diff options
Diffstat (limited to 'modules/authmodule-eIDAS-v2/src')
8 files changed, 111 insertions, 27 deletions
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index a554bf57..2c4654ad 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -41,6 +41,10 @@ public class Constants { // configuration properties public static final String CONIG_PROPS_EIDAS_PREFIX = "auth.eIDAS"; + + public static final String CONIG_PROPS_EIDAS_WORKAROUND_STAGING_MS_CONNECTOR = + CONIG_PROPS_EIDAS_PREFIX + ".workarounds.staging.msconnector.endpoint"; + public static final String CONIG_PROPS_EIDAS_IS_TEST_IDENTITY = CONIG_PROPS_EIDAS_PREFIX + ".eid.testidentity.default"; public static final String CONIG_PROPS_EIDAS_NODE = CONIG_PROPS_EIDAS_PREFIX + ".node_v2"; @@ -127,6 +131,7 @@ public class Constants { CONIG_PROPS_EIDAS_SZRCLIENT + ".revisionlog.eidmapping.active"; public static final String DEFAULT_MS_NODE_COUNTRY_CODE = "AT"; + @Deprecated public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_URL = diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java index 4a3218e9..1fdd3d5b 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java @@ -421,5 +421,4 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { return builder.build(); } - } diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java index b43c1bc2..b6f028a4 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java @@ -46,6 +46,7 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import eu.eidas.auth.commons.EidasParameterKeys; @@ -125,14 +126,17 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { // Add country-specific informations into eIDAS request ccSpecificProcessing.preProcess(citizenCountryCode, pendingReq, authnRequestBuilder); - + // build request final LightRequest lightAuthnReq = authnRequestBuilder.build(); - // put request into Hazelcast cache + // put request into shared cache final BinaryLightToken token = putRequestInCommunicationCache(lightAuthnReq); final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token); + // Workaround for ms-connector staging + injectStagingWorkaroundForMsConnector(); + // Workaround, because eIDAS node ref. impl. does not return relayState if (basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER, @@ -200,6 +204,21 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { } + + private void injectStagingWorkaroundForMsConnector() throws EaafException { + String alternativReturnEndpoint = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_WORKAROUND_STAGING_MS_CONNECTOR); + if (StringUtils.isNotEmpty(alternativReturnEndpoint)) { + log.info("Inject alternative MS-Connector end-point: {}", alternativReturnEndpoint); + pendingReq.setRawDataToTransaction( + MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, alternativReturnEndpoint); + + // store pending request after update + requestStoreage.storePendingRequest(pendingReq); + + } + } + /** * Select a forward URL from configuration for a specific environment <br> * <br> diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index 55bb1ace..e645c50e 100644 --- a/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -13,17 +13,14 @@ <pd:StartEvent id="start" /> - <pd:Transition from="start" - to="createAuthnRequest" /> - <pd:Transition from="createAuthnRequest" - to="receiveAuthnResponse" /> - <pd:Transition from="receiveAuthnResponse" - to="generateIdentityLink" /> - <pd:Transition from="generateIdentityLink" - to="finalizeAuthentication" /> - <pd:Transition from="finalizeAuthentication" - to="end" /> - + <pd:Transition from="start" to="createAuthnRequest" /> + <pd:Transition from="createAuthnRequest" to="receiveAuthnResponse" /> + <pd:Transition conditionExpression="ctx['msConnectorStaging']" + from="receiveAuthnResponse" to="end" /> + <pd:Transition from="receiveAuthnResponse" to="generateIdentityLink" /> + <pd:Transition from="generateIdentityLink" to="finalizeAuthentication" /> + <pd:Transition from="finalizeAuthentication" to="end" /> + <pd:EndEvent id="end" /> </pd:ProcessDefinition> diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java index e1a29137..7aab1f3e 100644 --- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java @@ -17,8 +17,9 @@ import java.util.Iterator; import java.util.List; import java.util.Map; +import javax.annotation.Nonnull; + import org.apache.commons.lang3.RandomStringUtils; -import org.jetbrains.annotations.NotNull; import org.jose4j.jwa.AlgorithmConstraints; import org.jose4j.jwa.AlgorithmConstraints.ConstraintType; import org.jose4j.jws.AlgorithmIdentifiers; @@ -451,7 +452,7 @@ public class CreateIdentityLinkTaskEidNewTest { } - @NotNull + @Nonnull private AuthenticationResponse buildDummyAuthResponse(boolean withAll) throws URISyntaxException { final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java index d6485158..a9d2f332 100644 --- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java @@ -7,12 +7,12 @@ import java.net.URISyntaxException; import java.util.HashMap; import java.util.Map; +import javax.annotation.Nonnull; import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBException; import javax.xml.bind.Unmarshaller; import org.apache.commons.lang3.RandomStringUtils; -import org.jetbrains.annotations.NotNull; import org.junit.Assert; import org.junit.Before; import org.junit.Rule; @@ -434,7 +434,7 @@ public class CreateIdentityLinkTaskTest { } - @NotNull + @Nonnull private AuthenticationResponse buildDummyAuthResponse() throws URISyntaxException { final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java index 5ebe8225..9521e348 100644 --- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java @@ -93,7 +93,8 @@ public class GenerateAuthnRequestTaskTest { "http://test/" + RandomStringUtils.randomAlphabetic(5)); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); - basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat"); + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat"); + basicConfig.removeConfigValue(Constants.CONIG_PROPS_EIDAS_WORKAROUND_STAGING_MS_CONNECTOR); } @@ -284,11 +285,43 @@ public class GenerateAuthnRequestTaskTest { Assert.assertEquals("ProviderName is not Static", Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, eidasReq.getProviderName()); Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType()); - Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance()); + Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance()); + Assert.assertNull("msConnector Staging", + pendingReq.getRawData(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, String.class)); } @Test + public void withMsConnectorStaging() throws TaskExecutionException, + SpecificCommunicationException { + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); + + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.publicSectorTargets", ".*"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true"); + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs"); + + String msConnectorStage = RandomStringUtils.randomAlphanumeric(10); + basicConfig.putConfigValue(Constants.CONIG_PROPS_EIDAS_WORKAROUND_STAGING_MS_CONNECTOR, msConnectorStage); + + + //execute test + task.execute(pendingReq, executionContext); + + //validate state + Assert.assertEquals("msConnector Staging", msConnectorStage, + pendingReq.getRawData(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, String.class)); + + + + } + + @Test public void withCustomStaticProviderNameForPublicSPs() throws TaskExecutionException, SpecificCommunicationException { String cc = RandomStringUtils.randomAlphabetic(2); @@ -458,8 +491,8 @@ public class GenerateAuthnRequestTaskTest { final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); - Assert.assertEquals("PrividerName", "myNode", eidasReq.getProviderName()); - Assert.assertEquals("RequesterId", "myNode", eidasReq.getRequesterId()); + Assert.assertEquals("PrividerName", "Austria", eidasReq.getProviderName()); + Assert.assertEquals("RequesterId", "Austria", eidasReq.getRequesterId()); Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType()); Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH, eidasReq.getLevelOfAssurance()); diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java index 53a49bac..ba77610a 100644 --- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java @@ -7,8 +7,9 @@ import java.util.Arrays; import java.util.HashMap; import java.util.Map; +import javax.annotation.Nonnull; + import org.apache.commons.lang3.RandomStringUtils; -import org.jetbrains.annotations.NotNull; import org.junit.Assert; import org.junit.Before; import org.junit.Test; @@ -141,11 +142,38 @@ public class ReceiveEidasResponseTaskTest { } @Test + public void successAndForward() throws URISyntaxException, TaskExecutionException, + PendingReqIdValidationException, EaafStorageException { + + AuthenticationResponse eidasResponse = buildDummyAuthResponse(Constants.SUCCESS_URI); + httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse); + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU"); + + String alternativReturnEndpoint = "http://ms-connector.alternative/" + RandomStringUtils.randomAlphabetic(10); + pendingReq.setRawDataToTransaction( + MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, alternativReturnEndpoint); + + //execute test + task.execute(pendingReq, executionContext); + + //validate state + Assert.assertEquals("msConnectorStage", true, + (Boolean) executionContext.get(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING)); + + //validate state + Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); + Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); + Assert.assertTrue("Wrong redirect endpoint", + ((String) httpResp.getHeaderValue("Location")).startsWith(alternativReturnEndpoint)); + + + } + + @Test public void success() throws URISyntaxException, TaskExecutionException, PendingReqIdValidationException { - @NotNull + @Nonnull AuthenticationResponse eidasResponse = buildDummyAuthResponse(Constants.SUCCESS_URI); httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse); - executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU"); //execute test task.execute(pendingReq, executionContext); @@ -162,13 +190,15 @@ public class ReceiveEidasResponseTaskTest { authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE)); Assert.assertFalse("testIdentity flag", authProcessData.isTestIdentity()); + Assert.assertEquals("msConnectorStage", false, + (Boolean) executionContext.get(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING)); } @Test public void successWithTestIdentity() throws URISyntaxException, TaskExecutionException, PendingReqIdValidationException { basicConfig.putConfigValue("eidas.ms.auth.eIDAS.eid.testidentity.default", "true"); - @NotNull + @Nonnull AuthenticationResponse eidasResponse = buildDummyAuthResponse(Constants.SUCCESS_URI); httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse); executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU"); @@ -192,7 +222,7 @@ public class ReceiveEidasResponseTaskTest { - @NotNull + @Nonnull private AuthenticationResponse buildDummyAuthResponse(String statusCode) throws URISyntaxException { final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); |