data/Response_without_sig_classpath_entityid.xml",
credentialProvider.getMessageSigningCredential(),
true);
httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
+ "UTF-8")));
- try {
- task.execute(pendingReq, executionContext);
- Assert.fail("Invalid response not detected");
+ final TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
- } catch (final TaskExecutionException e) {
- Assert.assertNotNull(e.getPendingRequestID());
- Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- Assert.assertNotNull(e.getOriginalException());
- org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
- e.getOriginalException());
- Assert.assertEquals("sp.pvp2.08",
- ((EaafException) e.getOriginalException()).getErrorId());
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.08",
+ ((EaafException) e.getOriginalException()).getErrorId());
- }
}
@Test
@@ -361,9 +323,6 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
MarshallingException, TransformerException {
- oaParam.putGenericConfigurationKey(
- IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
-
metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
METADATA_PATH, null, "jUnit IDP", null));
@@ -373,22 +332,20 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
credentialProvider.getMessageSigningCredential(),
true);
httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
+ "UTF-8")));
- try {
- task.execute(pendingReq, executionContext);
- Assert.fail("Invalid response not detected");
+ final TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
- } catch (final TaskExecutionException e) {
- Assert.assertNotNull(e.getPendingRequestID());
- Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- Assert.assertNotNull(e.getOriginalException());
- org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
- e.getOriginalException());
- Assert.assertEquals("sp.pvp2.12",
- ((EaafException) e.getOriginalException()).getErrorId());
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.12",
+ ((EaafException) e.getOriginalException()).getErrorId());
- }
}
@Test
@@ -396,9 +353,6 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
MarshallingException, TransformerException {
- oaParam.putGenericConfigurationKey(
- IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
-
metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
METADATA_PATH, null, "jUnit IDP", null));
@@ -408,22 +362,20 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
credentialProvider.getMessageSigningCredential(),
true);
httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
+ "UTF-8")));
- try {
- task.execute(pendingReq, executionContext);
- Assert.fail("Invalid response not detected");
+ final TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
- } catch (final TaskExecutionException e) {
- Assert.assertNotNull(e.getPendingRequestID());
- Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- Assert.assertNotNull(e.getOriginalException());
- org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
- e.getOriginalException());
- Assert.assertEquals("sp.pvp2.05",
- ((EaafException) e.getOriginalException()).getErrorId());
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.05",
+ ((EaafException) e.getOriginalException()).getErrorId());
- }
}
@Test
@@ -431,9 +383,6 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
MarshallingException, TransformerException, TaskExecutionException {
- oaParam.putGenericConfigurationKey(
- IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
-
metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
METADATA_PATH, null, "jUnit IDP", null));
@@ -443,12 +392,13 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
credentialProvider.getMessageSigningCredential(),
true);
httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
+ "UTF-8")));
- //perform test
+ // perform test
task.execute(pendingReq, executionContext);
- //validate state
+ // validate state
Assert.assertTrue("process not cancelled", executionContext.isProcessCancelled());
Assert.assertTrue("process not stopped by user", pendingReq.isAbortedByUser());
Assert.assertFalse("should not authenticated", pendingReq.isAuthenticated());
@@ -460,9 +410,6 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
MarshallingException, TransformerException {
- oaParam.putGenericConfigurationKey(
- IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
-
metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
METADATA_PATH, null, "jUnit IDP", null));
@@ -472,7 +419,8 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
credentialProvider.getMessageSigningCredential(),
true);
httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
+ "UTF-8")));
try {
task.execute(pendingReq, executionContext);
@@ -495,9 +443,6 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
MarshallingException, TransformerException {
- oaParam.putGenericConfigurationKey(
- IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
-
metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
METADATA_PATH, null, "jUnit IDP", null));
@@ -507,7 +452,8 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
credentialProvider.getMessageSigningCredential(),
true);
httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
+ "UTF-8")));
try {
task.execute(pendingReq, executionContext);
@@ -530,9 +476,6 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
MarshallingException, TransformerException, TaskExecutionException, EaafStorageException {
- oaParam.putGenericConfigurationKey(
- IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
-
metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
METADATA_PATH, null, "jUnit IDP", null));
@@ -542,57 +485,27 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
credentialProvider.getMessageSigningCredential(),
true);
httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
+ "UTF-8")));
- //put SimpleEidasData in session
+ // put SimpleEidasData in session
final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
- SimpleEidasData eidData = new SimpleEidasData();
+ final SimpleEidasData eidData = new SimpleEidasData();
eidData.setFamilyName("Mustermann");
eidData.setGivenName("Max");
eidData.setDateOfBirth("1940-01-01");
authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
- //perform task
+ // perform task
task.execute(pendingReq, executionContext);
- //validate state
-// Assert.assertTrue("Wrong EID-Process flag",
-// (boolean) executionContext.get(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS));
-// Assert.assertFalse("Wrong Mandate flag",
-// (boolean) executionContext.get(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES));
-
-// Assert.assertEquals("piiTransactionId", "piiId_112233445566", pendingReq.getUniquePiiTransactionIdentifier());
-
+ // validate state
final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
-
-// Assert.assertTrue("E-ID flag", session.isEidProcess());
-// Assert.assertTrue("Foreign flag", session.isForeigner());
-// Assert.assertEquals("eidasBind", EIDAS_BIND, session.getQcBind());
-// Assert.assertEquals("vsz",
-// "OD/kCGIFbjLTW0po6IZSmoaz3uhPYlO3S5bs9JnK0A5DHtufM3APLuDc3Llp4PeNdEa4NrCmgHr1YUiHT5irT8eDAfGpIbQHJg==",
-// session.getVsz());
-// Assert.assertArrayEquals("signedConsent",
-// Base64.getDecoder().decode(TEST_SIGNED_AUTHBLOCK), session.getSignedAuthBlock());
-// Assert.assertEquals("AuthBlockType", AuthHandlerConstants.AuthBlockType.JWS, session.getSignedAuthBlockType());
-
Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel());
-// Assert.assertEquals("CountryCode", "IT", session.getGenericDataFromSession(
-// ExtendedPvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class));
Assert.assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString());
-// Assert.assertNull("SigCert", session.getEncodedSignerCertificate());
-
-// Assert.assertFalse("Mandate flag", session.isMandateUsed());
-// Assert.assertNull("MandateInfos", session.getMandateDate());
+ //TODO:
- Assert.assertNull("MandateType", session.getGenericDataFromSession(
- ExtendedPvpAttributeDefinitions.MANDATE_TYPE_NAME, String.class));
- Assert.assertNull("Legal Person CommonName", session.getGenericDataFromSession(
- ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, String.class));
- Assert.assertNull("Legal Person SourcePin",session.getGenericDataFromSession(
- ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class));
- Assert.assertNull("Legal Person SourcePinType", session.getGenericDataFromSession(
- ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class));
}
@Test
@@ -600,9 +513,6 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
MarshallingException, TransformerException, TaskExecutionException, EaafStorageException {
- oaParam.putGenericConfigurationKey(
- IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
-
metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
METADATA_PATH, null, "jUnit IDP", null));
@@ -612,17 +522,18 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
credentialProvider.getMessageSigningCredential(),
true);
httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
+ "UTF-8")));
- //put SimpleEidasData in session
+ // put SimpleEidasData in session
final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
- SimpleEidasData eidData = new SimpleEidasData();
+ final SimpleEidasData eidData = new SimpleEidasData();
eidData.setFamilyName("Mustermann1");
eidData.setGivenName("Max");
eidData.setDateOfBirth("1940-01-01");
authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
- //perform task
+ // perform task
try {
task.execute(pendingReq, executionContext);
Assert.fail("Invalid response not detected");
@@ -634,171 +545,18 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
e.getOriginalException());
Assert.assertTrue(e.getOriginalException().getCause() instanceof InvalidUserInputException);
- }
-
- }
-
- @Test
- public void httpPostValidSignedAssertionLegacyValid() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException, TaskExecutionException, EaafStorageException {
-// authConfig.putConfigValue(AuthHandlerConstants.PROP_CONFIG_LEGACY_ALLOW, "true");
- oaParam.putGenericConfigurationKey(
- IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
-
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
-
- //put SimpleEidasData in session
- final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
- SimpleEidasData eidData = new SimpleEidasData();
- eidData.setFamilyName("Mustermann");
- eidData.setGivenName("Max");
- eidData.setDateOfBirth("1940-01-01");
- authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_with_legacy.xml",
- credentialProvider.getMessageSigningCredential(),
- true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
-
- String piiTransId = pendingReq.getUniquePiiTransactionIdentifier();
-
- //perform task
- task.execute(pendingReq, executionContext);
-
- //validate state
-// Assert.assertFalse("Wrong EID-Process flag",
-// (boolean) executionContext.get(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS));
-// Assert.assertFalse("Wrong Mandate flag",
-// (boolean) executionContext.get(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES));
-
- Assert.assertEquals("piiTransactionId", piiTransId, pendingReq.getUniquePiiTransactionIdentifier());
-
- final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
-
- Assert.assertFalse("E-ID flag", session.isEidProcess());
-// Assert.assertTrue("Foreign flag", session.isForeigner());
- Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/test", session.getQaaLevel());
-// Assert.assertEquals("CountryCode", "AB", session.getGenericDataFromSession(
-// ExtendedPvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class));
- Assert.assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString());
-
-// Assert.assertEquals("FamilyName", "Mustermann", session.getGenericDataFromSession(
-// ExtendedPvpAttributeDefinitions.PRINCIPAL_NAME_NAME, String.class));
-// Assert.assertEquals("Givenname", "Max", session.getGenericDataFromSession(
-// ExtendedPvpAttributeDefinitions.GIVEN_NAME_NAME, String.class));
-// Assert.assertEquals("DateOfBirth", "1940-01-01", session.getGenericDataFromSession(
-// ExtendedPvpAttributeDefinitions.BIRTHDATE_NAME, String.class));
-//
-// Assert.assertEquals("bPK", "BF:QVGm48cqcM4UcyhDTNGYmVdrIoY=", session.getGenericDataFromSession(
-// ExtendedPvpAttributeDefinitions.BPK_NAME, String.class));
-// Assert.assertEquals("bPK-Target", "urn:publicid:gv.at:cdid+BF", session.getGenericDataFromSession(
-// ExtendedPvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class));
-// Assert.assertEquals("AuthBlock", TEST_SIGNED_AUTHBLOCK, session.getGenericDataFromSession(
-// ExtendedPvpAttributeDefinitions.EID_IDENTITY_LINK_NAME, String.class));
-
-// Assert.assertNull("SigCert", session.getEncodedSignerCertificate());
-// Assert.assertNull("eidasBind", session.getQcBind());
-// Assert.assertNull("signedConsent", session.getSignedAuthBlock());
-// Assert.assertEquals("signedConsentType", AuthBlockType.NONE, session.getSignedAuthBlockType());
-
- Assert.assertFalse("Mandate flag", session.isMandateUsed());
-// Assert.assertNull("MandateInfos", session.getMandateDate());
-
- }
-
- @Test
- public void httpPostValidSignedAssertionWithLegacyAndEid() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException, TaskExecutionException, EaafStorageException {
-
- oaParam.putGenericConfigurationKey(
- IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
-
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
-
- //put SimpleEidasData in session
- final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
- SimpleEidasData eidData = new SimpleEidasData();
- eidData.setFamilyName("Mustermann");
- eidData.setGivenName("Max");
- eidData.setDateOfBirth("1940-01-01");
- authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_with_legacy_and_EID.xml",
- credentialProvider.getMessageSigningCredential(),
- true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
-
- //perform task
- task.execute(pendingReq, executionContext);
-
- //validate state
-// Assert.assertTrue("Wrong EID-Process flag",
-// (boolean) executionContext.get(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS));
- final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
-// Assert.assertFalse("Wrong Mandate flag",
-// (boolean) executionContext.get(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES));
-
-// Assert.assertTrue("E-ID flag", session.isEidProcess());
-// Assert.assertTrue("Foreign flag", session.isForeigner());
- Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/test", session.getQaaLevel());
-// Assert.assertEquals("CountryCode", "AB", session.getGenericDataFromSession(
-// ExtendedPvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class));
- Assert.assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString());
-
-// Assert.assertEquals("eidasBind", EIDAS_BIND, session.getQcBind());
-// Assert.assertArrayEquals("signedConsent",
-// Base64.getDecoder().decode(TEST_SIGNED_AUTHBLOCK), session.getSignedAuthBlock());
-
-// Assert.assertEquals("FamilyName", "Mustermann", session.getGenericDataFromSession(
-// ExtendedPvpAttributeDefinitions.PRINCIPAL_NAME_NAME, String.class));
-// Assert.assertEquals("Givenname", "Max", session.getGenericDataFromSession(
-// ExtendedPvpAttributeDefinitions.GIVEN_NAME_NAME, String.class));
-// Assert.assertEquals("DateOfBirth", "1940-01-01", session.getGenericDataFromSession(
-// ExtendedPvpAttributeDefinitions.BIRTHDATE_NAME, String.class));
-//
-// Assert.assertEquals("FamilyName", "BF:QVGm48cqcM4UcyhDTNGYmVdrIoY=", session.getGenericDataFromSession(
-// ExtendedPvpAttributeDefinitions.BPK_NAME, String.class));
-// Assert.assertEquals("FamilyName", "urn:publicid:gv.at:cdid+BF", session.getGenericDataFromSession(
-// ExtendedPvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class));
-// Assert.assertEquals("FamilyName", TEST_SIGNED_AUTHBLOCK, session.getGenericDataFromSession(
-// ExtendedPvpAttributeDefinitions.EID_IDENTITY_LINK_NAME, String.class));
-
-// Assert.assertNull("SigCert", session.getEncodedSignerCertificate());
-
- Assert.assertFalse("Mandate flag", session.isMandateUsed());
-// Assert.assertNull("MandateInfos", session.getMandateDate());
-
- Assert.assertNull("MandateType", session.getGenericDataFromSession(
- ExtendedPvpAttributeDefinitions.MANDATE_TYPE_NAME, String.class));
- Assert.assertNull("Legal Person CommonName", session.getGenericDataFromSession(
- ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, String.class));
- Assert.assertNull("Legal Person SourcePin",session.getGenericDataFromSession(
- ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class));
- Assert.assertNull("Legal Person SourcePinType", session.getGenericDataFromSession(
- ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class));
+ }
}
-
-
-
private Response initializeResponse(String idpEntityId, String responsePath, EaafX509Credential credential,
- boolean validConditions) throws SamlSigningException, XMLParserException, UnmarshallingException,
+ boolean validConditions) throws SamlSigningException, XMLParserException, UnmarshallingException,
Pvp2MetadataException {
final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
- ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.class.getResourceAsStream(responsePath));
+ ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.class.getResourceAsStream(
+ responsePath));
response.setIssueInstant(DateTime.now());
final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
issuer.setValue(idpEntityId);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_mapConfig1.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_lazy.xml
index 56c7ed6e..a567ecba 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_mapConfig1.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_lazy.xml
@@ -7,18 +7,18 @@
xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
- http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd" >
<context:annotation-config />
-<!-- <bean id="dummyMapBasedConfiguration"-->
-<!-- class="at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap">-->
-<!-- <constructor-arg value="/config/junit_config_1.properties" />-->
-<!-- <property name="configRootDirSufix" value="src/test/resources/config" />-->
-<!-- </bean>-->
- <bean id="DummyAuthConfigMap"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyAuthConfigMap">
- <constructor-arg value="/config/junit_config_1-.properties" />
- </bean>
+ <import resource="classpath:/spring/eaaf_utils.beans.xml"/>
-</beans> \ No newline at end of file
+ <bean id="idAustriaAuthCredentialProvider"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider"
+ lazy-init="true" />
+
+ <bean id="dummyPvpConfig"
+ class="at.gv.egiz.eaaf.modules.pvp2.idp.test.dummy.DummyPvpConfiguration"
+ lazy-init="true" />
+
+</beans>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml
index 956cfcc9..d4783585 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml
@@ -12,6 +12,9 @@
<context:annotation-config />
+
+ <bean id="eidasConnectorMessageSource"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.config.EidasConnectorMessageSource"/>
<bean id="SZRClientForeIDAS"
class="at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient" />
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test1.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test1.xml
deleted file mode 100644
index 8363eb50..00000000
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test1.xml
+++ /dev/null
@@ -1,63 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:tx="http://www.springframework.org/schema/tx"
- xmlns:aop="http://www.springframework.org/schema/aop"
- xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
- http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
-
- <context:annotation-config />
-
-
-
-<!-- <bean id="SZRClientForeIDAS"-->
-<!-- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient" />-->
-
- <!-- <bean id="eIDASDataStore" class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.eIDASDataStore"
- /> -->
-
- <bean id="springManagedSpecificConnectorCommunicationService"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService" />
-
- <bean id="specificConnectorAttributesFileWithPath"
- class="java.lang.String">
- <constructor-arg
- value="src/test/resources/config/eidas-attributes.xml" />
- </bean>
-
- <bean id="specificConnectorAdditionalAttributesFileWithPath"
- class="java.lang.String">
- <constructor-arg
- value="src/test/resources/config/additional-attributes.xml" />
- </bean>
-
- <bean id="attributeRegistry"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry">
- <property name="eidasAttributesFile"
- ref="specificConnectorAttributesFileWithPath" />
- <property name="additionalAttributesFile"
- ref="specificConnectorAdditionalAttributesFileWithPath" />
- </bean>
-
- <bean id="EIDPostProcessingService"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService" />
-
- <bean id="DE-PostProcessor"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeEidProcessor">
- <property name="priority" value="1" />
- </bean>
-
- <bean id="eIDASAuthModule"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasAuthenticationModulImpl">
- <property name="priority" value="2" />
- </bean>
-
- <bean id="Default-PostProcessor"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.GenericEidProcessor">
- <property name="priority" value="0" />
- </bean>
-
-</beans> \ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml
index da64d25d..f4463a3e 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml
@@ -18,6 +18,8 @@
<import resource="SpringTest-context_authManager.xml" />
<import resource="SpringTest-context_basic_test.xml" />
+ <import resource="classpath:/eidas_v2_auth.beans.xml"/>
+ <import resource="classpath:/eaaf_pvp.beans.xml" />
<bean id="mvcGUIBuilderImpl"
class="at.asitplus.eidas.specific.connector.gui.SpringMvcGuiFormBuilderImpl" />
@@ -25,6 +27,15 @@
<bean id="springManagedSpecificConnectorCommunicationService"
class="at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService" />
+ <bean id="dummyPvpConfig"
+ class="at.gv.egiz.eaaf.modules.pvp2.idp.test.dummy.DummyPvpConfiguration" />
+
+ <bean id="dummyGuiConfigFactory"
+ class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory" />
+
+ <bean id="dummyVelocityBuilder"
+ class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyVelocityGuiFormBuilder" />
+
<bean id="specificConnectorAttributesFileWithPath"
class="java.lang.String">
<constructor-arg
@@ -37,98 +48,5 @@
value="src/test/resources/config/additional-attributes.xml" />
</bean>
- <bean id="attributeRegistry"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry">
- <property name="eidasAttributesFile"
- ref="specificConnectorAttributesFileWithPath" />
- <property name="additionalAttributesFile"
- ref="specificConnectorAdditionalAttributesFileWithPath" />
- </bean>
-
- <bean id="authBlockSigningService"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.AuthBlockSigningService" />
-
- <bean id="EidasSignalServlet"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet" />
-
- <!-- Authentication Process Tasks -->
- <bean id="ConnecteIDASNodeTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask"
- scope="prototype" />
-
- <bean id="ReceiveResponseFromeIDASNodeTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAuthnResponseTask"
- scope="prototype" />
-
- <bean id="CreateIdentityLinkTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask"
- scope="prototype" />
-
- <bean id="InitialSearchTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.InitialSearchTask"
- scope="prototype" />
-
- <bean id="ErnbClientForeIDAS"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.DummyErnpClient" />
-
- <bean id="ZmrClientForeIDAS"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.DummyZmrClient" />
-
- <bean id="DE-Specific-Search"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeSpecificDetailSearchProcessor">
- </bean>
-
- <bean id="IT-Specific-Search"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ItSpecificDetailSearchProcessor">
- </bean>
-
- <bean id="CreateNewErnpEntryTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateNewErnpEntryTask"
- scope="prototype" />
-
- <bean id="GenerateGuiTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateLoginMethodGuiTask"
- scope="prototype" />
-
- <bean id="GenerateMobilePhoneSignatureRequestTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateMobilePhoneSignatureRequestTask"
- scope="prototype" />
-
- <bean id="ReceiveGuiResponseTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveLoginMethodGuiResponseTask"
- scope="prototype" />
-
- <bean id="ReceiveMobilePhoneSignatureResponseTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask"
- scope="prototype" />
-
- <bean id="GenerateGuiQueryAustrianResidenceTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateGuiQueryAustrianResidenceTask"
- scope="prototype" />
-
- <bean id="ReceiveGuiAustrianResidenceResponseTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveGuiAustrianResidenceResponseTask"
- scope="prototype" />
-
- <bean id="idAustriaClientAuthCredentialProvider"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider" />
-
- <bean id="idAustriaClientAuthMetadataProvider"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider" />
-
- <bean id="idAustriaClientAuthMetadataController"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController" />
-
- <bean id="idAustriaClientPvpMetadataResolverFactory"
- class="at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory" />
-
- <bean id="pvpMetadataBuilder"
- class="at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder" />
-
- <bean id="idAustriaAuthPvpConfiguration"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaAuthPvpConfiguration" />
-
- <bean id="idAustriaClientAuthSignalController"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthSignalController" />
</beans> \ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test1.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test1.xml
deleted file mode 100644
index c58eb330..00000000
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test1.xml
+++ /dev/null
@@ -1,149 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:tx="http://www.springframework.org/schema/tx"
- xmlns:aop="http://www.springframework.org/schema/aop"
- xmlns:mvc="http://www.springframework.org/schema/mvc"
- xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
- http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
- http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
-
- <context:annotation-config />
- <mvc:annotation-driven />
- <mvc:default-servlet-handler />
-
-
- <import resource="SpringTest-context_authManager.xml" />
- <import resource="SpringTest-context_basic_test1.xml" />
-
- <bean id="mvcGUIBuilderImpl"
- class="at.asitplus.eidas.specific.connector.gui.SpringMvcGuiFormBuilderImpl" />
-
- <bean id="springManagedSpecificConnectorCommunicationService"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService" />
-
- <bean id="specificConnectorAttributesFileWithPath"
- class="java.lang.String">
- <constructor-arg
- value="src/test/resources/config/eidas-attributes.xml" />
- </bean>
-
- <bean id="specificConnectorAdditionalAttributesFileWithPath"
- class="java.lang.String">
- <constructor-arg
- value="src/test/resources/config/additional-attributes.xml" />
- </bean>
-
- <bean id="attributeRegistry"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry">
- <property name="eidasAttributesFile"
- ref="specificConnectorAttributesFileWithPath" />
- <property name="additionalAttributesFile"
- ref="specificConnectorAdditionalAttributesFileWithPath" />
- </bean>
-
- <bean id="authBlockSigningService"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.AuthBlockSigningService" />
-
- <bean id="EidasSignalServlet"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet" />
-
- <!-- Authentication Process Tasks -->
- <bean id="ConnecteIDASNodeTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask"
- scope="prototype" />
-
- <bean id="ReceiveResponseFromeIDASNodeTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAuthnResponseTask"
- scope="prototype" />
-
- <bean id="CreateIdentityLinkTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask"
- scope="prototype" />
-
- <bean id="InitialSearchTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.InitialSearchTask"
- scope="prototype" />
-
- <bean id="ErnbClientForeIDAS"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.DummyErnpClient" />
-
- <bean id="ZmrClientForeIDAS"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.DummyZmrClient" />
-
- <bean id="DE-Specific-Search"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeSpecificDetailSearchProcessor">
- </bean>
-
- <bean id="IT-Specific-Search"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ItSpecificDetailSearchProcessor">
- </bean>
-
- <bean id="CreateNewErnpEntryTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateNewErnpEntryTask"
- scope="prototype" />
-
- <bean id="GenerateGuiTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateLoginMethodGuiTask"
- scope="prototype" />
-
- <bean id="GenerateMobilePhoneSignatureRequestTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateMobilePhoneSignatureRequestTask"
- scope="prototype" />
-
- <bean id="ReceiveGuiResponseTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveLoginMethodGuiResponseTask"
- scope="prototype" />
-
- <bean id="ReceiveMobilePhoneSignatureResponseTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask"
- scope="prototype" />
-
- <bean id="GenerateGuiQueryAustrianResidenceTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateGuiQueryAustrianResidenceTask"
- scope="prototype" />
-
- <bean id="ReceiveGuiAustrianResidenceResponseTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveGuiAustrianResidenceResponseTask"
- scope="prototype" />
-
- <bean id="idAustriaClientAuthCredentialProvider"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider" />
-
- <bean id="idAustriaClientAuthMetadataProvider"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider" />
-
- <bean id="idAustriaClientAuthMetadataController"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController" />
-
- <bean id="idAustriaClientPvpMetadataResolverFactory"
- class="at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory" />
-
- <bean id="pvpMetadataBuilder"
- class="at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder" />
-
- <bean id="idAustriaAuthPvpConfiguration"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaAuthPvpConfiguration" />
-
- <bean id="PvpAuthnRequestBuilder"
- class="at.gv.egiz.eaaf.modules.pvp2.sp.impl.PvpAuthnRequestBuilder" />
-
-<!-- <bean id="DummyAuthConfigMap"-->
-<!-- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyAuthConfigMap" />-->
-
- <bean id="PvpPostBinding"
- class="at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding" />
-
- <bean id="IVelocityGuiFormBuilder"
- class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyVelocityGuiFormBuilder" />
- <bean id="IGuiBuilderConfigurationFactory"
- class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory" />
-
- <bean id="SAMLVerificationEngine"
- class="at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine" />
-
-
-</beans> \ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1-.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1-.properties
deleted file mode 100644
index ee4dff39..00000000
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1-.properties
+++ /dev/null
@@ -1,252 +0,0 @@
-## Basic service configuration
-eidas.ms.context.url.prefix=
-eidas.ms.context.url.request.validation=false
-
-eidas.ms.context.use.clustermode=true
-
-##Monitoring
-eidas.ms.monitoring.eIDASNode.metadata.url=
-
-
-##Specific logger configuration
-eidas.ms.technicallog.write.MDS.into.techlog=true
-eidas.ms.revisionlog.write.MDS.into.revisionlog=true
-eidas.ms.revisionlog.logIPAddressOfUser=true
-
-##Directory for static Web content
-eidas.ms.webcontent.static.directory=webcontent/
-eidas.ms.webcontent.templates=templates/
-eidas.ms.webcontent.properties=properties/messages
-
-## extended validation of pending-request Id's
-eidas.ms.core.pendingrequestid.maxlifetime=300
-eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256
-eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret
-
-## eIDAS Ref. Implementation connector ###
-eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector
-eidas.ms.auth.eIDAS.node_v2.forward.endpoint=
-eidas.ms.auth.eIDAS.node_v2.forward.method=POST
-eidas.ms.auth.eIDAS.node_v2.countrycode=AT
-eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.*
-eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true
-eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true
-eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true
-eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs=myNode
-
-eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high
-
-eidas.ms.auth.eIDAS.szrclient.useTestService=true
-eidas.ms.auth.eIDAS.szrclient.endpoint.prod=
-eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr
-eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/.....
-eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password=
-eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path=
-eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password=
-eidas.ms.auth.eIDAS.szrclient.timeout.connection=15
-eidas.ms.auth.eIDAS.szrclient.timeout.response=30
-eidas.ms.auth.eIDAS.szrclient.params.vkz=
-
-eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false
-
-
-eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s
-eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair
-eidas.ms.auth.eIDAS.authblock.keystore.path=./../keystore/teststore.jks
-eidas.ms.auth.eIDAS.authblock.keystore.type=jks
-eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair1
-eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s
-
-
-#Raw eIDAS Id data storage
-eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true
-
-eidas.ms.auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true
-eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true
-
-eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true
-eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=true
-
-##without mandates
-eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true
-eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true
-eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.2=FirstName,true
-eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.3=DateOfBirth,true
-
-eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.4=PlaceOfBirth,false
-eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.5=BirthName,false
-eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.6=Gender,false
-eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.7=CurrentAddress,false
-eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.8=testtest,false
-
-##with mandates ---- NOT FULLY SUPPORTED AT THE MOMENT -----
-eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.0=PersonIdentifier,true
-eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.1=FamilyName,true
-eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.2=FirstName,true
-eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.3=DateOfBirth,true
-eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,true
-eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true
-
-
-## PVP2 S-Profile end-point configuration
-eidas.ms.pvp2.keystore.path=keys/.....
-eidas.ms.pvp2.keystore.password=
-eidas.ms.pvp2.key.metadata.alias=
-eidas.ms.pvp2.key.metadata.password=
-eidas.ms.pvp2.key.signing.alias=
-eidas.ms.pvp2.key.signing.password=
-eidas.ms.pvp2.metadata.validity=24
-
-## Service Provider configuration
-eidas.ms.sp.0.uniqueID=
-eidas.ms.sp.0.pvp2.metadata.truststore=
-eidas.ms.sp.0.pvp2.metadata.truststore.password=
-eidas.ms.sp.0.newEidMode=true
-
-#eidas.ms.sp.0.friendlyName=
-#eidas.ms.sp.0.pvp2.metadata.url=
-#eidas.ms.sp.0.policy.allowed.requested.targets=.*
-#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false
-
-
-##only for advanced config
-eidas.ms.configuration.sp.disableRegistrationRequirement=
-eidas.ms.configuration.restrictions.baseID.spTransmission=
-eidas.ms.configuration.auth.default.countrycode=
-eidas.ms.configuration.pvp.scheme.validation=
-eidas.ms.configuration.pvp.enable.entitycategories=
-
-
-
-
-## PVP2 S-Profile ID Austria client configuration
-
-eidas.ms.modules.idaustriaclient.keystore.path=../keystore/junit_test.jks
-eidas.ms.modules.idaustriaclient.keystore.password=password
-eidas.ms.modules.idaustriaclient.keystore.type=jks
-
-eidas.ms.modules.idaustriaclient.metadata.sign.alias=meta
-eidas.ms.modules.idaustriaclient.metadata.sign.password=password
-eidas.ms.modules.idaustriaclient.request.sign.alias=sig
-eidas.ms.modules.idaustriaclient.request.sign.password=password
-eidas.ms.modules.idaustriaclient.response.encryption.alias=enc
-eidas.ms.modules.idaustriaclient.response.encryption.password=password
-
-eidas.ms.modules.idaustriaclient.truststore.path=../keystore/junit_test.jks
-eidas.ms.modules.idaustriaclient.truststore.password=password
-eidas.ms.modules.idaustriaclient.truststore.type=jks
-
-eidas.ms.modules.idaustriaclient.node.entityId=classpath:/data/idp_metadata_classpath_entity.xml
-eidas.ms.modules.idaustriaclient.sp.entityId=
-eidas.ms.modules.idaustriaclient.node.metadataUrl=
-
-eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit
-eidas.ms.modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit
-eidas.ms.modules.idaustriaclient.metadata.organisation.url=http://junit.test
-eidas.ms.modules.idaustriaclient.metadata.contact.givenname=Max
-eidas.ms.modules.idaustriaclient.metadata.contact.surname=Mustermann
-eidas.ms.modules.idaustriaclient.metadata.contact.email=max@junit.test
-
-
-
-
-
-
-auth.eIDAS.authblock.key.alias=connectorkeypair
-auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s
-auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair
-auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s
-auth.eIDAS.authblock.keystore.path=.//src/test/resources/keystore/teststore.jks
-auth.eIDAS.authblock.keystore.type=jks
-auth.eIDAS.node_v2.attributes.requested.de.onlynatural.4=PlaceOfBirth,false
-auth.eIDAS.node_v2.attributes.requested.de.onlynatural.5=BirthName,false
-auth.eIDAS.node_v2.attributes.requested.de.onlynatural.6=Gender,false
-auth.eIDAS.node_v2.attributes.requested.de.onlynatural.7=CurrentAddress,false
-auth.eIDAS.node_v2.attributes.requested.de.onlynatural.8=testtest,false
-auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true
-auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true
-auth.eIDAS.node_v2.attributes.requested.onlynatural.2=FirstName,true
-auth.eIDAS.node_v2.attributes.requested.onlynatural.3=DateOfBirth,true
-auth.eIDAS.node_v2.attributes.requested.representation.0=PersonIdentifier,true
-auth.eIDAS.node_v2.attributes.requested.representation.1=FamilyName,true
-auth.eIDAS.node_v2.attributes.requested.representation.2=FirstName,true
-auth.eIDAS.node_v2.attributes.requested.representation.3=DateOfBirth,true
-auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,true
-auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true
-auth.eIDAS.node_v2.countrycode=AT
-auth.eIDAS.node_v2.entityId=ownSpecificConnector
-auth.eIDAS.node_v2.forward.endpoint=
-auth.eIDAS.node_v2.forward.method=POST
-auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high
-auth.eIDAS.node_v2.publicSectorTargets=.*
-auth.eIDAS.node_v2.staticProviderNameForPublicSPs=myNode
-auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true
-auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true
-auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true
-auth.eIDAS.szrclient.debug.logfullmessages=true
-auth.eIDAS.szrclient.debug.useDummySolution=true
-auth.eIDAS.szrclient.endpoint.prod=
-auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr
-auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true
-auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true
-auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false
-auth.eIDAS.szrclient.params.vkz=
-auth.eIDAS.szrclient.ssl.keyStore.password=
-auth.eIDAS.szrclient.ssl.keyStore.path=keys/.....
-auth.eIDAS.szrclient.ssl.trustStore.password=
-auth.eIDAS.szrclient.ssl.trustStore.path=
-auth.eIDAS.szrclient.timeout.connection=15
-auth.eIDAS.szrclient.timeout.response=30
-auth.eIDAS.szrclient.useTestService=true
-auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true
-configuration.auth.default.countrycode=
-configuration.pvp.enable.entitycategories=
-configuration.pvp.scheme.validation=
-configuration.restrictions.baseID.spTransmission=
-configuration.sp.disableRegistrationRequirement=
-context.url.prefix=
-context.url.request.validation=false
-context.use.clustermode=true
-core.pendingrequestid.digist.algorithm=HmacSHA256
-core.pendingrequestid.digist.secret=pendingReqIdSecret
-core.pendingrequestid.maxlifetime=300
-modules.idaustriaclient.keystore.password=password
-modules.idaustriaclient.keystore.path=.//src/test/resources/keystore/junit_test.jks
-modules.idaustriaclient.keystore.type=jks
-modules.idaustriaclient.metadata.contact.email=max@junit.test
-modules.idaustriaclient.metadata.contact.givenname=Max
-modules.idaustriaclient.metadata.contact.surname=Mustermann
-modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit
-modules.idaustriaclient.metadata.organisation.name=JUnit
-modules.idaustriaclient.metadata.organisation.url=http://junit.test
-modules.idaustriaclient.metadata.sign.alias=meta
-modules.idaustriaclient.metadata.sign.password=password
-modules.idaustriaclient.node.entityId=classpath:/data/idp_metadata_classpath_entity.xml
-modules.idaustriaclient.node.metadataUrl=
-modules.idaustriaclient.request.sign.alias=sig
-modules.idaustriaclient.request.sign.password=password
-modules.idaustriaclient.response.encryption.alias=enc
-modules.idaustriaclient.response.encryption.password=password
-modules.idaustriaclient.sp.entityId=
-modules.idaustriaclient.truststore.password=password
-modules.idaustriaclient.truststore.path=./src/test/resources/keystore/junit_test.jks
-modules.idaustriaclient.truststore.type=jks
-monitoring.eIDASNode.metadata.url=
-pvp2.key.metadata.alias=
-pvp2.key.metadata.password=
-pvp2.key.signing.alias=
-pvp2.key.signing.password=
-pvp2.keystore.password=
-pvp2.keystore.path=keys/.....
-pvp2.metadata.validity=24
-revisionlog.logIPAddressOfUser=true
-revisionlog.write.MDS.into.revisionlog=true
-sp.0.newEidMode=true
-sp.0.pvp2.metadata.truststore.password=
-sp.0.pvp2.metadata.truststore=
-sp.0.uniqueID=
-technicallog.write.MDS.into.techlog=true
-webcontent.properties=properties/messages
-webcontent.static.directory=webcontent/
-webcontent.templates=templates/
-
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties
index df64b494..e6741c88 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties
@@ -8,6 +8,11 @@ eidas.ms.context.use.clustermode=true
eidas.ms.monitoring.eIDASNode.metadata.url=
+eidas.ms.client.http.connection.timeout.socket=1
+eidas.ms.client.http.connection.timeout.connection=1
+eidas.ms.client.http.connection.timeout.request=1
+
+
##Specific logger configuration
eidas.ms.technicallog.write.MDS.into.techlog=true
eidas.ms.revisionlog.write.MDS.into.revisionlog=true
@@ -136,14 +141,6 @@ eidas.ms.modules.idaustriaclient.truststore.path=../keystore/junit_test.jks
eidas.ms.modules.idaustriaclient.truststore.password=password
eidas.ms.modules.idaustriaclient.truststore.type=jks
-eidas.ms.modules.idaustriaclient.node.entityId=
-eidas.ms.modules.idaustriaclient.sp.entityId=
-eidas.ms.modules.idaustriaclient.node.metadataUrl=
-
-eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit
-eidas.ms.modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit
-eidas.ms.modules.idaustriaclient.metadata.organisation.url=http://junit.test
-eidas.ms.modules.idaustriaclient.metadata.contact.givenname=Max
-eidas.ms.modules.idaustriaclient.metadata.contact.surname=Mustermann
-eidas.ms.modules.idaustriaclient.metadata.contact.email=max@junit.test
+eidas.ms.modules.idaustriaclient.idaustria.idp.entityId=
+eidas.ms.modules.idaustriaclient.idaustria.idp.metadataUrl=
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID.xml
index 7b802fc0..10701c29 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID.xml
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/idAustriaSp/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/sp/idaustria/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
@@ -9,12 +9,12 @@
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
- <saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/idAustriaSp/post"/>
+ <saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/sp/idaustria/post"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z">
<saml2:AudienceRestriction>
- <saml2:Audience>https://localhost/authhandler/idAustriaSp/metadata</saml2:Audience>
+ <saml2:Audience>https://localhost/authhandler/sp/idaustria/metadata</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID_wrong_data.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID_wrong_data.xml
deleted file mode 100644
index 50d434e3..00000000
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID_wrong_data.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/idAustriaSp/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
- <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
- <saml2p:Status>
- <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
- </saml2p:Status>
- <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_602c3236bffaf71ac3ac88674e76ff9f" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0">
- <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer>
- <saml2:Subject>
- <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
- <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
- <saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/idAustriaSp/post"/>
- </saml2:SubjectConfirmation>
- </saml2:Subject>
- <saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z">
- <saml2:AudienceRestriction>
- <saml2:Audience>https://localhost/authhandler/idAustriaSp/metadata</saml2:Audience>
- </saml2:AudienceRestriction>
- </saml2:Conditions>
- <saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
- <saml2:AuthnContext>
- <saml2:AuthnContextClassRef>http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef>
- </saml2:AuthnContext>
- </saml2:AuthnStatement>
- <saml2:AttributeStatement>
- <saml2:Attribute FriendlyName="piiTransactionId" Name="urn:eidgvat:attributes.piiTransactionId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">piiId_112233445566</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">2.1</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="EID-CITIZEN-QAA- EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">http://eidas.europa.eu/LoA/low</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">IT</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="eidBind" Name="urn:eidgvat:attributes.eidbind" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">aabbccddeeffgghh</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="userAuthBlock" Name="urn:eidgvat:attributes.authblock.signed" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SYO4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYIKoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImnAiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA==</saml2:AttributeValue>
- </saml2:Attribute>
- </saml2:AttributeStatement>
- </saml2:Assertion>
-</saml2p:Response>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy.xml
deleted file mode 100644
index 1bc93fae..00000000
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy.xml
+++ /dev/null
@@ -1,55 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/idAustriaSp/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
- <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
- <saml2p:Status>
- <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
- </saml2p:Status>
- <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_602c3236bffaf71ac3ac88674e76ff9f" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0">
- <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer>
- <saml2:Subject>
- <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
- <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
- <saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/idAustriaSp/post"/>
- </saml2:SubjectConfirmation>
- </saml2:Subject>
- <saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z">
- <saml2:AudienceRestriction>
- <saml2:Audience>https://localhost/authhandler/idAustriaSp/metadata</saml2:Audience>
- </saml2:AudienceRestriction>
- </saml2:Conditions>
- <saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
- <saml2:AuthnContext>
- <saml2:AuthnContextClassRef>http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef>
- </saml2:AuthnContext>
- </saml2:AuthnStatement>
- <saml2:AttributeStatement>
- <saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">2.1</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="EID-CITIZEN-QAA-EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">http://eidas.europa.eu/LoA/test</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AB</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Mustermann</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Max</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1940-01-01</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">BF:QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:cdid+BF</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="EID-IDENTITY-LINK" Name="urn:oid:1.2.40.0.10.2.1.1.261.38" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SYO4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYIKoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImnAiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA==</saml2:AttributeValue>
- </saml2:Attribute>
- </saml2:AttributeStatement>
- </saml2:Assertion>
-</saml2p:Response>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy_and_EID.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy_and_EID.xml
deleted file mode 100644
index 0d465c81..00000000
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy_and_EID.xml
+++ /dev/null
@@ -1,58 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/idAustriaSp/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
- <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
- <saml2p:Status>
- <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
- </saml2p:Status>
- <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_602c3236bffaf71ac3ac88674e76ff9f" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0">
- <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer>
- <saml2:Subject>
- <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
- <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
- <saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/idAustriaSp/post"/>
- </saml2:SubjectConfirmation>
- </saml2:Subject>
- <saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z">
- <saml2:AudienceRestriction>
- <saml2:Audience>https://localhost/authhandler/idAustriaSp/metadata</saml2:Audience>
- </saml2:AudienceRestriction>
- </saml2:Conditions>
- <saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
- <saml2:AuthnContext>
- <saml2:AuthnContextClassRef>http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef>
- </saml2:AuthnContext>
- </saml2:AuthnStatement>
- <saml2:AttributeStatement>
- <saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">2.1</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="EID-CITIZEN-QAA-EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">http://eidas.europa.eu/LoA/test</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AB</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Mustermann</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Max</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1940-01-01</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">BF:QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:cdid+BF</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="EID-IDENTITY-LINK" Name="urn:oid:1.2.40.0.10.2.1.1.261.38" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SYO4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYIKoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImnAiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA==</saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute FriendlyName="userAuthBlock" Name="urn:eidgvat:attributes.authblock.signed" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
- <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SYO4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYIKoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImnAiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA==</saml2:AttributeValue>
- </saml2:Attribute>
- </saml2:AttributeStatement>
- </saml2:Assertion>
-</saml2p:Response>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_classpath_entityid.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_classpath_entityid.xml
index f1065961..1c3bd357 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_classpath_entityid.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_classpath_entityid.xml
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/idAustriaSp/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/sp/idaustria/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
@@ -9,12 +9,12 @@
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
- <saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/idAustriaSp/post"/>
+ <saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/sp/idaustria/post"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z">
<saml2:AudienceRestriction>
- <saml2:Audience>https://localhost/authhandler/idAustriaSp/metadata</saml2:Audience>
+ <saml2:Audience>https://localhost/authhandler/sp/idaustria/metadata</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error.xml
index 56b06534..2d7020ac 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error.xml
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/idAustriaSp/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/sp/idaustria/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder">
@@ -12,12 +12,12 @@
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
- <saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/idAustriaSp/post"/>
+ <saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/sp/idaustria/post"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z">
<saml2:AudienceRestriction>
- <saml2:Audience>https://localhost/authhandler/idAustriaSp/metadata</saml2:Audience>
+ <saml2:Audience>https://localhost/authhandler/sp/idaustria/metadata</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_empty_subcode.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_empty_subcode.xml
index 973491d8..36fd9c11 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_empty_subcode.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_empty_subcode.xml
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/idAustriaSp/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/sp/idaustria/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder">
@@ -12,12 +12,12 @@
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
- <saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/idAustriaSp/post"/>
+ <saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/sp/idaustria/post"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z">
<saml2:AudienceRestriction>
- <saml2:Audience>https://localhost/authhandler/idAustriaSp/metadata</saml2:Audience>
+ <saml2:Audience>https://localhost/authhandler/sp/idaustria/metadata</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_userstop.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_userstop.xml
index 087bcb1f..989d3053 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_userstop.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_userstop.xml
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/idAustriaSp/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/sp/idaustria/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder">
@@ -12,12 +12,12 @@
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
- <saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/idAustriaSp/post"/>
+ <saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/sp/idaustria/post"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z">
<saml2:AudienceRestriction>
- <saml2:Audience>https://localhost/authhandler/idAustriaSp/metadata</saml2:Audience>
+ <saml2:Audience>https://localhost/authhandler/sp/idaustria/metadata</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_without_subcode.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_without_subcode.xml
index e449327a..c85cb655 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_without_subcode.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_without_subcode.xml
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/idAustriaSp/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/sp/idaustria/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder">
@@ -11,12 +11,12 @@
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
- <saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/idAustriaSp/post"/>
+ <saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/sp/idaustria/post"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z">
<saml2:AudienceRestriction>
- <saml2:Audience>https://localhost/authhandler/idAustriaSp/metadata</saml2:Audience>
+ <saml2:Audience>https://localhost/authhandler/sp/idaustria/metadata</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_classpath_entity1.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_classpath_entity1.xml
deleted file mode 100644
index cde66c78..00000000
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_classpath_entity1.xml
+++ /dev/null
@@ -1,146 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<md:EntityDescriptor
- xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
- ID="_1a48ec3432f2f3ba6222724a5b06f873"
- entityID="classpath:/data/idp_metadata_classpath_entity1.xml"
- validUntil="2045-02-06T08:47:26.211Z">
- <md:IDPSSODescriptor
- WantAuthnRequestsSigned="true"
- protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
- <md:KeyDescriptor use="signing">
- <ds:KeyInfo
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:X509Data>
- <ds:X509Certificate>MIIDMzCCAhsCBFtIcPowDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH
- SVoxJDAiBgNVBAsMG2NlbnRyYWwgbmF0aW9uYWwgZUlEQVMgbm9kZTEaMBgGA1UEAwwRQXNzZXJ0
- aW9uIHNpZ25pbmcwHhcNMTgwNzEzMDkyOTMwWhcNMjEwNDA3MDkyOTMwWjBeMQswCQYDVQQGEwJB
- VDENMAsGA1UECgwERUdJWjEkMCIGA1UECwwbY2VudHJhbCBuYXRpb25hbCBlSURBUyBub2RlMRow
- GAYDVQQDDBFBc3NlcnRpb24gc2lnbmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
- AJ5zDYxMPRcz6AHaev1tS46Tq8sdgbGFM56uxk6c7LmMDC+HTzNX/3Q5S/YwSzgL3ue5TSw1ltOf
- yMXMZ6D0+buWWcsxGEkQ8M3adKRFdQrEwafzwTA7pguq5WiHOkr4qwR7dLMome9z5cc3LRcwdOPP
- gq7ahb5jM3hRqc5xkMWIuvql0NFXPzlHrjDLwy5nIWPOhL5abhVt4YsXbpbjXxFSGkDEAZ32K3EU
- LNBr9FSUmJfbrVX9AU2T+BKIwiqXP8e/3UJHgPHQ0l5ljWp5P6u5+tvM21o8sUM4eArRa8BkdRsP
- C92GVuASSUz2ZJ3JhAK1cSM8bnvaZVLQtTvPMAcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAp7z
- TubWXW6YMpyLSvWBdZiiQ3X66XpSZLZJDIAkoPzEY0DSBp8I5YASIx4JTR5XJt+6MI9acgNIAYW8
- DhtRwUMVaRWEtuCrfKhGLWm5KSxnhPcD3lzRZhY4ZcA7dUlirjf6hnqo2TFEmJ9fkM+rxwy1GkDD
- 7j2YDSOFmSq9/Ud9/IbIfSnRu/lO0dh7iRrmg3y0Y/+plPxYmp4AHqehP11OchTz2FGGHVsSC2Vs
- IVBQI6ANZYyOlicgfEEFHA06jP9OnA0EwEFr2P+di9caZg8vfibyzxMGeuf6CY0c0eLHokBCn2W8
- vkzvWiER3pozRvCmXFjCVZfRjUunaJf2ow==
- </ds:X509Certificate>
- </ds:X509Data>
- <ds:X509Data>
- <ds:X509Certificate>MIIC+DCCAeCgAwIBAgIEXh7TbTANBgkqhkiG9w0BAQsFADA+MQswCQYDVQQGEwJB
- VDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxEDAOBgNVBAMMB3NpZ25p
- bmcwHhcNMjAwMTE1MDg1NTA5WhcNMjkwMTE0MDg1NTA5WjA+MQswCQYDVQQGEwJB
- VDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxEDAOBgNVBAMMB3NpZ25p
- bmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUSiRjnDvPafZfhJ+L
- 1wM86FKJX3VIAV/8TD9qJ6HOBkn5WwYfpheyCfRb6XVDyIGpO8qnMWAgC17Ngbmh
- zj8d8HXNQ2l3uppMv24oUTfXyYhQfZWAghx0sTlRIx/ZmlnduJilx2S53Sa7ruJw
- lQcBFXj9h9B8dtyegc86Sx6D9BumP1xU7+mEBk8Gv9rR5Khg0Y7qGfZWB0t4aikg
- aupWveVwiGifOOSfR8czqIg9qUpMYfZiTEBTSRmN6sPiNWhd4J0GyAI9Rn5C9jz/
- sSlQrxpN+4DXzsqSU5F6gzq3yRux6wyOzDlt2birf21VPQ9HIy4YCjZXwgDWG7AO
- 821pAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADnwdaxUtQU6SIpYwIb2c0ljTmQi
- 7ryUcUpNHtK0M0E5Mw5Ex8zwrWbNQZ2sUyc4r07M66iOIqHsYZUQlRYvVKHifDpA
- r8TCgD7iGGdB3By8Ou0RaNW+03w1fwmi98CufbHCGvpv0o2KxlejoHZminNdQ79i
- bN+01nhocezJQATEQlnwHLiQSjilXpZeLYDk8HbrcUXNRxezN4ChdH+uU54vf+Ux
- qcj9QHcmBe1+BM8EXfqS1DbTwZl+NTCnh5OYl8fvIFSOHMBxwFrI4pyY0faxg9Uc
- rCogn/oQ+mV1gnVUDaDhvvEnVGZQtrlt7heVId2BeNellVgsrcmdW8j4U9U=
- </ds:X509Certificate>
- </ds:X509Data>
- <ds:X509Data>
- <ds:X509Certificate>MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDEN
- MAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRh
- MB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQx
- DTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0
- YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SY
- O4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYI
- KoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImn
- AiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA==
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- </md:KeyDescriptor>
- <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
- </md:NameIDFormat>
- <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient
- </md:NameIDFormat>
- <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
- </md:NameIDFormat>
- <md:SingleSignOnService
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
- Location="https://vidp.gv.at/ms_connector1/pvp/post" />
- <md:SingleSignOnService
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
- Location="https://vidp.gv.at/ms_connector1/pvp/redirect" />
- <saml2:Attribute
- xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
- FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149"
- NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
- <saml2:Attribute
- xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
- FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55"
- NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
- <saml2:Attribute
- xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
- FriendlyName="PRINCIPAL-NAME"
- Name="urn:oid:1.2.40.0.10.2.1.1.261.20"
- NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
- <saml2:Attribute
- xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
- FriendlyName="EID-CCS-URL" Name="urn:oid:1.2.40.0.10.2.1.1.261.64"
- NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
- <saml2:Attribute
- xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
- FriendlyName="EID-ISSUING-NATION"
- Name="urn:oid:1.2.40.0.10.2.1.1.261.32"
- NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
- <saml2:Attribute
- xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
- FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10"
- NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
- <saml2:Attribute
- xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
- FriendlyName="EID-SOURCE-PIN"
- Name="urn:oid:1.2.40.0.10.2.1.1.261.36"
- NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
- <saml2:Attribute
- xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
- FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42"
- NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
- <saml2:Attribute
- xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
- FriendlyName="EID-SIGNER-CERTIFICATE"
- Name="urn:oid:1.2.40.0.10.2.1.1.261.66"
- NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
- <saml2:Attribute
- xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
- FriendlyName="EID-SECTOR-FOR-IDENTIFIER"
- Name="urn:oid:1.2.40.0.10.2.1.1.261.34"
- NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
- <saml2:Attribute
- xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
- FriendlyName="EID-SOURCE-PIN-TYPE"
- Name="urn:oid:1.2.40.0.10.2.1.1.261.104"
- NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
- <saml2:Attribute
- xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
- FriendlyName="EID-E-ID-TOKEN"
- Name="urn:oid:1.2.40.0.10.2.1.1.261.39"
- NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
- <saml2:Attribute
- xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
- FriendlyName="EID-IDENTITY-LINK"
- Name="urn:oid:1.2.40.0.10.2.1.1.261.38"
- NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
- <saml2:Attribute
- xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
- FriendlyName="EID-CITIZEN-QAA-EIDAS-LEVEL"
- Name="urn:oid:1.2.40.0.10.2.1.1.261.108"
- NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
- <saml2:Attribute
- xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
- FriendlyName="EID-IDENTITY-STATUS-LEVEL"
- Name="urn:oid:1.2.40.0.10.2.1.1.261.109"
- NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
- </md:IDPSSODescriptor>
-</md:EntityDescriptor>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_no_sig.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_no_sig.xml
new file mode 100644
index 00000000..bc55fe62
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_no_sig.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_1a48ec3432f2f3ba6222724a5b06f873" entityID="https://vidp.gv.at/ms_connector/pvp/metadata" validUntil="2045-02-06T08:47:26.211Z">
+ <md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <md:KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>MIIDMzCCAhsCBFtIcPowDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH
+SVoxJDAiBgNVBAsMG2NlbnRyYWwgbmF0aW9uYWwgZUlEQVMgbm9kZTEaMBgGA1UEAwwRQXNzZXJ0
+aW9uIHNpZ25pbmcwHhcNMTgwNzEzMDkyOTMwWhcNMjEwNDA3MDkyOTMwWjBeMQswCQYDVQQGEwJB
+VDENMAsGA1UECgwERUdJWjEkMCIGA1UECwwbY2VudHJhbCBuYXRpb25hbCBlSURBUyBub2RlMRow
+GAYDVQQDDBFBc3NlcnRpb24gc2lnbmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AJ5zDYxMPRcz6AHaev1tS46Tq8sdgbGFM56uxk6c7LmMDC+HTzNX/3Q5S/YwSzgL3ue5TSw1ltOf
+yMXMZ6D0+buWWcsxGEkQ8M3adKRFdQrEwafzwTA7pguq5WiHOkr4qwR7dLMome9z5cc3LRcwdOPP
+gq7ahb5jM3hRqc5xkMWIuvql0NFXPzlHrjDLwy5nIWPOhL5abhVt4YsXbpbjXxFSGkDEAZ32K3EU
+LNBr9FSUmJfbrVX9AU2T+BKIwiqXP8e/3UJHgPHQ0l5ljWp5P6u5+tvM21o8sUM4eArRa8BkdRsP
+C92GVuASSUz2ZJ3JhAK1cSM8bnvaZVLQtTvPMAcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAp7z
+TubWXW6YMpyLSvWBdZiiQ3X66XpSZLZJDIAkoPzEY0DSBp8I5YASIx4JTR5XJt+6MI9acgNIAYW8
+DhtRwUMVaRWEtuCrfKhGLWm5KSxnhPcD3lzRZhY4ZcA7dUlirjf6hnqo2TFEmJ9fkM+rxwy1GkDD
+7j2YDSOFmSq9/Ud9/IbIfSnRu/lO0dh7iRrmg3y0Y/+plPxYmp4AHqehP11OchTz2FGGHVsSC2Vs
+IVBQI6ANZYyOlicgfEEFHA06jP9OnA0EwEFr2P+di9caZg8vfibyzxMGeuf6CY0c0eLHokBCn2W8
+vkzvWiER3pozRvCmXFjCVZfRjUunaJf2ow==</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </md:KeyDescriptor>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+ <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://vidp.gv.at/ms_connector/pvp/post"/>
+ <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://vidp.gv.at/ms_connector/pvp/redirect"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-CCS-URL" Name="urn:oid:1.2.40.0.10.2.1.1.261.64" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-SOURCE-PIN" Name="urn:oid:1.2.40.0.10.2.1.1.261.36" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-SIGNER-CERTIFICATE" Name="urn:oid:1.2.40.0.10.2.1.1.261.66" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-SOURCE-PIN-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.104" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-E-ID-TOKEN" Name="urn:oid:1.2.40.0.10.2.1.1.261.39" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-IDENTITY-LINK" Name="urn:oid:1.2.40.0.10.2.1.1.261.38" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-CITIZEN-QAA-EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-IDENTITY-STATUS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.109" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ </md:IDPSSODescriptor>
+</md:EntityDescriptor>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_no_sig2.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_no_sig2.xml
new file mode 100644
index 00000000..bdc176a0
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_no_sig2.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_1a48ec3432f2f3ba6222724a5b06f873" entityID="classpath:/data/idp_metadata_no_sig2.xml" validUntil="2045-02-06T08:47:26.211Z">
+ <md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <md:KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>MIIDMzCCAhsCBFtIcPowDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH
+SVoxJDAiBgNVBAsMG2NlbnRyYWwgbmF0aW9uYWwgZUlEQVMgbm9kZTEaMBgGA1UEAwwRQXNzZXJ0
+aW9uIHNpZ25pbmcwHhcNMTgwNzEzMDkyOTMwWhcNMjEwNDA3MDkyOTMwWjBeMQswCQYDVQQGEwJB
+VDENMAsGA1UECgwERUdJWjEkMCIGA1UECwwbY2VudHJhbCBuYXRpb25hbCBlSURBUyBub2RlMRow
+GAYDVQQDDBFBc3NlcnRpb24gc2lnbmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AJ5zDYxMPRcz6AHaev1tS46Tq8sdgbGFM56uxk6c7LmMDC+HTzNX/3Q5S/YwSzgL3ue5TSw1ltOf
+yMXMZ6D0+buWWcsxGEkQ8M3adKRFdQrEwafzwTA7pguq5WiHOkr4qwR7dLMome9z5cc3LRcwdOPP
+gq7ahb5jM3hRqc5xkMWIuvql0NFXPzlHrjDLwy5nIWPOhL5abhVt4YsXbpbjXxFSGkDEAZ32K3EU
+LNBr9FSUmJfbrVX9AU2T+BKIwiqXP8e/3UJHgPHQ0l5ljWp5P6u5+tvM21o8sUM4eArRa8BkdRsP
+C92GVuASSUz2ZJ3JhAK1cSM8bnvaZVLQtTvPMAcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAp7z
+TubWXW6YMpyLSvWBdZiiQ3X66XpSZLZJDIAkoPzEY0DSBp8I5YASIx4JTR5XJt+6MI9acgNIAYW8
+DhtRwUMVaRWEtuCrfKhGLWm5KSxnhPcD3lzRZhY4ZcA7dUlirjf6hnqo2TFEmJ9fkM+rxwy1GkDD
+7j2YDSOFmSq9/Ud9/IbIfSnRu/lO0dh7iRrmg3y0Y/+plPxYmp4AHqehP11OchTz2FGGHVsSC2Vs
+IVBQI6ANZYyOlicgfEEFHA06jP9OnA0EwEFr2P+di9caZg8vfibyzxMGeuf6CY0c0eLHokBCn2W8
+vkzvWiER3pozRvCmXFjCVZfRjUunaJf2ow==</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </md:KeyDescriptor>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+ <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://vidp.gv.at/ms_connector/pvp/post"/>
+ <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://vidp.gv.at/ms_connector/pvp/redirect"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-CCS-URL" Name="urn:oid:1.2.40.0.10.2.1.1.261.64" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-SOURCE-PIN" Name="urn:oid:1.2.40.0.10.2.1.1.261.36" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-SIGNER-CERTIFICATE" Name="urn:oid:1.2.40.0.10.2.1.1.261.66" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-SOURCE-PIN-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.104" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-E-ID-TOKEN" Name="urn:oid:1.2.40.0.10.2.1.1.261.39" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-IDENTITY-LINK" Name="urn:oid:1.2.40.0.10.2.1.1.261.38" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-CITIZEN-QAA-EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-IDENTITY-STATUS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.109" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ </md:IDPSSODescriptor>
+</md:EntityDescriptor>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_sig_notvalid.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_sig_notvalid.xml
new file mode 100644
index 00000000..86665a9c
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_sig_notvalid.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_1a48ec3432f2f3ba6222724a5b06f873" entityID="https://localEntity" validUntil="2045-02-06T08:47:26.211Z">
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+ <ds:Reference URI="#_1a48ec3432f2f3ba6222724a5b06f873">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <ds:DigestValue>e6DiHa9scuvxJFBUipZ8PQcD4kAkmSIDZgZV+0/7glg=</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>Czr2EwhK/0ZUZ5blQpJfNoOFEscLlxlmHPjmOJUIsxlB2pUn+ApULrjVpR1ViUcGZ0PVi2KChSNoSn09YKjtgPFBiSY010VYdaACgqluxUt6AwESObaqcyHVBzMDUr/g6jkRFEJV4vqnZQQDdDfTH4MXNqunORegS1saBHw4nJSOX4YfoVmIuT5uOlRrxvoG7srnGShvF7DmvIHBUBF5Tq9FyeSgwTM8udxl8Yl9FB2pREuR83CcbgjPrYKtzi6TiSfrWkcD0L5BvmMxN/BdaGDAorxYOnk41sWDJjrkY8C2SC1YDy6XT4SM06uFwstUrRn8QPg1hfbLHAyQNoaR8ecgapk5DkxmbATMcGY+SM4yQWkBdYT7GtufNmF8sIVaL6JOOTKAE9qqX/1N6N4zOPmm8rpIqVEQZtQ5usN/ubxbxLxUoTdDeo8RwkktW6zQ3Zv9+Iyf0DASYmK1IxN+fMw/qyeVy9r6o15ITHTqTmT/7BidKZ58m4HxIK52E3DU</ds:SignatureValue>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>MIIEFTCCAn0CBFtIcMwwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH
+SVoxMTAvBgNVBAMMKG5hdGlvbmFsIGNlbnRyYWwgZUlEQVMgbm9kZSAtIHRlc3RzeXN0ZW0wHhcN
+MTgwNzEzMDkyODQ0WhcNMjEwNDA3MDkyODQ0WjBPMQswCQYDVQQGEwJBVDENMAsGA1UECgwERUdJ
+WjExMC8GA1UEAwwobmF0aW9uYWwgY2VudHJhbCBlSURBUyBub2RlIC0gdGVzdHN5c3RlbTCCAaIw
+DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALK4bdf5OremKkj0+xCjU0eN7RUd1A2VqoGnvFUs
+t7xjLQ1PspHiDf9Pm2cwOIJabSnuZ01hYAGz9X+lU3Z3fwhVc+tEsuzsaAml/LPw3i3+ppoSTJDM
+iDvhCoUKTzJ8HBQj2gTvXNlqPljyGneuCJ+uBMr7Okq/XjMTJj2xzvutrHS3qIO+/w+OkY967QLV
+RXh0bdFqYqnyAnlYcWJPIwjanOJtE2difPYqers7ZW1F9djP0+IZRoyaook5rpLYvuQTHuvulgIE
+3zGlTuOx3sk8zMyInMndqi75Eh+ROnndSZE7gN3u5CfFpuO5pxFa2jj1h/AnR39Tg8/sU+Se+AwH
+rNvee3IWhxk5LkelYevfeCQos7Dv2ASE9XMCCs7FoE47w8fDalECh09MFKDiotpklbq3OrPg9NQ4
+D//k0GXlW5jYUKP/Wq/+suAI6mfhSnNkjOGMcMlzNTmwxGD/v7Py6OVA+YcJQsqYalLrqbvT2tXV
+mYBVO3oqafg+kfevfwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQCioM8k0EEBFtY4QyxOYFufPDLw
+9PNPct01ltnTVjNEEt/L6/8zYlDwrDeULEkJS7mV9zV3657NPQ5IPT/Ib93Uk/RPi0iOA2CGWIMa
+DQIODN3BUYr+zPUqhbKS6OWOhTgV8GiRCUbxrT1uc1AiacP63pga3TJX8k8WFnfW+Dqm2MfWWlxr
+4X2YB9VUW55X5sBNy035jYhEpp8NCK/fTAhoEQNCG+rm3T9qhT6YyOnbW2kXU747+ZwXT2qA5o4y
+a/9+6dDc+LUlHCEm4X7c6bcGvCfNezB4k56FzbAJlOLf2VDGzvEQBf0hsB+kElezm1VBlEkZ4Mjz
+pBpHBMoR21SwTpcvrbR4ig0Bk1eEHNK44sw0F32K5yww3gnJftMIZtPhjhk8UdG2/H6vs9s/to2V
+j4V6wN4o79RTULoQ8RjL6MPWEWzwOvOZXJAo2XJEECvDivSjIJvNC0lfrK3zI3LH3c1JR6q2EfeC
+Z50wTJMFoChSaqunJQXKo81g6wNhP00=</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </ds:Signature>
+ <md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <md:KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>MIIDMzCCAhsCBFtIcPowDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH
+SVoxJDAiBgNVBAsMG2NlbnRyYWwgbmF0aW9uYWwgZUlEQVMgbm9kZTEaMBgGA1UEAwwRQXNzZXJ0
+aW9uIHNpZ25pbmcwHhcNMTgwNzEzMDkyOTMwWhcNMjEwNDA3MDkyOTMwWjBeMQswCQYDVQQGEwJB
+VDENMAsGA1UECgwERUdJWjEkMCIGA1UECwwbY2VudHJhbCBuYXRpb25hbCBlSURBUyBub2RlMRow
+GAYDVQQDDBFBc3NlcnRpb24gc2lnbmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AJ5zDYxMPRcz6AHaev1tS46Tq8sdgbGFM56uxk6c7LmMDC+HTzNX/3Q5S/YwSzgL3ue5TSw1ltOf
+yMXMZ6D0+buWWcsxGEkQ8M3adKRFdQrEwafzwTA7pguq5WiHOkr4qwR7dLMome9z5cc3LRcwdOPP
+gq7ahb5jM3hRqc5xkMWIuvql0NFXPzlHrjDLwy5nIWPOhL5abhVt4YsXbpbjXxFSGkDEAZ32K3EU
+LNBr9FSUmJfbrVX9AU2T+BKIwiqXP8e/3UJHgPHQ0l5ljWp5P6u5+tvM21o8sUM4eArRa8BkdRsP
+C92GVuASSUz2ZJ3JhAK1cSM8bnvaZVLQtTvPMAcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAp7z
+TubWXW6YMpyLSvWBdZiiQ3X66XpSZLZJDIAkoPzEY0DSBp8I5YASIx4JTR5XJt+6MI9acgNIAYW8
+DhtRwUMVaRWEtuCrfKhGLWm5KSxnhPcD3lzRZhY4ZcA7dUlirjf6hnqo2TFEmJ9fkM+rxwy1GkDD
+7j2YDSOFmSq9/Ud9/IbIfSnRu/lO0dh7iRrmg3y0Y/+plPxYmp4AHqehP11OchTz2FGGHVsSC2Vs
+IVBQI6ANZYyOlicgfEEFHA06jP9OnA0EwEFr2P+di9caZg8vfibyzxMGeuf6CY0c0eLHokBCn2W8
+vkzvWiER3pozRvCmXFjCVZfRjUunaJf2ow==</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </md:KeyDescriptor>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+ <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://vidp.gv.at/ms_connector/pvp/post"/>
+ <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://vidp.gv.at/ms_connector/pvp/redirect"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-CCS-URL" Name="urn:oid:1.2.40.0.10.2.1.1.261.64" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-SOURCE-PIN" Name="urn:oid:1.2.40.0.10.2.1.1.261.36" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-SIGNER-CERTIFICATE" Name="urn:oid:1.2.40.0.10.2.1.1.261.66" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-SOURCE-PIN-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.104" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-E-ID-TOKEN" Name="urn:oid:1.2.40.0.10.2.1.1.261.39" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-IDENTITY-LINK" Name="urn:oid:1.2.40.0.10.2.1.1.261.38" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-CITIZEN-QAA-EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-IDENTITY-STATUS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.109" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ </md:IDPSSODescriptor>
+</md:EntityDescriptor>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_sig_valid_wrong_alg.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_sig_valid_wrong_alg.xml
new file mode 100644
index 00000000..2187aa5f
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_sig_valid_wrong_alg.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_1a48ec3432f2f3ba6222724a5b06f873" entityID="https://vidp.gv.at/ms_connector/pvp/metadata" validUntil="2045-02-06T08:47:26.211Z">
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="signature-1-1"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-1-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><dsig:DigestValue>dhkHkgZ1OOHG0nYWiRXrpZhIAx41103CG6DKDbBra8o=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>AkxnEu9g3QgYC0JwuJXMYFrnNn6UMtrbtVn5YzkKBXxyYqZui4pEi/TRSM9r7Gt+
+4UqHrJVkYMbbuoO2kpiDnluPG+vHYzYFvF0agQ+gfGjpVQNRORN0FU7JPX+KPjpr
+sMU8wVZITSPU0GBBccvzrcpq7DQt0VbV5U7/Vq3KM/fop4ytAkUbTltUj/XxvAd1
+XdhB/zyeTTR2dafJ6Z2CKyM7MMmxwXYD1NrPGciPvTJ9ASHAT0lJM1dxrRNbeAja
+KTrNVj78MhSluRm5g7N1pMZzgMSpqN66AUg8pkSTvcRaNImPzYDcMQzHl2Tr362M
+RudjSgaEljK98TbBdgLFTg==</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIEqzCCBBSgAwIBAgIHANux81oNezANBgkqhkiG9w0BAQUFADBAMSIwIAYDVQQD
+ExlJQUlLIFRlc3QgSW50ZXJtZWRpYXRlIENBMQ0wCwYDVQQKEwRJQUlLMQswCQYD
+VQQGEwJBVDAeFw0xMzA5MjcwNTMzMzdaFw0yMzA5MjcwNTMzMzdaMIHkMQswCQYD
+VQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5
+IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJ
+bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEUMBIGA1UE
+BBMLTU9BLVNTIFRlc3QxGDAWBgNVBCoTD0VHSVogVGVzdHBvcnRhbDEkMCIGA1UE
+AxMbRUdJWiBUZXN0cG9ydGFsIE1PQS1TUyBUZXN0MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuDjOyf+mY+oQL2FQzzuaiC8C23vVKbq/n2Zi7BqSibZH
+mtqMJfmj4pT+hWSNHvVvWsaxFcx4KeNqdCMzwnw1r4P3Sf+2o5uFku5KHEMLMokR
+yYQG9VqY/KkB94ye7Pv6zT8gvKqxGFg96UamECep4swPaSZrA8AOER5WAtyGDzKI
+Tz+a5zfFaTXDoba7f98PCWR96yKiFjVOhzp38WVz4VJgz+b8ZSY7Xsv5Kn7DXjOL
+STX4MevFLki3rFPup3+4vGToaMBW3PEj67HXBdqR855Le6+E6rVxORqsXqlVwhsI
+6nuS0CO2LWYmBNR1IB0mXteeYH/HfxvuZc+7yDjdPQIDAQABo4IBhDCCAYAwDgYD
+VR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEmcH6VY4BG1EAGB
+TLoNR9vH/g6yMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jYS5pYWlrLnR1Z3Jh
+ei5hdC9jYXBzby9jcmxzL0lBSUtUZXN0X0ludGVybWVkaWF0ZUNBLmNybDCBqgYI
+KwYBBQUHAQEEgZ0wgZowSgYIKwYBBQUHMAGGPmh0dHA6Ly9jYS5pYWlrLnR1Z3Jh
+ei5hdC9jYXBzby9PQ1NQP2NhPUlBSUtUZXN0X0ludGVybWVkaWF0ZUNBMEwGCCsG
+AQUFBzAChkBodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY2Fwc28vY2VydHMvSUFJ
+S1Rlc3RfSW50ZXJtZWRpYXRlQ0EuY2VyMCEGA1UdEQQaMBiBFnRob21hcy5sZW56
+QGVnaXouZ3YuYXQwHwYDVR0jBBgwFoAUaKJeEdreL4BrRES/jfplNoEkp28wDQYJ
+KoZIhvcNAQEFBQADgYEAlFGjUxXLs7SAT8NtXSrv2WrjlklaRnHTFHLQwyVo8JWb
+gvRkHHDUv2o8ofXUY2R2WJ38dxeDoccgbXrJb/Qhi8IY7YhCwv/TuIZDisyAqo8W
+ORKSip/6HWlGCSR/Vgoet1GtCmF0FoUxFUIGSAuQ2yyt4fIzt5GJrU1X5ujjI1w=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo></dsig:Signature><md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <md:KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>MIIDMzCCAhsCBFtIcPowDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH
+SVoxJDAiBgNVBAsMG2NlbnRyYWwgbmF0aW9uYWwgZUlEQVMgbm9kZTEaMBgGA1UEAwwRQXNzZXJ0
+aW9uIHNpZ25pbmcwHhcNMTgwNzEzMDkyOTMwWhcNMjEwNDA3MDkyOTMwWjBeMQswCQYDVQQGEwJB
+VDENMAsGA1UECgwERUdJWjEkMCIGA1UECwwbY2VudHJhbCBuYXRpb25hbCBlSURBUyBub2RlMRow
+GAYDVQQDDBFBc3NlcnRpb24gc2lnbmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AJ5zDYxMPRcz6AHaev1tS46Tq8sdgbGFM56uxk6c7LmMDC+HTzNX/3Q5S/YwSzgL3ue5TSw1ltOf
+yMXMZ6D0+buWWcsxGEkQ8M3adKRFdQrEwafzwTA7pguq5WiHOkr4qwR7dLMome9z5cc3LRcwdOPP
+gq7ahb5jM3hRqc5xkMWIuvql0NFXPzlHrjDLwy5nIWPOhL5abhVt4YsXbpbjXxFSGkDEAZ32K3EU
+LNBr9FSUmJfbrVX9AU2T+BKIwiqXP8e/3UJHgPHQ0l5ljWp5P6u5+tvM21o8sUM4eArRa8BkdRsP
+C92GVuASSUz2ZJ3JhAK1cSM8bnvaZVLQtTvPMAcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAp7z
+TubWXW6YMpyLSvWBdZiiQ3X66XpSZLZJDIAkoPzEY0DSBp8I5YASIx4JTR5XJt+6MI9acgNIAYW8
+DhtRwUMVaRWEtuCrfKhGLWm5KSxnhPcD3lzRZhY4ZcA7dUlirjf6hnqo2TFEmJ9fkM+rxwy1GkDD
+7j2YDSOFmSq9/Ud9/IbIfSnRu/lO0dh7iRrmg3y0Y/+plPxYmp4AHqehP11OchTz2FGGHVsSC2Vs
+IVBQI6ANZYyOlicgfEEFHA06jP9OnA0EwEFr2P+di9caZg8vfibyzxMGeuf6CY0c0eLHokBCn2W8
+vkzvWiER3pozRvCmXFjCVZfRjUunaJf2ow==</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </md:KeyDescriptor>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+ <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://vidp.gv.at/ms_connector/pvp/post"/>
+ <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://vidp.gv.at/ms_connector/pvp/redirect"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-CCS-URL" Name="urn:oid:1.2.40.0.10.2.1.1.261.64" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-SOURCE-PIN" Name="urn:oid:1.2.40.0.10.2.1.1.261.36" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-SIGNER-CERTIFICATE" Name="urn:oid:1.2.40.0.10.2.1.1.261.66" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-SOURCE-PIN-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.104" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-E-ID-TOKEN" Name="urn:oid:1.2.40.0.10.2.1.1.261.39" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-IDENTITY-LINK" Name="urn:oid:1.2.40.0.10.2.1.1.261.38" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-CITIZEN-QAA-EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EID-IDENTITY-STATUS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.109" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ </md:IDPSSODescriptor>
+</md:EntityDescriptor> \ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/sp_metadata_junit.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/sp_metadata_junit.xml
index 9c62db5d..0e25cce4 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/sp_metadata_junit.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/sp_metadata_junit.xml
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_1a48ec3432f2f3ba6222724a5b06f873" entityID="https://localhost/authhandler/sp/eidas/metadata" validUntil="2045-02-06T08:47:26.211Z">
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_1a48ec3432f2f3ba6222724a5b06f873" entityID="https://localhost/authhandler/sp/idaustria/metadata" validUntil="2045-02-06T08:47:26.211Z">
<md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/pvp.p12 b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/pvp.p12
new file mode 100644
index 00000000..183342f7
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/pvp.p12
Binary files differ