diff options
Diffstat (limited to 'modules/authmodule-eIDAS-v2/src')
8 files changed, 114 insertions, 44 deletions
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index be20e632..9ceb08ee 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -52,8 +52,9 @@ public class Constants { public static final String CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS = CONIG_PROPS_EIDAS_NODE + ".publicSectorTargets"; public static final String CONIG_PROPS_EIDAS_NODE_ENTITYID = CONIG_PROPS_EIDAS_NODE + ".entityId"; - public static final String CONIG_PROPS_EIDAS_NODE_FORWARD_URL = CONIG_PROPS_EIDAS_NODE + public static final String CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL = CONIG_PROPS_EIDAS_NODE + ".forward.endpoint"; + public static final String CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD = CONIG_PROPS_EIDAS_NODE + ".forward.method"; public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_DEFAULT_ONLYNATURAL = @@ -159,6 +160,12 @@ public class Constants { public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier"; public static final String eIDAS_ATTR_LEGALNAME = "LegalName"; + public static final String eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER = "RepresentativePersonIdentifier"; + public static final String eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH = "RepresentativeDateOfBirth"; + public static final String eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME = "RepresentativeFirstName"; + public static final String eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME = "RepresentativeFamilyName"; + + public static final String eIDAS_REQ_PARAM_SECTOR_PUBLIC = "public"; public static final String eIDAS_REQ_PARAM_SECTOR_PRIVATE = "private"; @@ -167,6 +174,7 @@ public class Constants { // SAML2 Constants public static final String SUCCESS_URI = "urn:oasis:names:tc:SAML:2.0:status:Success"; + public static final String ERROR_URI = "urn:oasis:names:tc:SAML:2.0:status:Responder"; public static final String HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION = "30"; // seconds public static final String HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE = "60"; // seconds diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java index 323a37e2..1fdd3d5b 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java @@ -26,6 +26,7 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; import java.nio.charset.StandardCharsets; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.util.Arrays; import java.util.Base64; import java.util.Map; import java.util.regex.Matcher; @@ -280,7 +281,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { * Set ProviderName and RequestId into eIDAS AuthnRequest. * * @param pendingReq Current pendingRequest - * @param authnRequestBuilder AuthnREquest builer + * @param authnRequestBuilder AuthnRequest builder */ protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) { final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); @@ -330,6 +331,37 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { } } + /** + * Build LoA based on Service-Provider configuration. + * + * @param spConfig Current SP configuration + * @param authnRequestBuilder AuthnRequest builder + */ + protected void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) { + // TODO: set matching mode if eIDAS ref. impl. support this method + + // TODO: update if eIDAS ref. impl. supports exact matching for non-notified LoA + // schemes + String loa = EaafConstants.EIDAS_LOA_HIGH; + if (spConfig.getRequiredLoA() != null) { + if (spConfig.getRequiredLoA().isEmpty()) { + log.info("No eIDAS LoA requested. Use LoA HIGH as default"); + } else { + if (spConfig.getRequiredLoA().size() > 1) { + log.info( + "Currently only ONE requested LoA is supported for service provider. Use first one ... "); + } + + loa = spConfig.getRequiredLoA().get(0); + + } + } + + log.debug("Request eIdAS node with LoA: " + loa); + authnRequestBuilder.levelsOfAssuranceValues(Arrays.asList(loa)); + + } + private String generateRequesterId(String requesterId) { if (requesterId != null && basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION, true)) { @@ -389,30 +421,4 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { return builder.build(); } - - protected void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) { - // TODO: set matching mode if eIDAS ref. impl. support this method - - // TODO: update if eIDAS ref. impl. supports exact matching for non-notified LoA - // schemes - String loa = EaafConstants.EIDAS_LOA_HIGH; - if (spConfig.getRequiredLoA() != null) { - if (spConfig.getRequiredLoA().isEmpty()) { - log.info("No eIDAS LoA requested. Use LoA HIGH as default"); - } else { - if (spConfig.getRequiredLoA().size() > 1) { - log.info( - "Currently only ONE requested LoA is supported for service provider. Use first one ... "); - } - - loa = spConfig.getRequiredLoA().get(0); - - } - } - - log.debug("Request eIdAS node with LoA: " + loa); - authnRequestBuilder.levelOfAssurance(loa); - - } - } diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java index 0f1b5432..b6f028a4 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java @@ -147,7 +147,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { } // select forward URL regarding the selected environment - String forwardUrl = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL); + String forwardUrl = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL); if (StringUtils.isNotEmpty(environment)) { forwardUrl = selectedForwardUrlForEnvironment(environment); } @@ -155,8 +155,8 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { if (StringUtils.isEmpty(forwardUrl)) { log.warn("NO ForwardURL defined in configuration. Can NOT forward to eIDAS node! Process stops"); throw new EaafConfigurationException("config.08", new Object[] { - environment == null ? Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL - : Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + "." + environment + environment == null ? Constants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL + : Constants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL + "." + environment }); } @@ -233,17 +233,17 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { private String selectedForwardUrlForEnvironment(String environment) { log.trace("Starting endpoint selection process for environment: " + environment + " ... "); if (environment.equalsIgnoreCase(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_PRODUCTION)) { - return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL); + return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL); } else if (environment.equalsIgnoreCase(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS)) { - return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL + "." + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS); } else if (environment.equalsIgnoreCase( MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING)) { - return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL + "." + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING); } else if (environment.equalsIgnoreCase( MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT)) { - return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL + "." + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT); } diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 3b0cee54..f37516f8 100644 --- a/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -65,17 +65,22 @@ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService" /> <bean id="DE-Processor" - class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeEidProcessor"> + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeEidProcessor"> <property name="priority" value="1" /> </bean> <bean id="LU-Processor" - class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.LuEidProcessor"> + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.LuEidProcessor"> + <property name="priority" value="1" /> + </bean> + + <bean id="NL-Processor" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.NlEidProcessor"> <property name="priority" value="1" /> </bean> <bean id="Default-Processor" - class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.GenericEidProcessor"> + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.GenericEidProcessor"> <property name="priority" value="0" /> </bean> diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummySpecificCommunicationService.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummySpecificCommunicationService.java index d2b0c1ae..78294047 100644 --- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummySpecificCommunicationService.java +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummySpecificCommunicationService.java @@ -9,12 +9,16 @@ import eu.eidas.auth.commons.tx.BinaryLightToken; import eu.eidas.specificcommunication.BinaryLightTokenHelper; import eu.eidas.specificcommunication.exception.SpecificCommunicationException; import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; +import lombok.Setter; public class DummySpecificCommunicationService implements SpecificCommunicationService { private ILightRequest lightRequest; private ILightResponse lightResponse; + @Setter + private SpecificCommunicationException error; + @Override public BinaryLightToken putRequest(ILightRequest lightRequest) throws SpecificCommunicationException { this.lightRequest = lightRequest; @@ -24,6 +28,10 @@ public class DummySpecificCommunicationService implements SpecificCommunicationS @Override public ILightRequest getAndRemoveRequest(String tokenBase64, Collection<AttributeDefinition<?>> registry) throws SpecificCommunicationException { + if (error != null) { + throw error; + + } return lightRequest; } diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java index 763d7d39..9521e348 100644 --- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java @@ -138,7 +138,7 @@ public class GenerateAuthnRequestTaskTest { .getErrorId()); Assert.assertEquals("wrong parameter size", 1, ((EaafException) e.getOriginalException()) .getParams().length); - Assert.assertEquals("wrong errorMsg", Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL, ((EaafException) e + Assert.assertEquals("wrong errorMsg", Constants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL, ((EaafException) e .getOriginalException()).getParams()[0]); } @@ -163,7 +163,7 @@ public class GenerateAuthnRequestTaskTest { .getErrorId()); Assert.assertEquals("wrong parameter size", 1, ((EaafException) e.getOriginalException()) .getParams().length); - Assert.assertEquals("wrong errorMsg", Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + "." + stage, ((EaafException) e + Assert.assertEquals("wrong errorMsg", Constants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL + "." + stage, ((EaafException) e .getOriginalException()).getParams()[0]); } diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java index 7ac41500..610801a6 100644 --- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java @@ -66,8 +66,9 @@ public class EidasRequestPreProcessingFirstTest { private TestRequestImpl pendingReq; private DummySpConfiguration oaParam; - private Builder authnRequestBuilder; - + private Builder authnRequestBuilder; + private Map<String, String> spConfig; + /** * jUnit class initializer. * @@ -88,9 +89,9 @@ public class EidasRequestPreProcessingFirstTest { @Before public void setUp() { - final Map<String, String> spConfig = new HashMap<>(); + spConfig = new HashMap<>(); spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); - spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); + spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); oaParam = new DummySpConfiguration(spConfig, basicConfig); pendingReq = new TestRequestImpl(); @@ -151,5 +152,42 @@ public class EidasRequestPreProcessingFirstTest { Assert.assertEquals("Requested attribute size not match", 8, lightReq.getRequestedAttributes().size()); } + + @Test + public void prePreProcessNlWithUpgrade() throws EidPostProcessingException { + + final String testCountry = "NL"; + spConfig.put("loa", EaafConstants.EIDAS_LOA_LOW); + authnRequestBuilder.citizenCountryCode(testCountry); + authnRequestBuilder.levelOfAssurance(EaafConstants.EIDAS_LOA_LOW); + + preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder); + + final LightRequest lightReq = authnRequestBuilder.build(); + + Assert.assertNotSame("RequesterId was set", lightReq.getRequesterId()); + Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); + Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size()); + + Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_SUBSTANTIAL, lightReq.getLevelOfAssurance()); + } + + @Test + public void prePreProcessNlWithOutUpgrade() throws EidPostProcessingException { + + final String testCountry = "NL"; + authnRequestBuilder.citizenCountryCode(testCountry); + preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder); + + final LightRequest lightReq = authnRequestBuilder.build(); + + Assert.assertNotSame("RequesterId was set", lightReq.getRequesterId()); + Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); + Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size()); + + Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH, lightReq.getLevelOfAssurance()); + + } + } diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml b/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml index cd2888c1..f31e5063 100644 --- a/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml +++ b/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml @@ -55,6 +55,11 @@ <property name="priority" value="1" /> </bean> + <bean id="NL-Processor" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.NlEidProcessor"> + <property name="priority" value="1" /> + </bean> + <bean id="eIDASAuthModule" class="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasAuthenticationModulImpl"> <property name="priority" value="2" /> |