diff options
Diffstat (limited to 'modules/authmodule-eIDAS-v2/src')
84 files changed, 14881 insertions, 0 deletions
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java new file mode 100644 index 00000000..90451e87 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -0,0 +1,186 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2; + +import at.gv.egiz.eaaf.core.api.data.EaafConstants; + +public class Constants { + + public static final String DATA_REQUESTERID = "req_requesterId"; + public static final String DATA_PROVIDERNAME = "req_providerName"; + public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA"; + public static final String DATA_REQUESTED_LOA_COMPERISON = "req_requestedLoAComperision"; + public static final String DATA_FULL_EIDAS_RESPONSE = "resp_fulleIDASResponse"; + + // templates for post-binding forwarding + public static final String TEMPLATE_POST_FORWARD_NAME = "eidas_node_forward.html"; + public static final String TEMPLATE_POST_FORWARD_ENDPOINT = "endPoint"; + public static final String TEMPLATE_POST_FORWARD_TOKEN_NAME = "tokenName"; + public static final String TEMPLATE_POST_FORWARD_TOKEN_VALUE = "tokenValue"; + + // configuration properties + public static final String CONIG_PROPS_EIDAS_PREFIX = "auth.eIDAS"; + + public static final String CONIG_PROPS_EIDAS_WORKAROUND_STAGING_MS_CONNECTOR = + CONIG_PROPS_EIDAS_PREFIX + ".workarounds.staging.msconnector.endpoint"; + + public static final String CONIG_PROPS_EIDAS_IS_TEST_IDENTITY = CONIG_PROPS_EIDAS_PREFIX + + ".eid.testidentity.default"; + public static final String CONIG_PROPS_EIDAS_NODE = CONIG_PROPS_EIDAS_PREFIX + ".node_v2"; + public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode"; + public static final String CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS = CONIG_PROPS_EIDAS_NODE + + ".publicSectorTargets"; + public static final String CONIG_PROPS_EIDAS_NODE_ENTITYID = CONIG_PROPS_EIDAS_NODE + ".entityId"; + public static final String CONIG_PROPS_EIDAS_NODE_FORWARD_URL = CONIG_PROPS_EIDAS_NODE + + ".forward.endpoint"; + public static final String CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD = CONIG_PROPS_EIDAS_NODE + + ".forward.method"; + public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_DEFAULT_ONLYNATURAL = + CONIG_PROPS_EIDAS_NODE + ".attributes.requested.onlynatural"; + public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_CC_SPECIFIC_ONLYNATURAL = + CONIG_PROPS_EIDAS_NODE + ".attributes.requested.{0}.onlynatural"; + public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_REPRESENTATION = + CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation"; + + public static final String CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION = + CONIG_PROPS_EIDAS_NODE + ".requesterId.useHashedForm"; + public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_REQUESTERID_FOR_LUX = + CONIG_PROPS_EIDAS_NODE + ".requesterId.lu.useStaticRequesterForAll"; + + public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME = + CONIG_PROPS_EIDAS_NODE + ".workarounds.addAlwaysProviderName"; + public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER = + CONIG_PROPS_EIDAS_NODE + ".workarounds.useRequestIdAsTransactionIdentifier"; + + public static final String CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT = + CONIG_PROPS_EIDAS_NODE + ".requested.nameIdFormat"; + + public static final String CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = CONIG_PROPS_EIDAS_NODE + + ".staticProviderNameForPublicSPs"; + public static final String DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = "Austria"; + + public static final String FORWARD_METHOD_POST = "POST"; + public static final String FORWARD_METHOD_GET = "GET"; + + public static final String CONIG_PROPS_EIDAS_SZRCLIENT = CONIG_PROPS_EIDAS_PREFIX + ".szrclient"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE = CONIG_PROPS_EIDAS_SZRCLIENT + + ".useTestService"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_TRACEMESSAGES = CONIG_PROPS_EIDAS_SZRCLIENT + + ".debug.logfullmessages"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY = CONIG_PROPS_EIDAS_SZRCLIENT + + ".debug.useDummySolution"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SET_MDS_TO_EIDASBIND = CONIG_PROPS_EIDAS_SZRCLIENT + + ".eidasbind.mds.inject"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION = CONIG_PROPS_EIDAS_SZRCLIENT + + ".timeout.connection"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE = CONIG_PROPS_EIDAS_SZRCLIENT + + ".timeout.response"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_PROD = CONIG_PROPS_EIDAS_SZRCLIENT + + ".endpoint.prod"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_TEST = CONIG_PROPS_EIDAS_SZRCLIENT + + ".endpoint.test"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PATH = CONIG_PROPS_EIDAS_SZRCLIENT + + ".ssl.keyStore.path"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PASSWORD = CONIG_PROPS_EIDAS_SZRCLIENT + + ".ssl.keyStore.password"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PATH = CONIG_PROPS_EIDAS_SZRCLIENT + + ".ssl.trustStore.path"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PASSWORD = CONIG_PROPS_EIDAS_SZRCLIENT + + ".ssl.trustStore.password"; + + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE = CONIG_PROPS_EIDAS_SZRCLIENT + + ".params.documenttype"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ = CONIG_PROPS_EIDAS_SZRCLIENT + + ".params.vkz"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE = CONIG_PROPS_EIDAS_SZRCLIENT + + ".params.issuingdate"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY = + CONIG_PROPS_EIDAS_SZRCLIENT + ".params.issuingauthority"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_KEYS_USEDUMMY = CONIG_PROPS_EIDAS_SZRCLIENT + + ".params.usedummykeys"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION = + CONIG_PROPS_EIDAS_SZRCLIENT + ".params.useSZRForbPKCalculation"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE = + CONIG_PROPS_EIDAS_SZRCLIENT + ".params.setPlaceOfBirthIfAvailable"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE = + CONIG_PROPS_EIDAS_SZRCLIENT + ".params.setBirthNameIfAvailable"; + + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE = + CONIG_PROPS_EIDAS_SZRCLIENT + ".revisionlog.eidmapping.active"; + + @Deprecated + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_URL = + CONIG_PROPS_EIDAS_SZRCLIENT + ".workarounds.datastore.sqlite.url"; + @Deprecated + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_ACTIVE = + CONIG_PROPS_EIDAS_SZRCLIENT + ".workarounds.datastore.sqlite.active"; + + // http endpoint descriptions + public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/light/sp/post"; + public static final String eIDAS_HTTP_ENDPOINT_SP_REDIRECT = "/eidas/light/sp/redirect"; + public static final String eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST = "/eidas/light/ColleagueRequest"; + public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/light/metadata"; + + // eIDAS request parameters + public static final String eIDAS_REQ_NAMEID_FORMAT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"; + + // eIDAS attribute names + public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier"; + public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth"; + public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName"; + public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName"; + public static final String eIDAS_ATTR_PLACEOFBIRTH = "PlaceOfBirth"; + public static final String eIDAS_ATTR_BIRTHNAME = "BirthName"; + public static final String eIDAS_ATTR_CURRENTADDRESS = "CurrentAddress"; + + public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier"; + public static final String eIDAS_ATTR_LEGALNAME = "LegalName"; + + public static final String eIDAS_REQ_PARAM_SECTOR_PUBLIC = "public"; + public static final String eIDAS_REQ_PARAM_SECTOR_PRIVATE = "private"; + + public static final String POLICY_DEFAULT_ALLOWED_TARGETS = + EaafConstants.URN_PREFIX_CDID.replaceAll("\\.", "\\\\.").replaceAll("\\+", "\\\\+") + ".*"; + + // SAML2 Constants + public static final String SUCCESS_URI = "urn:oasis:names:tc:SAML:2.0:status:Success"; + + public static final String HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION = "30"; // seconds + public static final String HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE = "60"; // seconds + + public static final String SZR_SCHEMA_LOCATIONS = + "urn:SZRServices" + " " + "/szr_client/szr.xsd"; + + // Default values for SZR communication + public static final String SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE = "ELEKTR_DOKUMENT"; + + // TODO remove!!! + public static final String SZR_CONSTANTS_DEFAULT_ISSUING_DATE = "2014-01-01"; + public static final String SZR_CONSTANTS_DEFAULT_ISSUING_AUTHORITY = "ms-specific eIDAS-Node for AT"; + public static final String SZR_CONSTANTS_DEFAULT_PUBKEY_EXPONENT = "AQAB"; + public static final String SZR_CONSTANTS_DEFAULT_PUBKEY_MODULUS = + "AJZyj/+sdCMDRq9RkvbFcgSTVn/OfS8EUE81ddwP8MNuJ1kd1SWBUJPaQX2JLJHrL54mkOhrkhH2M/zcuOTu8nW9TOEg" + + "XGjrRB/0HpiYKpV+VDJViyyc/GacNLxN4Anw4pima6gHYaJIw9hQkL/nuO2hyh8PGJd7rxeFXJmbLy+X"; + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationModulImpl.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationModulImpl.java new file mode 100644 index 00000000..85f0873e --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationModulImpl.java @@ -0,0 +1,87 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2; + +import java.io.Serializable; + +import org.apache.commons.lang3.StringUtils; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; + +/** + * eIDAS authentication-process selector. + * + * @author tlenz + * + */ +public class EidasAuthenticationModulImpl implements AuthModule { + + private int priority = 1; + + @Override + public int getPriority() { + return priority; + } + + /** + * Sets the priority of this module. Default value is {@code 0}. + * + * @param priority The priority. + */ + public void setPriority(int priority) { + this.priority = priority; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv. + * egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context, IRequest pendingReq) { + Serializable flagObj = context.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY); + if (flagObj != null && flagObj instanceof String + && StringUtils.isNotBlank((String) context.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY))) { + return "eIDASAuthentication_v2"; + } else { + return null; + } + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:eIDAS.Authentication.process.xml" }; + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationSpringResourceProvider.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationSpringResourceProvider.java new file mode 100644 index 00000000..535e4f97 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationSpringResourceProvider.java @@ -0,0 +1,52 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +public class EidasAuthenticationSpringResourceProvider implements SpringResourceProvider { + + @Override + public String getName() { + return "Auth. module for eIDAS Ref. Impl. v2.x"; + } + + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Resource[] getResourcesToLoad() { + final ClassPathResource eidasAuthConfig = new ClassPathResource("/eidas_v2_auth.beans.xml", + EidasAuthenticationSpringResourceProvider.class); + + return new Resource[] { eidasAuthConfig }; + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java new file mode 100644 index 00000000..d3cac80c --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java @@ -0,0 +1,161 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import com.google.common.collect.ImmutableSortedSet; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import eu.eidas.auth.commons.EidasParameterKeys; +import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; +import eu.eidas.specificcommunication.exception.SpecificCommunicationException; +import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; + +/** + * Controler implementation for eIDAS Node communication. + * + * @author tlenz + * + */ +@Controller +public class EidasSignalServlet extends AbstractProcessEngineSignalController { + + private static final Logger log = LoggerFactory.getLogger(EidasSignalServlet.class); + @Autowired + private ApplicationContext context; + @Autowired + private EidasAttributeRegistry attrRegistry; + + /** + * eIDAS Node communication end-point implementation. + * + */ + public EidasSignalServlet() { + super(); + log.debug("Registering servlet {} with mappings '{}' and '{}'.", + getClass().getName(), Constants.eIDAS_HTTP_ENDPOINT_SP_POST, + Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT); + + } + + @RequestMapping(value = { + Constants.eIDAS_HTTP_ENDPOINT_SP_POST, + Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT + }, + method = { RequestMethod.POST, RequestMethod.GET }) + public void restoreEidasAuthProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException, + EaafException { + signalProcessManagement(req, resp); + } + + /** + * Protocol specific implementation to get the pending-requestID from http + * request object. + * + * @param request The http Servlet-Request object + * @return The Pending-request id + * + */ + @Override + public String getPendingRequestId(HttpServletRequest request) { + // String sessionId = super.getPendingRequestId(request); + + try { + // get token from Request + final String tokenBase64 = request.getParameter(EidasParameterKeys.TOKEN.toString()); + if (StringUtils.isEmpty(tokenBase64)) { + log.warn("NO eIDAS message token found."); + throw new EidasSAuthenticationException("eidas.04", null); + + } + log.trace("Receive eIDAS-node token: " + tokenBase64 + " Starting transaction-restore process ... "); + + final SpecificCommunicationService specificConnectorCommunicationService = + (SpecificCommunicationService) context.getBean( + SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString()); + final ILightResponse eidasResponse = specificConnectorCommunicationService.getAndRemoveResponse( + tokenBase64, + ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes())); + + String pendingReqId = null; + if (StringUtils.isEmpty(eidasResponse.getRelayState())) { + log.debug("eIDAS Node returns no RelayState. "); + + if (authConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER, + false)) { + log.trace("Use lightRequestId to recover session ... "); + pendingReqId = transactionStorage.get(eidasResponse.getInResponseToId(), String.class); + if (StringUtils.isNotEmpty(pendingReqId)) { + log.debug("Restoring session with lightRequestId ... "); + transactionStorage.remove(eidasResponse.getInResponseToId()); + + } + } + + } else { + log.debug("Find transaction identifier in SAML2 'RelayState': " + eidasResponse.getRelayState()); + pendingReqId = eidasResponse.getRelayState(); + + } + + if (StringUtils.isNotEmpty(pendingReqId)) { + request.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse); + return pendingReqId; + + } + + log.info("NO transaction identifier found! Stopping process ...."); + log.trace("FullResponse: " + eidasResponse.toString()); + + } catch (final SpecificCommunicationException e) { + log.warn("Can NOT load eIDAS Response from cache.", e); + log.debug("eIDAS response token was: " + request.getParameter(EidasParameterKeys.TOKEN.toString())); + + } catch (final Exception e) { + log.warn("Unable to retrieve moa session id.", e); + + } + + return null; + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/ErnbEidData.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/ErnbEidData.java new file mode 100644 index 00000000..6c7eeb6b --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/ErnbEidData.java @@ -0,0 +1,115 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; + +import java.text.SimpleDateFormat; + +import org.joda.time.DateTime; + +import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; + +public class ErnbEidData { + + private String citizenCountryCode = null; + + // MDS + private String pseudonym = null; + private String givenName = null; + private String familyName = null; + private DateTime dateOfBirth = null; + + // additional attributes + private String placeOfBirth = null; + private String birthName = null; + private PostalAddressType address = null; + + public String getCitizenCountryCode() { + return citizenCountryCode; + } + + public void setCitizenCountryCode(String citizenCountryCode) { + this.citizenCountryCode = citizenCountryCode; + } + + public String getPseudonym() { + return pseudonym; + } + + public void setPseudonym(String pseudonym) { + this.pseudonym = pseudonym; + } + + public String getGivenName() { + return givenName; + } + + public void setGivenName(String givenName) { + this.givenName = givenName; + } + + public String getFamilyName() { + return familyName; + } + + public void setFamilyName(String familyName) { + this.familyName = familyName; + } + + public DateTime getDateOfBirth() { + return dateOfBirth; + } + + public void setDateOfBirth(DateTime dateOfBirth) { + this.dateOfBirth = dateOfBirth; + } + + public String getPlaceOfBirth() { + return placeOfBirth; + } + + public void setPlaceOfBirth(String placeOfBirth) { + this.placeOfBirth = placeOfBirth; + } + + public String getBirthName() { + return birthName; + } + + public void setBirthName(String birthName) { + this.birthName = birthName; + } + + public PostalAddressType getAddress() { + return address; + } + + public void setAddress(PostalAddressType address) { + this.address = address; + } + + public String getFormatedDateOfBirth() { + return new SimpleDateFormat("yyyy-MM-dd").format(dateOfBirth.toDate()); + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPostProcessingException.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPostProcessingException.java new file mode 100644 index 00000000..f4c0be67 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPostProcessingException.java @@ -0,0 +1,40 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; + +public class EidPostProcessingException extends EidasSAuthenticationException { + + private static final long serialVersionUID = 6780652273831172456L; + + public EidPostProcessingException(String internalMsgId, Object[] params) { + super(internalMsgId, params); + + } + + public EidPostProcessingException(String internalMsgId, Object[] params, Throwable e) { + super(internalMsgId, params, e); + + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidasAttributeException.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidasAttributeException.java new file mode 100644 index 00000000..49736d58 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidasAttributeException.java @@ -0,0 +1,34 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; + +public class EidasAttributeException extends EidasSAuthenticationException { + private static final long serialVersionUID = 1L; + + public EidasAttributeException(String attrbuteName) { + super("eidas.00", new Object[] { attrbuteName }); + + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidasSAuthenticationException.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidasSAuthenticationException.java new file mode 100644 index 00000000..8ff218e3 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidasSAuthenticationException.java @@ -0,0 +1,41 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; + +import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; + +public class EidasSAuthenticationException extends EaafAuthenticationException { + + + private static final long serialVersionUID = 1L; + + public EidasSAuthenticationException(String internalMsgId, Object[] params) { + super(internalMsgId, params); + } + + public EidasSAuthenticationException(String internalMsgId, Object[] params, Throwable e) { + super(internalMsgId, params, e); + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidasValidationException.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidasValidationException.java new file mode 100644 index 00000000..2988dd6f --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidasValidationException.java @@ -0,0 +1,34 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; + +public class EidasValidationException extends EidasSAuthenticationException { + + private static final long serialVersionUID = 1L; + + public EidasValidationException(String internalMsgId, Object[] params) { + super(internalMsgId, params); + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/SqliteServiceException.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/SqliteServiceException.java new file mode 100644 index 00000000..d48abec9 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/SqliteServiceException.java @@ -0,0 +1,40 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; + +public class SqliteServiceException extends EidasSAuthenticationException { + + private static final long serialVersionUID = 2278259367925102676L; + + public SqliteServiceException(String internalMsgId, Object[] params, Throwable e) { + super(internalMsgId, params, e); + + } + + public SqliteServiceException(String internalMsgId, Object[] params) { + super(internalMsgId, params); + + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/SzrCommunicationException.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/SzrCommunicationException.java new file mode 100644 index 00000000..c736cadb --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/SzrCommunicationException.java @@ -0,0 +1,38 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; + +public class SzrCommunicationException extends EidasSAuthenticationException { + + private static final long serialVersionUID = 1L; + + public SzrCommunicationException(String internalMsgId, Object[] params) { + super(internalMsgId, params); + } + + public SzrCommunicationException(String internalMsgId, Object[] params, Throwable e) { + super(internalMsgId, params, e); + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java new file mode 100644 index 00000000..323a37e2 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java @@ -0,0 +1,418 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import java.nio.charset.StandardCharsets; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.Base64; +import java.util.Map; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.lang.NonNull; + +import com.google.common.collect.ImmutableSortedSet; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.impl.data.Triple; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.light.impl.LightRequest.Builder; +import eu.eidas.auth.commons.protocol.eidas.SpType; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; + +public abstract class AbstractEidProcessor implements INationalEidProcessor { + private static final Logger log = LoggerFactory.getLogger(AbstractEidProcessor.class); + + @Autowired + protected EidasAttributeRegistry attrRegistry; + @Autowired + protected IConfigurationWithSP basicConfig; + + @Override + public final void preProcess(IRequest pendingReq, Builder authnRequestBuilder) { + + buildLevelOfAssurance(pendingReq.getServiceProviderConfiguration(), authnRequestBuilder); + buildProviderNameAndRequesterIdAttribute(pendingReq, authnRequestBuilder); + buildRequestedAttributes(authnRequestBuilder); + + } + + + @Override + public final ErnbEidData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException, + EidasAttributeException { + final ErnbEidData result = new ErnbEidData(); + + final Object eIdentifierObj = eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + final Triple<String, String, String> eIdentifier = + EidasResponseUtils.parseEidasPersonalIdentifier((String) eIdentifierObj); + result.setCitizenCountryCode(eIdentifier.getFirst()); + + // MDS attributes + result.setPseudonym(processPseudonym(eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))); + result.setFamilyName(processFamilyName(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))); + result.setGivenName(processGivenName(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME))); + result.setDateOfBirth(processDateOfBirth(eidasAttrMap.get(Constants.eIDAS_ATTR_DATEOFBIRTH))); + + // additional attributes + result.setPlaceOfBirth(processPlaceOfBirth(eidasAttrMap.get(Constants.eIDAS_ATTR_PLACEOFBIRTH))); + result.setBirthName(processBirthName(eidasAttrMap.get(Constants.eIDAS_ATTR_BIRTHNAME))); + result.setAddress(processAddress(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTADDRESS))); + + return result; + + } + + + /** + * Get a Map of country-specific requested attributes. + * + * @return + */ + @NonNull + protected abstract Map<String, Boolean> getCountrySpecificRequestedAttributes(); + + /** + * Post-Process the eIDAS CurrentAddress attribute. + * + * @param currentAddressObj eIDAS current address information + * @return current address or null if no attribute is available + * @throws EidPostProcessingException if post-processing fails + * @throws EidasAttributeException if eIDAS attribute is of a wrong type + */ + protected PostalAddressType processAddress(Object currentAddressObj) throws EidPostProcessingException, + EidasAttributeException { + + if (currentAddressObj != null) { + if (currentAddressObj instanceof PostalAddress) { + final PostalAddressType result = new PostalAddressType(); + result.setPostalCode(((PostalAddress) currentAddressObj).getPostCode()); + result.setMunicipality(((PostalAddress) currentAddressObj).getPostName()); + + // TODO: add more mappings + + return result; + + } else { + log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_CURRENTADDRESS + " is of WRONG type"); + throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTADDRESS); + + } + + } else { + log.debug("NO '" + Constants.eIDAS_ATTR_CURRENTADDRESS + "' attribute. Post-Processing skipped ... "); + } + + return null; + + } + + /** + * Post-Process the eIDAS BirthName attribute. + * + * @param birthNameObj eIDAS birthname information + * @return birthName or null if no attribute is available + * @throws EidPostProcessingException if post-processing fails + * @throws EidasAttributeException if eIDAS attribute is of a wrong type + */ + protected String processBirthName(Object birthNameObj) throws EidPostProcessingException, + EidasAttributeException { + if (birthNameObj != null) { + if (birthNameObj instanceof String) { + return (String) birthNameObj; + + } else { + log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_BIRTHNAME + " is of WRONG type"); + throw new EidasAttributeException(Constants.eIDAS_ATTR_BIRTHNAME); + + } + + } else { + log.debug("NO '" + Constants.eIDAS_ATTR_BIRTHNAME + "' attribute. Post-Processing skipped ... "); + } + + return null; + + } + + /** + * Post-Process the eIDAS PlaceOfBirth attribute. + * + * @param placeOfBirthObj eIDAS Place-of-Birth information + * @return place of Birth or null if no attribute is available + * @throws EidPostProcessingException if post-processing fails + * @throws EidasAttributeException if eIDAS attribute is of a wrong type + */ + protected String processPlaceOfBirth(Object placeOfBirthObj) throws EidPostProcessingException, + EidasAttributeException { + if (placeOfBirthObj != null) { + if (placeOfBirthObj instanceof String) { + return (String) placeOfBirthObj; + + } else { + log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_PLACEOFBIRTH + " is of WRONG type"); + throw new EidasAttributeException(Constants.eIDAS_ATTR_PLACEOFBIRTH); + + } + + } else { + log.debug("NO '" + Constants.eIDAS_ATTR_PLACEOFBIRTH + "' attribute. Post-Processing skipped ... "); + } + + return null; + + } + + /** + * Post-Process the eIDAS DateOfBirth attribute. + * + * @param dateOfBirthObj eIDAS date-of-birth attribute information + * @return formated user's date-of-birth + * @throws EidasAttributeException if NO attribute is available + * @throws EidPostProcessingException if post-processing fails + */ + protected DateTime processDateOfBirth(Object dateOfBirthObj) throws EidPostProcessingException, + EidasAttributeException { + if (dateOfBirthObj == null || !(dateOfBirthObj instanceof DateTime)) { + throw new EidasAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); + } + + return (DateTime) dateOfBirthObj; + + } + + /** + * Post-Process the eIDAS GivenName attribute. + * + * @param givenNameObj eIDAS givenName attribute information + * @return formated user's givenname + * @throws EidasAttributeException if NO attribute is available + * @throws EidPostProcessingException if post-processing fails + */ + protected String processGivenName(Object givenNameObj) throws EidPostProcessingException, + EidasAttributeException { + if (givenNameObj == null || !(givenNameObj instanceof String)) { + throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); + } + + return (String) givenNameObj; + + } + + /** + * Post-Process the eIDAS FamilyName attribute. + * + * @param familyNameObj eIDAS familyName attribute information + * @return formated user's familyname + * @throws EidasAttributeException if NO attribute is available + * @throws EidPostProcessingException if post-processing fails + */ + protected String processFamilyName(Object familyNameObj) throws EidPostProcessingException, + EidasAttributeException { + if (familyNameObj == null || !(familyNameObj instanceof String)) { + throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); + } + + return (String) familyNameObj; + + } + + /** + * Post-Process the eIDAS pseudonym to ERnB unique identifier. + * + * @param personalIdObj eIDAS PersonalIdentifierAttribute + * @return Unique personal identifier without country-code information + * @throws EidasAttributeException if NO attribute is available + * @throws EidPostProcessingException if post-processing fails + */ + protected String processPseudonym(Object personalIdObj) throws EidPostProcessingException, + EidasAttributeException { + if (personalIdObj == null || !(personalIdObj instanceof String)) { + throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + } + + final Triple<String, String, String> eIdentifier = + EidasResponseUtils.parseEidasPersonalIdentifier((String) personalIdObj); + + return eIdentifier.getThird(); + + } + + /** + * Set ProviderName and RequestId into eIDAS AuthnRequest. + * + * @param pendingReq Current pendingRequest + * @param authnRequestBuilder AuthnREquest builer + */ + protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) { + final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); + + // set correct SPType for requested target sector + final String publicSectorTargetSelector = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS, + Constants.POLICY_DEFAULT_ALLOWED_TARGETS); + final Pattern p = Pattern.compile(publicSectorTargetSelector); + final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier()); + if (m.matches()) { + log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'"); + authnRequestBuilder.spType(SpType.PUBLIC.getValue()); + + final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME, + false)) { + //TODO: only for eIDAS ref. node 2.0 and 2.1 because it need 'Providername' for + if (StringUtils.isNotEmpty(providerName)) { + log.debug("Set 'providername' to: {}", providerName); + authnRequestBuilder.providerName(providerName); + + } else { + authnRequestBuilder.providerName(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, + Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP)); + + } + } + + } else { + log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PrivateSector'"); + authnRequestBuilder.spType(SpType.PRIVATE.getValue()); + + // TODO: switch to RequesterId in further version + // set provider name for private sector applications + final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); + if (StringUtils.isNotEmpty(providerName)) { + authnRequestBuilder.providerName(providerName); + + } + + authnRequestBuilder.requesterId( + generateRequesterId(pendingReq.getRawData(Constants.DATA_REQUESTERID, String.class))); + + } + } + + private String generateRequesterId(String requesterId) { + if (requesterId != null && basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION, true)) { + try { + log.trace("Building hashed 'requesterId' for private SP ... "); + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + String encodedRequesterId = Base64.getEncoder().encodeToString( + digest.digest(requesterId.getBytes(StandardCharsets.UTF_8))); + log.debug("Set 'requesterId' for: {} to: {}", requesterId, encodedRequesterId); + return encodedRequesterId; + + } catch (NoSuchAlgorithmException e) { + log.error("Can NOT generate hashed 'requesterId' from: {}. Use it as it is", requesterId, e); + + } + + } + + return requesterId; + + } + + + private void buildRequestedAttributes(Builder authnRequestBuilder) { + // build and add requested attribute set + final Map<String, Boolean> ccSpecificReqAttr = getCountrySpecificRequestedAttributes(); + log.debug("Get #{} country-specific requested attributes", ccSpecificReqAttr.size()); + + final Map<String, Boolean> mdsReqAttr = attrRegistry.getDefaultAttributeSetFromConfiguration(); + log.trace("Get #{} default requested attributes", mdsReqAttr.size()); + + // put it together + ccSpecificReqAttr.putAll(mdsReqAttr); + + // convert it to eIDAS attributes + final ImmutableAttributeMap reqAttrMap = translateToEidasAttributes(ccSpecificReqAttr); + authnRequestBuilder.requestedAttributes(reqAttrMap); + + } + + private ImmutableAttributeMap translateToEidasAttributes(final Map<String, Boolean> requiredAttributes) { + final ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder(); + for (final Map.Entry<String, Boolean> attribute : requiredAttributes.entrySet()) { + final String name = attribute.getKey(); + final ImmutableSortedSet<AttributeDefinition<?>> byFriendlyName = attrRegistry + .getCoreAttributeRegistry().getByFriendlyName(name); + if (!byFriendlyName.isEmpty()) { + final AttributeDefinition<?> attributeDefinition = byFriendlyName.first(); + builder.put(AttributeDefinition.builder(attributeDefinition).required(attribute.getValue()).build()); + + } else { + log.warn("Can NOT request UNKNOWN attribute: " + attribute.getKey() + " Ignore it!"); + } + + } + + return builder.build(); + + } + + protected void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) { + // TODO: set matching mode if eIDAS ref. impl. support this method + + // TODO: update if eIDAS ref. impl. supports exact matching for non-notified LoA + // schemes + String loa = EaafConstants.EIDAS_LOA_HIGH; + if (spConfig.getRequiredLoA() != null) { + if (spConfig.getRequiredLoA().isEmpty()) { + log.info("No eIDAS LoA requested. Use LoA HIGH as default"); + } else { + if (spConfig.getRequiredLoA().size() > 1) { + log.info( + "Currently only ONE requested LoA is supported for service provider. Use first one ... "); + } + + loa = spConfig.getRequiredLoA().get(0); + + } + } + + log.debug("Request eIdAS node with LoA: " + loa); + authnRequestBuilder.levelOfAssurance(loa); + + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeEidProcessor.java new file mode 100644 index 00000000..6dc08181 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeEidProcessor.java @@ -0,0 +1,113 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import java.io.UnsupportedEncodingException; +import java.util.Base64; +import java.util.Map; + +import org.apache.commons.codec.DecoderException; +import org.apache.commons.codec.binary.Hex; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.gv.egiz.eaaf.core.impl.data.Triple; + + +public class DeEidProcessor extends AbstractEidProcessor { + private static final Logger log = LoggerFactory.getLogger(DeEidProcessor.class); + private static final String canHandleCC = "DE"; + + private int priority = 1; + + @Override + public int getPriority() { + return priority; + } + + @Override + public boolean canHandle(String countryCode) { + return countryCode != null && countryCode.equalsIgnoreCase(canHandleCC); + + } + + public void setPriority(int priority) { + this.priority = priority; + } + + @Override + public String getName() { + return "DE-PostProcessor"; + + } + + @Override + protected String processPseudonym(Object uniqeIdentifierObj) throws EidPostProcessingException, + EidasAttributeException { + if (uniqeIdentifierObj == null || !(uniqeIdentifierObj instanceof String)) { + throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + } + + final Triple<String, String, String> eIdentifier = + EidasResponseUtils.parseEidasPersonalIdentifier((String) uniqeIdentifierObj); + + log.trace(getName() + " starts processing of attribute: " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + final String result = convertDeIdentifier(eIdentifier.getThird()); + log.debug(getName() + " finished processing of attribute: " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + + return result; + + } + + private String convertDeIdentifier(String hexEncodedDeIdentifier) throws EidPostProcessingException { + if (hexEncodedDeIdentifier.length() != 64) { + throw new EidPostProcessingException("ernb.03", new Object[] { + "Input has wrong length, expected 64 chars" }); + } + + byte[] data; + try { + data = Hex.decodeHex(hexEncodedDeIdentifier); + final byte[] encoded = Base64.getEncoder().encode(data); + return new String(encoded, "UTF-8"); + + } catch (final DecoderException | UnsupportedEncodingException e) { + throw new EidPostProcessingException("ernb.03", null, e); + + } + + + } + + @Override + protected Map<String, Boolean> getCountrySpecificRequestedAttributes() { + return attrRegistry.getAttributeSetFromConfiguration(canHandleCC); + + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/GenericEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/GenericEidProcessor.java new file mode 100644 index 00000000..69949435 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/GenericEidProcessor.java @@ -0,0 +1,61 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import java.util.HashMap; +import java.util.Map; + +public class GenericEidProcessor extends AbstractEidProcessor { + + private int priority = 0; + + @Override + public int getPriority() { + return priority; + + } + + @Override + public boolean canHandle(String countryCode) { + return true; + + } + + public void setPriority(int priority) { + this.priority = priority; + } + + @Override + public String getName() { + return "Default-PostProcessor"; + + } + + @Override + protected Map<String, Boolean> getCountrySpecificRequestedAttributes() { + return new HashMap<>(); + + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/INationalEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/INationalEidProcessor.java new file mode 100644 index 00000000..577efbcd --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/INationalEidProcessor.java @@ -0,0 +1,81 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import java.util.Map; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.gv.egiz.eaaf.core.api.IRequest; +import eu.eidas.auth.commons.light.ILightRequest; +import eu.eidas.auth.commons.light.impl.LightRequest.Builder; + +public interface INationalEidProcessor { + + /** + * Get a friendlyName of this post-processor implementation. + * + * @return + */ + String getName(); + + /** + * Get the priority of this eID Post-Processor <br> + * If more than one Post-Processor implementations can handle the eID data, the + * post-processor with the highest priority are selected. The Default-Processor + * has priority '0' + * + * @return Priority of this handler + */ + int getPriority(); + + /** + * Check if this postProcessor is sensitive for a specific country. + * + * @param countryCode of the eID data that should be processed + * @return true if this implementation can handle the country, otherwise false + * + */ + boolean canHandle(String countryCode); + + /** + * Post-Process eIDAS eID data into national format. + * + * @param eidasAttrMap Map of eIDAS attributes in format friendlyName and + * attribute + * @throws EidPostProcessingException In case of a post-processing error + * @throws EidasAttributeException In case of an invalid eIDAS attribute + */ + ErnbEidData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException, + EidasAttributeException; + + /** + * Pre-Process eIDAS Request to national requirements. + * + * @param pendingReq current pending request + * @param authnRequestBuilder eIDAS {@link ILightRequest} builder + */ + void preProcess(IRequest pendingReq, Builder authnRequestBuilder); +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/LuEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/LuEidProcessor.java new file mode 100644 index 00000000..8402457f --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/LuEidProcessor.java @@ -0,0 +1,61 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import java.util.HashMap; +import java.util.Map; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.gv.egiz.eaaf.core.api.IRequest; +import eu.eidas.auth.commons.light.impl.LightRequest.Builder; +import lombok.Getter; +import lombok.Setter; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class LuEidProcessor extends AbstractEidProcessor { + + + + private static final String canHandleCC = "LU"; + + @Getter + @Setter + private int priority = 1; + + @Override + public String getName() { + return "LU-PostProcessor"; + + } + + @Override + public boolean canHandle(String countryCode) { + return countryCode != null && countryCode.equalsIgnoreCase(canHandleCC); + + } + + @Override + protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) { + super.buildProviderNameAndRequesterIdAttribute(pendingReq, authnRequestBuilder); + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_REQUESTERID_FOR_LUX, true)) { + String staticName = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, + Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP); + authnRequestBuilder.providerName(staticName); + authnRequestBuilder.requesterId(staticName); + log.debug("Use static name: {} as 'providerName' and 'RequesterId' for all 'LU' requests ", staticName); + + } else { + log.info("Static 'providerName' and 'RequesterId' for country: LU is deactivated"); + + } + + } + + @Override + protected Map<String, Boolean> getCountrySpecificRequestedAttributes() { + return new HashMap<>(); + + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/NlEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/NlEidProcessor.java new file mode 100644 index 00000000..2dd22927 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/NlEidProcessor.java @@ -0,0 +1,54 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; + +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import eu.eidas.auth.commons.light.impl.LightRequest.Builder; +import lombok.Getter; +import lombok.Setter; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class NlEidProcessor extends AbstractEidProcessor { + + + + private static final String canHandleCC = "NL"; + + @Getter + @Setter + private int priority = 1; + + @Override + public String getName() { + return "NL-PostProcessor"; + + } + + @Override + public boolean canHandle(String countryCode) { + return countryCode != null && countryCode.equalsIgnoreCase(canHandleCC); + + } + + protected void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) { + super.buildLevelOfAssurance(spConfig, authnRequestBuilder); + + //check requested level + if (authnRequestBuilder.build().getLevelOfAssurance().equals(EaafConstants.EIDAS_LOA_LOW)) { + log.debug("Upgrade LoA to {}, because NL needs it as minimum.", EaafConstants.EIDAS_LOA_SUBSTANTIAL); + authnRequestBuilder.levelsOfAssuranceValues(Arrays.asList(EaafConstants.EIDAS_LOA_SUBSTANTIAL)); + + } + } + + @Override + protected Map<String, Boolean> getCountrySpecificRequestedAttributes() { + return new HashMap<>(); + + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java new file mode 100644 index 00000000..098e76ce --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java @@ -0,0 +1,211 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.service; + +import java.security.Key; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.Provider; +import java.security.cert.X509Certificate; +import java.time.LocalDateTime; +import java.time.ZoneOffset; +import java.time.temporal.ChronoUnit; +import java.util.Base64; +import java.util.UUID; + +import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.jose4j.lang.JoseException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import com.fasterxml.jackson.annotation.JsonFormat; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import com.fasterxml.jackson.databind.annotation.JsonSerialize; +import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateTimeDeserializer; +import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateTimeSerializer; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import lombok.Data; +import lombok.extern.slf4j.Slf4j; + +/** + * Service to build and sign AuthBlock's for E-ID system. + * + * @author tlenz + * + */ +@Slf4j +@Service("authBlockSigningService") +public class AuthBlockSigningService { + + private static final String KEYSTORE_FRIENDLYNAME = "AuthBlock_Signing"; + + private static ObjectMapper mapper = new ObjectMapper(); + + @Autowired + IConfiguration basicConfig; + + @Autowired + EaafKeyStoreFactory keyStoreFactory; + + + private Pair<KeyStore, Provider> keyStore; + + /** + * Build and sign an AuthBlock for E-ID system. + * + * @param pendingReq data that should be added into AuthBlock + * @return serialized JWS + * @throws JsonProcessingException In case of a AuthBlock generation error + * @throws JoseException In case of a JWS signing error + * @throws EaafException In case of a KeyStore or Key error + */ + public String buildSignedAuthBlock(IRequest pendingReq) + throws JsonProcessingException, EaafException, JoseException { + + //TODO: set Challenge to SAML2 requestId to create link between authentication request and authBlock + + // build AuthBlock + EidasAuchBlock authBlock = new EidasAuchBlock(); + authBlock.setChallenge(UUID.randomUUID().toString()); + authBlock.setTimestamp(LocalDateTime.now(ZoneOffset.UTC).truncatedTo(ChronoUnit.SECONDS)); + authBlock.setUniqueId(pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class)); + authBlock.setPiiTransactionId(pendingReq.getUniquePiiTransactionIdentifier()); + + //set Binding PublicKey if available + Object bindingPubKey = pendingReq.getRawData(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME); + if (bindingPubKey instanceof String) { + authBlock.setBindingPublicKey((String) bindingPubKey); + + } + + String jwsPayload = mapper.writeValueAsString(authBlock); + log.debug("Building and sign authBlock with data: {}", jwsPayload); + + //sign JWS + return JoseUtils + .createSignature(keyStore, getKeyAlias(), getKeyPassword(), jwsPayload, false, + KEYSTORE_FRIENDLYNAME); + } + + + /** + * Get the Base64 encoded PublicKey that is used to sign the AuthBlock. + * + * @return Base64 encoded PublicKey + * @throws EaafKeyAccessException In case of an unknown or invalid key + */ + public String getBase64EncodedPublicKey() throws EaafKeyAccessException { + Pair<Key, X509Certificate[]> keyPair = EaafKeyStoreUtils.getPrivateKeyAndCertificates( + keyStore.getFirst(), getKeyAlias(), getKeyPassword(), true, KEYSTORE_FRIENDLYNAME); + return Base64.getEncoder().encodeToString(keyPair.getSecond()[0].getPublicKey().getEncoded()); + + } + + @PostConstruct + private void initialize() throws KeyStoreException, EaafException { + log.debug("Initializing AuthBlock signing service ... "); + // read Connector wide config data TODO connector wide! + String keyStoreName = basicConfig + .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_NAME); + String keyStorePw = basicConfig + .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_PASSWORD); + String keyStorePath = basicConfig + .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_PATH); + String keyStoreType = basicConfig + .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_TYPE); + + + //build new KeyStore configuration + KeyStoreConfiguration keyStoreConfiguration = new KeyStoreConfiguration(); + keyStoreConfiguration.setFriendlyName(KEYSTORE_FRIENDLYNAME); + + keyStoreConfiguration.setSoftKeyStoreFilePath(keyStorePath); + keyStoreConfiguration.setSoftKeyStorePassword(keyStorePw); + keyStoreConfiguration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.fromString(keyStoreType)); + keyStoreConfiguration.setKeyStoreName(keyStoreName); + + //validate KeyStore configuration + keyStoreConfiguration.validate(); + + //validate key alias + if (StringUtils.isEmpty(getKeyAlias())) { + throw new EaafConfigurationException("config.08", + new Object[] {MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEY_ALIAS}); + + } + + //build new KeyStore based on configuration + keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfiguration); + + //check if Key is accessible + EaafKeyStoreUtils.getPrivateKeyAndCertificates( + keyStore.getFirst(), getKeyAlias(), getKeyPassword(), true, KEYSTORE_FRIENDLYNAME); + + log.info("AuthBlock signing-service successful initialized"); + + } + + private char[] getKeyPassword() { + final String value = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEY_PASSWORD); + if (value != null) { + return value.trim().toCharArray(); + } + + return null; + + } + + + private String getKeyAlias() { + return basicConfig + .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEY_ALIAS); + + } + + /** + * Technical AuthBlock for eIDAS Authentication. + * + * @author tlenz + * + */ + @Data + @JsonInclude(JsonInclude.Include.NON_NULL) + private static class EidasAuchBlock { + + @JsonProperty("challenge") + private String challenge; + + @JsonProperty("timestamp") + @JsonSerialize(using = LocalDateTimeSerializer.class) + @JsonDeserialize(using = LocalDateTimeDeserializer.class) + @JsonFormat(pattern = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'", timezone = "UTC") + private LocalDateTime timestamp; + + @JsonProperty("appId") + private String uniqueId; + + @JsonProperty("piiTransactionId") + private String piiTransactionId; + + @JsonProperty("bindingPublicKey") + private String bindingPublicKey; + + } + + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java new file mode 100644 index 00000000..230d6052 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java @@ -0,0 +1,135 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.service; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; + +import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.stereotype.Service; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.INationalEidProcessor; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.data.Triple; +import eu.eidas.auth.commons.light.impl.LightRequest.Builder; + +@Service +public class CcSpecificEidProcessingService implements ICcSpecificEidProcessingService { + private static final Logger log = LoggerFactory.getLogger(CcSpecificEidProcessingService.class); + + @Autowired + private ApplicationContext context; + + private final List<INationalEidProcessor> handlers = new ArrayList<>(); + + @PostConstruct + private void initialize() { + log.debug("Initialize eID PostProcessing-Service ... "); + final Map<String, INationalEidProcessor> postProcessors = context.getBeansOfType( + INationalEidProcessor.class); + final Iterator<Entry<String, INationalEidProcessor>> iterator = postProcessors.entrySet().iterator(); + while (iterator.hasNext()) { + final Entry<String, INationalEidProcessor> el = iterator.next(); + log.debug("Find eID-PostProcessor with name: " + el.getKey()); + handlers.add(el.getValue()); + + } + + log.trace("Sorting eID-PostProcessors on priority ... "); + Collections.sort(handlers, (thisAuthModule, otherAuthModule) -> { + final int thisOrder = thisAuthModule.getPriority(); + final int otherOrder = otherAuthModule.getPriority(); + return thisOrder < otherOrder ? 1 : thisOrder == otherOrder ? 0 : -1; + }); + + log.info("# " + handlers.size() + " eID PostProcessing services are registrated"); + + } + + @Override + public void preProcess(String selectedCitizenCountry, IRequest pendingReq, Builder authnRequestBuilder) + throws EidPostProcessingException { + if (StringUtils.isEmpty(selectedCitizenCountry)) { + log.info("No CountryCode for eID Pre-Processor. Default Pre-Processor will be used"); + } + + for (final INationalEidProcessor el : handlers) { + if (el.canHandle(selectedCitizenCountry)) { + log.debug("Pre-Process eIDAS request for " + selectedCitizenCountry + " by using: " + el.getName()); + el.preProcess(pendingReq, authnRequestBuilder); + return; + + } + } + + log.error("NO eID PostProcessor FOUND. Looks like a depentency problem!"); + throw new EidPostProcessingException("internal.00", null); + + } + + @Override + public ErnbEidData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException, + EidasAttributeException { + // extract citizen country from eIDAS unique identifier + final Object eIdentifierObj = eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + if (eIdentifierObj == null || !(eIdentifierObj instanceof String)) { + throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + } + + final Triple<String, String, String> eIdentifier = + EidasResponseUtils.parseEidasPersonalIdentifier((String) eIdentifierObj); + final String citizenCountry = eIdentifier.getFirst(); + + if (StringUtils.isEmpty(citizenCountry)) { + log.info("No CountryCode for eID PostProcessor. Default-PostProcessor will be used"); + } + + for (final INationalEidProcessor el : handlers) { + if (el.canHandle(citizenCountry)) { + log.debug("Post-Process eIDAS eID from " + citizenCountry + " by using: " + el.getName()); + return el.postProcess(eidasAttrMap); + + } + } + + log.error("NO eID PostProcessor FOUND. Looks like a depentency problem!"); + throw new EidPostProcessingException("internal.00", null); + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java new file mode 100644 index 00000000..e73491ab --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java @@ -0,0 +1,180 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.service; + +import java.io.File; +import java.text.MessageFormat; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.lang.NonNull; +import org.springframework.stereotype.Service; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import eu.eidas.auth.commons.attribute.AttributeRegistries; +import eu.eidas.auth.commons.attribute.AttributeRegistry; + +@Service("attributeRegistry") +public class EidasAttributeRegistry { + private static final Logger log = LoggerFactory.getLogger(EidasAttributeRegistry.class); + @Autowired + private IConfigurationWithSP basicConfig; + + private AttributeRegistry coreAttributeRegistry; + + private String eidasAttributesFile; + private String additionalAttributesFile; + + @PostConstruct + private void initialize() throws RuntimeException { + try { + if (eidasAttributesFile.isEmpty()) { + log.error("Basic eIDAS addribute definition NOT defined"); + throw new EaafConfigurationException("config.30", + new Object[] { "eidas-attributes.xml" }); + + } + + boolean additionalAttrAvailabe = false; + if (!additionalAttributesFile.isEmpty()) { + final File file = new File(additionalAttributesFile); + if (file.exists()) { + additionalAttrAvailabe = true; + } + + } + + if (!additionalAttrAvailabe) { + log.info("Start eIDAS ref. impl. Core without additional eIDAS attribute definitions ... "); + coreAttributeRegistry = AttributeRegistries.fromFiles(eidasAttributesFile, null); + + } else { + // load attribute definitions + log.info("Start eIDAS ref. impl. Core with additional eIDAS attribute definitions ... "); + coreAttributeRegistry = AttributeRegistries.fromFiles(eidasAttributesFile, null, + additionalAttributesFile); + + } + + } catch (final Throwable e) { + log.error("Can NOT initialize eIDAS attribute definition.", e); + throw new RuntimeException("Can NOT initialize eIDAS attribute definition.", e); + + } + } + + public AttributeRegistry getCoreAttributeRegistry() { + return coreAttributeRegistry; + } + + /** + * Get Map of attributes that are requested by default. + * + * @return Map of AttributeIdentifier, isRequired flag + */ + @NonNull + public Map<String, Boolean> getDefaultAttributeSetFromConfiguration() { + /* + * TODO: select set for representation if mandates should be used. It's an open + * task in respect to requested eIDAS attributes and isRequired flag, because + * there can be a decision problem in case of natural or legal person + * representation! From an Austrian use-case point of view, an Austrian service + * provider can support mandates for natural and legal persons at the same time. + * However, we CAN NOT request attributes for natural AND legal persons on the + * same time, because it's not possible to represent both simultaneously. + */ + final Map<String, String> configAttributes = + basicConfig.getBasicConfigurationWithPrefix( + Constants.CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_DEFAULT_ONLYNATURAL); + return processAttributeInfosFromConfig(configAttributes); + + } + + /** + * Get a Map of attributes that are additionally requested for a specific country. + * + * @param countryCode Country Code + * @return Map of AttributeIdentifier, isRequired flag + */ + @NonNull + public Map<String, Boolean> getAttributeSetFromConfiguration(String countryCode) { + + /* + * TODO: select set for representation if mandates should be used. It's an open + * task in respect to requested eIDAS attributes and isRequired flag, because + * there can be a decision problem in case of natural or legal person + * representation! From an Austrian use-case point of view, an Austrian service + * provider can support mandates for natural and legal persons at the same time. + * However, we CAN NOT request attributes for natural AND legal persons on the + * same time, because it's not possible to represent both simultaneously. + */ + final Map<String, String> configAttributes = + basicConfig.getBasicConfigurationWithPrefix( + MessageFormat.format( + Constants.CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_CC_SPECIFIC_ONLYNATURAL, + countryCode.toLowerCase())); + return processAttributeInfosFromConfig(configAttributes); + + } + + private Map<String, Boolean> processAttributeInfosFromConfig(Map<String, String> configAttributes) { + + final Map<String, Boolean> result = new HashMap<>(); + for (final String el : configAttributes.values()) { + if (StringUtils.isNotEmpty(el.trim())) { + final List<String> attrDef = KeyValueUtils.getListOfCsvValues(el.trim()); + boolean isRequired = false; + if (attrDef.size() == 2) { + isRequired = Boolean.parseBoolean(attrDef.get(1)); + } + + result.put(attrDef.get(0), isRequired); + + } + } + + log.trace("Load #" + result.size() + " requested attributes from configuration"); + return result; + + } + + public void setEidasAttributesFile(String eidasAttributesFile) { + this.eidasAttributesFile = eidasAttributesFile; + } + + public void setAdditionalAttributesFile(String additionalAttributesFile) { + this.additionalAttributesFile = additionalAttributesFile; + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasDataStore.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasDataStore.java new file mode 100644 index 00000000..549aa65c --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasDataStore.java @@ -0,0 +1,363 @@ +/* + * Copyright 2018 A-SIT Plus GmbH AT-specific eIDAS Connector has been developed + * in a cooperation between EGIZ, A-SIT Plus GmbH, A-SIT, and Graz University of + * Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. You may + * obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. The "NOTICE" text file + * is part of the distribution. Any derivative works that you distribute must + * include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.service; + +//import java.io.File; +//import java.io.IOException; +//import java.sql.Connection; +//import java.sql.DriverManager; +//import java.sql.PreparedStatement; +//import java.sql.ResultSet; +//import java.sql.SQLException; +//import java.sql.Statement; +//import java.time.Instant; +//import java.util.Properties; +// +//import javax.annotation.PostConstruct; +// +//import org.slf4j.Logger; +//import org.slf4j.LoggerFactory; +//import org.springframework.beans.factory.annotation.Autowired; +//import org.springframework.stereotype.Component; +//import org.sqlite.SQLiteConfig; +//import org.sqlite.SQLiteConfig.LockingMode; +//import org.sqlite.SQLiteConfig.SynchronousMode; +//import org.sqlite.SQLiteErrorCode; +// +//import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +//import at.asitplus.eidas.specific.modules.auth.eidas.v2.DAO.eIDASPersonalIdStoreDAO; +//import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SQLiteServiceException; +//import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +//import at.gv.egiz.eaaf.core.impl.data.Pair; +//import at.gv.egiz.eaaf.core.impl.data.Trible; +// +//@Component +//@Deprecated +//public class EidasDataStore { +// +// private static final String SQLITE_JDBC_DRIVER_CLASS = "org.sqlite.JDBC"; +// private static final String SQLITE_CONNECTION_PARAM = "jdbc:sqlite:%s"; +// private static final boolean sleep = true; +// private static final int howLongToSleepOnBusyLock_ = 100; +// +// private static final Logger log = LoggerFactory.getLogger(EidasDataStore.class); +// +// @Autowired +// private IConfiguration basicConfig; +// +// private String connectionUrl; +// private Connection conn = null; +// +// @PostConstruct +// private void initialize() throws SQLiteServiceException { +// try { +// final String sqlLiteDbUrl = basicConfig.getBasicConfiguration( +// Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_URL, +// basicConfig.getConfigurationRootDirectory().toString() + "/sqlite/database.db" +// +// ); +// +// log.info("Use SQLite database with URL: " + sqlLiteDbUrl); +// +// // check if SQLite lib is in Classpath +// Class.forName(SQLITE_JDBC_DRIVER_CLASS); +// +// // open DB connection +// boolean isNewFileCreated = false; +// +// // open file or create file if not already exists +// final File dbFile = new File(sqlLiteDbUrl); +// if (!dbFile.exists()) { +// log.info("SQLite database does not exist. Creating new database file ... "); +// dbFile.createNewFile(); +// isNewFileCreated = true; +// +// } +// +// // open database connection +// connectionUrl = String.format(SQLITE_CONNECTION_PARAM, dbFile.getPath()); +// +// // create DB scheme if new DB file was created +// if (isNewFileCreated) { +// executeUpdate(startConnection().createStatement(), eIDASPersonalIdStoreDAO.CREATE); +// log.debug("SQLite db scheme created"); +// +// } +// +// } catch (final ClassNotFoundException e) { +// log.warn("Can NOT initialize SQLite database for temporarly identity mapping. ", e); +// throw new SQLiteServiceException("internal.05", new Object[] { e.getMessage() }, e); +// +// } catch (SQLException | IOException e) { +// log.warn("Can NOT initialize SQLite database for temporarly identity mapping. ", e); +// throw new SQLiteServiceException("internal.05", new Object[] { e.getMessage() }, e); +// +// } +// +// } +// +// /** +// * Store a mapping entry with eIDAS personal identifier (source country / +// * destination country / personal identifier) and the identifier that is used +// * for ERnB communication. +// * +// * @param transactionId Id of this authentication transaction +// * @param eidasId eIDAS personal identifier without country prefixes +// * @param ernbId personal identifier that is used to request the ERnB +// * @throws SQLiteServiceException In case of a database error +// */ +// public void storeNationalId(String transactionId, Trible<String, String, String> eidasId, String ernbId) +// throws SQLiteServiceException { +// try { +// final PreparedStatement preStatment = startConnection().prepareStatement( +// eIDASPersonalIdStoreDAO.INSERT, +// Statement.RETURN_GENERATED_KEYS); +// +// for (int i = 1; i <= eIDASPersonalIdStoreDAO.TABLE_COLS.size(); i++) { +// final Pair<String, eIDASPersonalIdStoreDAO.T> col = eIDASPersonalIdStoreDAO.TABLE_COLS.get(i - 1); +// if (col.getFirst().equals(eIDASPersonalIdStoreDAO.COLS.timestamp.name())) { +// preStatment.setDate(i, new java.sql.Date(Instant.now().toEpochMilli())); +// } else if (col.getFirst().equals(eIDASPersonalIdStoreDAO.COLS.transactionId.name())) { +// preStatment.setString(i, transactionId); +// } else if (col.getFirst().equals(eIDASPersonalIdStoreDAO.COLS.eidasId.name())) { +// preStatment.setString(i, eidasId.getThird()); +// } else if (col.getFirst().equals(eIDASPersonalIdStoreDAO.COLS.eidasSourceCountry.name())) { +// preStatment.setString(i, eidasId.getFirst()); +// } else if (col.getFirst().equals(eIDASPersonalIdStoreDAO.COLS.eidasDestinationCountry.name())) { +// preStatment.setString(i, eidasId.getSecond()); +// } else if (col.getFirst().equals(eIDASPersonalIdStoreDAO.COLS.ernbId.name())) { +// preStatment.setString(i, ernbId); +// } else { +// log.warn("SQLite table:" + eIDASPersonalIdStoreDAO.NAME + " contains no col with name:" + col +// .getFirst()); +// } +// +// } +// +// // execute SQL query +// final int sqlResult = preStatment.executeUpdate(); +// +// if (sqlResult != 1) { +// log.warn("SQLite query execution FAILED!"); +// throw new SQLiteServiceException("internal.06", new Object[] { "Queryresult is '-1'" }); +// +// } +// +// } catch (SQLiteServiceException | SQLException e) { +// log.warn("SQLite query execution FAILED!", e); +// throw new SQLiteServiceException("internal.05", new Object[] { e.getMessage() }, e); +// +// } +// +// } +// +// /** +// * Get the ERnB related national identifier from mapping database. +// * +// * @param eidasId eIDAS related identifier +// * @return Mapped ERnB identifier +// * @throws SQLiteServiceException In case of a database error +// */ +// public String getErnbNationalId(Trible<String, String, String> eidasId) throws SQLiteServiceException { +// try { +// final PreparedStatement preStatment = startConnection().prepareStatement( +// eIDASPersonalIdStoreDAO.SELECT_BY_EIDAS_RAW_ID, +// Statement.RETURN_GENERATED_KEYS); +// +// preStatment.setString(1, eidasId.getThird()); +// preStatment.setString(2, eidasId.getFirst()); +// +// final ResultSet rs = preStatment.executeQuery(); +// +// if (!rs.next()) { +// return null; +// } else { +// return rs.getString(eIDASPersonalIdStoreDAO.COLS.ernbId.name()); +// } +// +// } catch (SQLiteServiceException | SQLException e) { +// log.warn("SQLite query execution FAILED!", e); +// throw new SQLiteServiceException("internal.05", new Object[] { e.getMessage() }, e); +// +// } +// +// } +// +// /** +// * Get the eIDAS identifier from an ERnB identifier. +// * +// * @param ernbId ERnB specific identifier +// * @return eIDAS unqiue identifier +// * @throws SQLiteServiceException In case of a database error +// */ +// public String getEidasRawNationalId(String ernbId) throws SQLiteServiceException { +// try { +// final PreparedStatement preStatment = startConnection().prepareStatement( +// eIDASPersonalIdStoreDAO.SELECT_BY_ERNB_ID, +// Statement.RETURN_GENERATED_KEYS); +// +// preStatment.setString(1, ernbId); +// +// final ResultSet rs = preStatment.executeQuery(); +// +// if (!rs.next()) { +// return null; +// } else { +// return rs.getString(eIDASPersonalIdStoreDAO.COLS.eidasId.name()); +// } +// +// } catch (SQLiteServiceException | SQLException e) { +// log.warn("SQLite query execution FAILED!", e); +// throw new SQLiteServiceException("internal.05", new Object[] { e.getMessage() }, e); +// +// } +// +// } +// +// private Connection startConnection() throws SQLiteServiceException { +// int i = howLongToSleepOnBusyLock_; +// +// while (true) { +// try { +// if (conn == null) { +// log.info("Initializing SQLite database with URL: " + connectionUrl + " ... "); +// conn = DriverManager.getConnection(connectionUrl, getConnectionProperties()); +// +// } else { +// if (!conn.isValid(10)) { +// log.info("SQLite connection is not valid any more --> restarting connection ..."); +// conn.close(); +// conn = DriverManager.getConnection(connectionUrl, getConnectionProperties()); +// } +// } +// +// log.info("SQLite database connected"); +// return conn; +// +// } catch (final SQLException e) { +// final String msg = e.getLocalizedMessage(); +// if (isBusyLocked(e)) { +// log.warn(msg, e); +// try { +// if (sleep) { +// Thread.sleep(i++); +// } +// +// } catch (final InterruptedException e1) { +// throw new SQLiteServiceException("internal.05", new Object[] { e1.getMessage() }, e1); +// +// } +// continue; +// +// } +// throw new SQLiteServiceException("internal.05", new Object[] { e.getMessage() }, e); +// +// } +// } +// } +// +// /* +// * SQLite query code +// */ +// +// protected Properties getConnectionProperties() { +// final SQLiteConfig config = new SQLiteConfig(); +// config.enforceForeignKeys(true); +// config.setCacheSize(8000); +// config.setLockingMode(LockingMode.NORMAL); +// config.setSharedCache(false); +// config.setReadUncommited(true); +// config.setSynchronous(SynchronousMode.NORMAL); +// return config.toProperties(); +// +// } +// +// private int executeUpdate(Statement statement, String sql) throws SQLiteServiceException { +// final int i = 10; +// +// int rc = -1; +// while (true) { +// try { +// rc = statement.executeUpdate(sql); +// break; +// +// } catch (final SQLException e) { +// try { +// if (executeUpdateError(e, i)) { +// continue; +// } else { +// throw new SQLiteServiceException("internal.06", +// new Object[] { e.getMessage() }, e); +// } +// +// } catch (final SQLiteServiceException e1) { +// log.warn("\n" + sql + "\n" + e1.getMessage()); +// throw e1; +// +// } +// } +// } +// +// return rc; +// +// } +// +// private boolean isBusyLocked(SQLException e) { +// final int eC = e.getErrorCode(); +// +// if (eC == SQLiteErrorCode.SQLITE_LOCKED.code +// || eC == SQLiteErrorCode.SQLITE_BUSY.code) { +// log.trace("SQLite db is busy looked"); +// return true; +// +// } +// +// final String msg = e.getMessage(); +// if (msg.contains("[SQLITE_LOCKED]") || msg.contains("[SQLITE_BUSY]")) { +// log.trace("SQLite db is busy looked"); +// return true; +// } +// +// return false; +// } +// +// private boolean executeUpdateError(SQLException e, int theadSleepCounter) throws SQLiteServiceException { +// if (isBusyLocked(e)) { +// try { +// if (sleep) { +// Thread.sleep(theadSleepCounter++); +// } +// +// } catch (final InterruptedException e1) { +// throw new SQLiteServiceException("internal.05", new Object[] { e1.getMessage() }, e1); +// +// } +// +// return true; +// } +// +// return false; +// +// } +//} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ICcSpecificEidProcessingService.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ICcSpecificEidProcessingService.java new file mode 100644 index 00000000..ebbc15e4 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ICcSpecificEidProcessingService.java @@ -0,0 +1,61 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.service; + +import java.util.Map; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.gv.egiz.eaaf.core.api.IRequest; +import eu.eidas.auth.commons.light.ILightRequest; +import eu.eidas.auth.commons.light.impl.LightRequest.Builder; + +public interface ICcSpecificEidProcessingService { + + /** + * Post-process eIDAS eID attributes into national format. + * + * @param eidasAttrMap Map of eIDAS attributes in format friendlyName and + * attribute + * + * @return eID attributes for SZR request + * @throws EidPostProcessingException In case of a post-processing error + * @throws EidasAttributeException In case of an invalid eIDAS attribute value + */ + ErnbEidData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException, + EidasAttributeException; + + /** + * Pre Process eIDAS request into national requirements. + * + * @param selectedCC Citizen Country from selection + * @param pendingReq current pending request + * @param authnRequestBuilder eIDAS {@link ILightRequest} builder + * @throws EidPostProcessingException In case of a pre-processing error + */ + void preProcess(String selectedCC, IRequest pendingReq, Builder authnRequestBuilder) + throws EidPostProcessingException; + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java new file mode 100644 index 00000000..1f5837d6 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java @@ -0,0 +1,522 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.szr; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.net.URL; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.security.UnrecoverableKeyException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.annotation.PostConstruct; +import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.xml.XMLConstants; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.Marshaller; +import javax.xml.namespace.QName; +import javax.xml.transform.Source; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.stream.StreamResult; +import javax.xml.transform.stream.StreamSource; +import javax.xml.ws.BindingProvider; +import javax.xml.ws.Dispatch; +import javax.xml.ws.handler.Handler; + +import org.apache.commons.lang3.StringUtils; +import org.apache.cxf.configuration.jsse.TLSClientParameters; +import org.apache.cxf.endpoint.Client; +import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.jaxws.DispatchImpl; +import org.apache.cxf.transport.http.HTTPConduit; +import org.apache.cxf.transports.http.configuration.HTTPClientPolicy; +import org.apache.xpath.XPathAPI; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.LoggingHandler; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.XmlNamespaceConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; +import szrservices.GetBPK; +import szrservices.GetBPKResponse; +import szrservices.GetIdentityLinkEidas; +import szrservices.GetIdentityLinkEidasResponse; +import szrservices.IdentityLinkType; +import szrservices.JwsHeaderParam; +import szrservices.ObjectFactory; +import szrservices.PersonInfoType; +import szrservices.SZR; +import szrservices.SZRException_Exception; +import szrservices.SignContent; +import szrservices.SignContentEntry; +import szrservices.SignContentResponseType; + + +@Service("SZRClientForeIDAS") +public class SzrClient { + private static final Logger log = LoggerFactory.getLogger(SzrClient.class); + + private static final String CLIENT_DEFAULT = "DefaultClient"; + private static final String CLIENT_RAW = "RawClient"; + + private static final String ATTR_NAME_VSZ = "urn:eidgvat:attributes.vsz.value"; + private static final String ATTR_NAME_PUBKEYS = "urn:eidgvat:attributes.user.pubkeys"; + private static final String ATTR_NAME_STATUS = "urn:eidgvat:attributes.eid.status"; + private static final String KEY_BC_BIND = "bcBindReq"; + private static final String JOSE_HEADER_USERCERTPINNING_TYPE = "urn:at.gv.eid:bindtype"; + private static final String JOSE_HEADER_USERCERTPINNING_EIDASBIND = "urn:at.gv.eid:eidasBind"; + public static final String ATTR_NAME_MDS = "urn:eidgvat:mds"; + + @Autowired + private IConfiguration basicConfig; + + // client for anything, without identitylink + private SZR szr = null; + + // RAW client is needed for identitylink + private Dispatch<Source> dispatch = null; + + private SzrService szrService = null; + private String szrUrl = null; + private QName qname = null; + + final ObjectMapper mapper = new ObjectMapper(); + + /** + * Get IdentityLink of a person. + * + * @param personInfo Person identification information + * @return IdentityLink + * @throws SzrCommunicationException In case of a SZR error + */ + public IdentityLinkType getIdentityLinkInRawMode(PersonInfoType personInfo) + throws SzrCommunicationException { + try { + final GetIdentityLinkEidas getIdl = new GetIdentityLinkEidas(); + getIdl.setPersonInfo(personInfo); + + final JAXBContext jaxbContext = JAXBContext.newInstance(ObjectFactory.class); + final Marshaller jaxbMarshaller = jaxbContext.createMarshaller(); + + final ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); + jaxbMarshaller.marshal(getIdl, outputStream); + outputStream.flush(); + + final Source source = new StreamSource(new ByteArrayInputStream(outputStream.toByteArray())); + outputStream.close(); + + log.trace("Requesting SZR ... "); + final Source response = dispatch.invoke(source); + log.trace("Receive RAW response from SZR"); + + final byte[] szrResponse = sourceToByteArray(response); + final GetIdentityLinkEidasResponse jaxbElement = (GetIdentityLinkEidasResponse) jaxbContext + .createUnmarshaller().unmarshal(new ByteArrayInputStream(szrResponse)); + + // build response + log.trace(new String(szrResponse, "UTF-8")); + + // ok, we have success + final Document doc = DomUtils.parseDocument( + new ByteArrayInputStream(szrResponse), + true, + XmlNamespaceConstants.ALL_SCHEMA_LOCATIONS + " " + Constants.SZR_SCHEMA_LOCATIONS, + null, null); + final String xpathExpression = "//saml:Assertion"; + final Element nsNode = doc.createElementNS("urn:oasis:names:tc:SAML:1.0:assertion", "saml:NSNode"); + + log.trace("Selecting signed doc " + xpathExpression); + final Element documentNode = (Element) XPathAPI.selectSingleNode(doc, + xpathExpression, nsNode); + log.trace("Signed document: " + DomUtils.serializeNode(documentNode)); + + final IdentityLinkType idl = new IdentityLinkType(); + idl.setAssertion(documentNode); + idl.setPersonInfo(jaxbElement.getGetIdentityLinkReturn().getPersonInfo()); + + return idl; + + } catch (final Exception e) { + log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); + throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); + + } + + } + + /** + * Get bPK of person. + * + * @param personInfo Person identification information + * @param target requested bPK target + * @param vkz Verfahrenskennzeichen + * @return bPK for this person + * @throws SzrCommunicationException In case of a SZR error + */ + public List<String> getBpk(PersonInfoType personInfo, String target, String vkz) + throws SzrCommunicationException { + try { + final GetBPK parameters = new GetBPK(); + parameters.setPersonInfo(personInfo); + parameters.getBereichsKennung().add(target); + parameters.setVKZ(vkz); + final GetBPKResponse result = this.szr.getBPK(parameters); + + return result.getGetBPKReturn(); + + } catch (final SZRException_Exception e) { + log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); + throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); + + } + + } + + /** + * Request a encryped baseId from SRZ. + * + * @param personInfo Minimum dataset of person + * @return encrypted baseId + * @throws SzrCommunicationException In case of a SZR error + */ + public String getEncryptedStammzahl(final PersonInfoType personInfo) + throws SzrCommunicationException { + + final String resp; + try { + resp = this.szr.getStammzahlEncrypted(personInfo, true); + } catch (SZRException_Exception e) { + throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); + } + + if (StringUtils.isEmpty(resp)) { + throw new SzrCommunicationException("ernb.01", new Object[]{"Stammzahl response empty"}); // TODO error handling + } + + return resp; + + } + + /** + * Sign an eidasBind data-structure that combines vsz with user's pubKey and E-ID status. + * + * @param vsz encryped baseId + * @param bindingPubKey binding PublikKey as PKCS1# (ASN.1) container + * @param eidStatus Status of the E-ID + * @param eidData eID information that was used for ERnP registration + * @return bPK for this person + * @throws SzrCommunicationException In case of a SZR error + */ + public String getEidsaBind(final String vsz, final String bindingPubKey, final String eidStatus, + ErnbEidData eidData)throws SzrCommunicationException { + + final Map<String, Object> eidsaBindMap = new HashMap<>(); + eidsaBindMap.put(ATTR_NAME_VSZ, vsz); + eidsaBindMap.put(ATTR_NAME_STATUS, eidStatus); + eidsaBindMap.put(ATTR_NAME_PUBKEYS, Arrays.asList(bindingPubKey)); + eidsaBindMap.put(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, eidData.getCitizenCountryCode()); + injectMdsIfAvailableAndActive(eidsaBindMap, eidData); + + try { + final String serializedEidasBind = mapper.writeValueAsString(eidsaBindMap); + final SignContent req = new SignContent(); + final SignContentEntry eidasBindInfo = new SignContentEntry(); + eidasBindInfo.setKey(KEY_BC_BIND); + eidasBindInfo.setValue(serializedEidasBind); + req.getIn().add(eidasBindInfo); + req.setAppendCert(false); + final JwsHeaderParam eidasBindJoseHeader = new JwsHeaderParam(); + eidasBindJoseHeader.setKey(JOSE_HEADER_USERCERTPINNING_TYPE); + eidasBindJoseHeader.setValue(JOSE_HEADER_USERCERTPINNING_EIDASBIND); + req.getJWSHeaderParam().add(eidasBindJoseHeader); + + log.trace("Requesting SZR to sign bcBind datastructure ... "); + final SignContentResponseType resp = szr.signContent(req.isAppendCert(), req.getJWSHeaderParam(), req.getIn()); + log.trace("Receive SZR response on bcBind siging operation "); + + if (resp == null || resp.getOut() == null + || resp.getOut().isEmpty() + || StringUtils.isEmpty(resp.getOut().get(0).getValue())) { + throw new SzrCommunicationException("ernb.01", new Object[]{"BcBind response empty"}); + } + + return resp.getOut().get(0).getValue(); + + } catch (final JsonProcessingException | SZRException_Exception e) { + log.warn("Requesting bcBind by using SZR FAILED. Reason: {}", e.getMessage(), null, e); + throw new SzrCommunicationException("ernb.02", + new Object[]{e.getMessage()}, e); + } + } + + @PostConstruct + private void initialize() { + log.info("Starting SZR-Client initialization .... "); + final URL url = SzrClient.class.getResource("/szr_client/SZR_v4.0.wsdl"); + + final boolean useTestSzr = basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE, + true); + + if (useTestSzr) { + log.debug("Initializing SZR test environment configuration."); + qname = SzrService.SZRTestumgebung; + szrService = new SzrService(url, new QName("urn:SZRServices", "SZRService")); + szr = szrService.getSzrTestumgebung(); + szrUrl = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_TEST); + + } else { + log.debug("Initializing SZR productive configuration."); + qname = SzrService.SZRProduktionsumgebung; + szrService = new SzrService(url, new QName("urn:SZRServices", "SZRService")); + szr = szrService.getSzrProduktionsumgebung(); + szrUrl = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_PROD); + + } + + // create raw client; + dispatch = szrService.createDispatch(qname, Source.class, javax.xml.ws.Service.Mode.PAYLOAD); + + if (StringUtils.isEmpty(szrUrl)) { + log.error("No SZR service-URL found. SZR-Client initalisiation failed."); + throw new RuntimeException("No SZR service URL found. SZR-Client initalisiation failed."); + + } + + // check if Clients can be initialized + if (szr == null) { + log.error("SZR " + CLIENT_DEFAULT + " is 'NULL'. Something goes wrong"); + throw new RuntimeException("SZR " + CLIENT_DEFAULT + " is 'NULL'. Something goes wrong"); + + } + if (dispatch == null) { + log.error("SZR " + CLIENT_RAW + " is 'NULL'. Something goes wrong"); + throw new RuntimeException("SZR " + CLIENT_RAW + " is 'NULL'. Something goes wrong"); + + } + + // inject handler + log.info("Use SZR service-URL: " + szrUrl); + injectBindingProvider((BindingProvider) szr, CLIENT_DEFAULT); + injectBindingProvider(dispatch, CLIENT_RAW); + + // inject http parameters and SSL context + log.debug("Inject HTTP client settings ... "); + injectHttpClient(szr, CLIENT_DEFAULT); + injectHttpClient(dispatch, CLIENT_RAW); + + log.info("SZR-Client initialization successfull"); + } + + private void injectHttpClient(Object raw, String clientType) { + // extract client from implementation + Client client = null; + if (raw instanceof DispatchImpl<?>) { + client = ((DispatchImpl<?>) raw).getClient(); + } else if (raw instanceof Client) { + client = ClientProxy.getClient(raw); + } else { + throw new RuntimeException("SOAP Client for SZR connection is of UNSUPPORTED type: " + raw.getClass() + .getName()); + } + + // set basic connection policies + final HTTPConduit http = (HTTPConduit) client.getConduit(); + + // set timeout policy + final HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); + httpClientPolicy.setConnectionTimeout( + Integer.parseInt(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION, + Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION)) * 1000); + httpClientPolicy.setReceiveTimeout( + Integer.parseInt(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE, + Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE)) * 1000); + http.setClient(httpClientPolicy); + + // inject SSL context in case of https + if (szrUrl.toLowerCase().startsWith("https")) { + log.debug("Adding SSLContext to client: " + clientType + " ... "); + final TLSClientParameters tlsParams = new TLSClientParameters(); + tlsParams.setSSLSocketFactory(createSslContext(clientType).getSocketFactory()); + http.setTlsClientParameters(tlsParams); + log.info("SSLContext initialized for client: " + clientType); + + } + + } + + private void injectBindingProvider(BindingProvider bindingProvider, String clientType) { + final Map<String, Object> requestContext = bindingProvider.getRequestContext(); + requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, szrUrl); + + log.trace("Adding JAX-WS request/response trace handler to client: " + clientType); + List<Handler> handlerList = bindingProvider.getBinding().getHandlerChain(); + if (handlerList == null) { + handlerList = new ArrayList<>(); + bindingProvider.getBinding().setHandlerChain(handlerList); + + } + + // add logging handler to trace messages if required + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_TRACEMESSAGES, + false)) { + final LoggingHandler loggingHandler = new LoggingHandler(); + handlerList.add(loggingHandler); + + } + bindingProvider.getBinding().setHandlerChain(handlerList); + } + + private SSLContext createSslContext(String clientType) { + try { + final SSLContext context = SSLContext.getInstance("TLS"); + + // initialize key-mangager for SSL client-authentication + KeyManager[] keyManager = null; + final String keyStorePath = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PATH); + final String keyStorePassword = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PASSWORD); + if (StringUtils.isNotEmpty(keyStorePath)) { + log.trace("Find keyStore path: " + keyStorePath + " Injecting SSL client certificate ... "); + try { + final KeyStore keyStore = KeyStoreUtils.loadKeyStore( + FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig.getConfigurationRootDirectory()), + keyStorePassword); + + final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); + kmf.init(keyStore, keyStorePassword.toCharArray()); + keyManager = kmf.getKeyManagers(); + log.debug("SSL client certificate injected to client: " + clientType); + + } catch (KeyStoreException | IOException | UnrecoverableKeyException e) { + log.error("Can NOT load SSL client certificate from path: " + keyStorePath); + throw new RuntimeException("Can NOT load SSL client certificate from path: " + keyStorePath, e); + + } + } else { + log.debug( + "No KeyStore for SSL Client Auth. found. Initializing SSLContext without authentication ... "); + + } + + // initialize SSL TrustStore + TrustManager[] trustManager = null; + final String trustStorePath = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PATH); + final String trustStorePassword = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PASSWORD); + if (StringUtils.isNotEmpty(trustStorePath)) { + log.trace("Find trustStore path: " + trustStorePath + " Injecting SSL TrustStore ... "); + try { + final KeyStore trustStore = KeyStoreUtils.loadKeyStore( + FileUtils.makeAbsoluteUrl(trustStorePath, basicConfig.getConfigurationRootDirectory()), + trustStorePassword); + + final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); + tmf.init(trustStore); + trustManager = tmf.getTrustManagers(); + log.debug("SSL TrustStore injected to client: " + clientType); + + } catch (KeyStoreException | IOException e) { + log.error("Can NOT open SSL TrustStore from path: " + trustStorePath); + throw new RuntimeException("Can NOT open SSL TrustStore from path: " + trustStorePath, e); + + } + + } else { + log.debug("No custom SSL TrustStore found. Initializing SSLContext with JVM default truststore ... "); + + } + + context.init(keyManager, trustManager, new SecureRandom()); + return context; + + } catch (NoSuchAlgorithmException | KeyManagementException e) { + log.error("SSLContext initialization FAILED.", e); + throw new RuntimeException("SSLContext initialization FAILED.", e); + + } + + } + + private void injectMdsIfAvailableAndActive(Map<String, Object> eidsaBindMap, ErnbEidData eidData) { + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SET_MDS_TO_EIDASBIND, false)) { + log.info("Injecting MDS into eidasBind ... "); + final Map<String, Object> mds = new HashMap<>(); + mds.put(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, eidData.getFamilyName()); + mds.put(PvpAttributeDefinitions.GIVEN_NAME_NAME, eidData.getGivenName()); + mds.put(PvpAttributeDefinitions.BIRTHDATE_NAME, eidData.getFormatedDateOfBirth()); + eidsaBindMap.put(ATTR_NAME_MDS, mds); + + } + } + + private byte[] sourceToByteArray(Source result) throws TransformerException { + final TransformerFactory factory = TransformerFactory.newInstance(); + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + final Transformer transformer = factory.newTransformer(); + transformer.setOutputProperty("omit-xml-declaration", "yes"); + transformer.setOutputProperty("method", "xml"); + final ByteArrayOutputStream out = new ByteArrayOutputStream(); + final StreamResult streamResult = new StreamResult(); + streamResult.setOutputStream(out); + transformer.transform(result, streamResult); + return out.toByteArray(); + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrService.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrService.java new file mode 100644 index 00000000..dde868b1 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrService.java @@ -0,0 +1,164 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.szr; + +import java.net.URL; + +import javax.xml.namespace.QName; +import javax.xml.ws.Service; +import javax.xml.ws.WebEndpoint; +import javax.xml.ws.WebServiceClient; +import javax.xml.ws.WebServiceFeature; + +import szrservices.SZR; + +/** + * This class was generated by Apache CXF 3.1.16 2018-07-10T09:36:01.466+02:00 + * Generated source version: 3.1.16 + * + */ +@WebServiceClient(name = "SZRService", + wsdlLocation = "./src/main/resources/szr_client/SZR-1.WSDL", + targetNamespace = "urn:SZRServices") +public class SzrService extends Service { + + public static final URL WSDL_LOCATION; + + public static final QName SERVICE = new QName("urn:SZRServices", "SZRService"); + public static final QName SZRProduktionsumgebung = new QName("urn:SZRServices", "SZRProduktionsumgebung"); + public static final QName SZRTestumgebung = new QName("urn:SZRServices", "SZRTestumgebung"); + public static final QName SZRBusinesspartnerTestumgebung = new QName("urn:SZRServices", + "SZRBusinesspartnerTestumgebung"); + + static { + URL url = SzrService.class.getResource("./src/main/resources/szr_client/SZR-1.WSDL"); + if (url == null) { + url = SzrService.class.getClassLoader().getResource("/szr_client/SZR-1.WSDL"); + } + if (url == null) { + java.util.logging.Logger.getLogger(SzrService.class.getName()) + .log(java.util.logging.Level.INFO, + "Can not initialize the default wsdl from {0}", "/szr_client/SZR-1.WSDL"); + } + WSDL_LOCATION = url; + + } + + public SzrService(URL wsdlLocation) { + super(wsdlLocation, SERVICE); + } + + public SzrService(URL wsdlLocation, QName serviceName) { + super(wsdlLocation, serviceName); + } + + public SzrService() { + super(WSDL_LOCATION, SERVICE); + } + + public SzrService(WebServiceFeature... features) { + super(WSDL_LOCATION, SERVICE, features); + } + + public SzrService(URL wsdlLocation, WebServiceFeature... features) { + super(wsdlLocation, SERVICE, features); + } + + public SzrService(URL wsdlLocation, QName serviceName, WebServiceFeature... features) { + super(wsdlLocation, serviceName, features); + } + + /** + * Get SZR Web-Service. + * + * @return returns SZR + */ + @WebEndpoint(name = "SZRProduktionsumgebung") + public SZR getSzrProduktionsumgebung() { + return super.getPort(SZRProduktionsumgebung, SZR.class); + } + + /** + * Get SZR Web-Service. + * + * @param features A list of {@link javax.xml.ws.WebServiceFeature} to configure + * on the proxy. Supported features not in the + * <code>features</code> parameter will have their default + * values. + * @return returns SZR + */ + @WebEndpoint(name = "SZRProduktionsumgebung") + public SZR getSzrProduktionsumgebung(WebServiceFeature... features) { + return super.getPort(SZRProduktionsumgebung, SZR.class, features); + } + + /** + *Get SZR Web-Service. + * + * @return returns SZR + */ + @WebEndpoint(name = "SZRTestumgebung") + public SZR getSzrTestumgebung() { + return super.getPort(SZRTestumgebung, SZR.class); + } + + /** + * Get SZR Web-Service. + * + * @param features A list of {@link javax.xml.ws.WebServiceFeature} to configure + * on the proxy. Supported features not in the + * <code>features</code> parameter will have their default + * values. + * @return returns SZR + */ + @WebEndpoint(name = "SZRTestumgebung") + public SZR getSzrTestumgebung(WebServiceFeature... features) { + return super.getPort(SZRTestumgebung, SZR.class, features); + } + + /** + * Get SZR Web-Service. + * + * @return returns SZR + */ + @WebEndpoint(name = "SZRBusinesspartnerTestumgebung") + public SZR getSzrBusinesspartnerTestumgebung() { + return super.getPort(SZRBusinesspartnerTestumgebung, SZR.class); + } + + /** + * Get SZR Web-Service. + * + * @param features A list of {@link javax.xml.ws.WebServiceFeature} to configure + * on the proxy. Supported features not in the + * <code>features</code> parameter will have their default + * values. + * @return returns SZR + */ + @WebEndpoint(name = "SZRBusinesspartnerTestumgebung") + public SZR getSzrBusinesspartnerTestumgebung(WebServiceFeature... features) { + return super.getPort(SZRBusinesspartnerTestumgebung, SZR.class, features); + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java new file mode 100644 index 00000000..6b1b96de --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -0,0 +1,503 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import java.io.IOException; +import java.io.InputStream; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.parsers.ParserConfigurationException; + +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.xml.sax.SAXException; + +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSet; + +import at.asitplus.eidas.specific.core.MsConnectorEventCodes; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.AuthBlockSigningService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.gv.e_government.reference.namespace.persondata._20020228.AlternativeNameType; +import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; +import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.AttributeValue; +import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; +import lombok.Data; +import lombok.extern.slf4j.Slf4j; +import szrservices.IdentityLinkType; +import szrservices.PersonInfoType; +import szrservices.TravelDocumentType; + +/** + * Task that creates the IdentityLink for an eIDAS authenticated person. + * + * @author tlenz + */ +@Slf4j +@Component("CreateIdentityLinkTask") +public class CreateIdentityLinkTask extends AbstractAuthServletTask { + + @Autowired + private IConfiguration basicConfig; + @Autowired + private SzrClient szrClient; + @Autowired + private ICcSpecificEidProcessingService eidPostProcessor; + + @Autowired + private AuthBlockSigningService authBlockSigner; + + private static final String EID_STATUS = "urn:eidgvat:eid.status.eidas"; + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv. + * egovernment.moa.id.process.api.ExecutionContext, + * javax.servlet.http.HttpServletRequest, + * javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + final ILightResponse eidasResponse = authProcessData + .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); + + final Map<String, Object> simpleAttrMap = convertEidasAttrToSimpleMap( + eidasResponse.getAttributes().getAttributeMap()); + + // post-process eIDAS attributes + final ErnbEidData eidData = eidPostProcessor.postProcess(simpleAttrMap); + + // write MDS into technical log and revision log + writeMdsLogInformation(eidData); + + //build IdentityLink or VSZ and eidasBind + if (basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) { + SzrResultHolder idlResult = createDummyIdentityLinkForTestDeployment(eidData); + //inject personal-data into session + authProcessData.setIdentityLink(idlResult.getIdentityLink()); + + // set bPK and bPKType into auth session + authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix( + idlResult.getBpK(), pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier())); + authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, + pendingReq.getServiceProviderConfiguration() + .getAreaSpecificTargetIdentifier()); + + } else { + //build SZR request from eIDAS data + final PersonInfoType personInfo = generateSzrRequest(eidData); + + //request SZR based on IDL or E-ID mode + if (pendingReq.getServiceProviderConfiguration() + .isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false)) { + + // get encrypted baseId + String vsz = szrClient.getEncryptedStammzahl(personInfo); + + //write revision-Log entry and extended infos personal-identifier mapping + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_VSZ_RECEIVED); + writeExtendedRevisionLogEntry(simpleAttrMap, eidData); + + + // get eIDAS bind + String signedEidasBind = szrClient.getEidsaBind(vsz, + authBlockSigner.getBase64EncodedPublicKey(), + EID_STATUS, eidData); + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_EIDASBIND_RECEIVED); + authProcessData.setGenericDataToSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, signedEidasBind); + + //get signed AuthBlock + String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq); + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.TECH_AUCHBLOCK_CREATED); + authProcessData.setGenericDataToSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, jwsSignature); + + //inject personal-data into session + authProcessData.setEidProcess(true); + + } else { + //request SZR + SzrResultHolder idlResult = requestSzrForIdentityLink(personInfo); + + //write revision-Log entry for personal-identifier mapping + writeExtendedRevisionLogEntry(simpleAttrMap, eidData); + + //check result-data and write revision-log based on current state + checkStateAndWriteRevisionLog(idlResult); + + //inject personal-data into session + authProcessData.setIdentityLink(idlResult.getIdentityLink()); + authProcessData.setEidProcess(false); + + // set bPK and bPKType into auth session + authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix( + idlResult.getBpK(), pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier())); + authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, + pendingReq.getServiceProviderConfiguration() + .getAreaSpecificTargetIdentifier()); + + } + } + + //add generic info's into session + authProcessData.setForeigner(true); + authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, EidasResponseUtils + .parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)) + .getFirst()); + authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance()); + + // store pending-request + requestStoreage.storePendingRequest(pendingReq); + + + } catch (final EidasAttributeException e) { + throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e); + + } catch (final EaafException e) { + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + + } catch (final Exception e) { + log.error("IdentityLink generation for foreign person FAILED.", e); + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + + } + } + + private void writeExtendedRevisionLogEntry(Map<String, Object> simpleAttrMap, ErnbEidData eidData) { + // write ERnB input-data into revision-log + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) { + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID, + (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym()); + + } + } + + private PersonInfoType generateSzrRequest(ErnbEidData eidData) { + log.debug("Starting connecting SZR Gateway"); + final PersonInfoType personInfo = new PersonInfoType(); + final PersonNameType personName = new PersonNameType(); + final PhysicalPersonType naturalPerson = new PhysicalPersonType(); + final TravelDocumentType eDocument = new TravelDocumentType(); + + naturalPerson.setName(personName); + personInfo.setPerson(naturalPerson); + personInfo.setTravelDocument(eDocument); + + // person information + personName.setFamilyName(eidData.getFamilyName()); + personName.setGivenName(eidData.getGivenName()); + naturalPerson.setDateOfBirth(eidData.getFormatedDateOfBirth()); + eDocument.setIssuingCountry(eidData.getCitizenCountryCode()); + eDocument.setDocumentNumber(eidData.getPseudonym()); + + // eID document information + eDocument.setDocumentType(basicConfig + .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, + Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE)); + + // set PlaceOfBirth if available + if (eidData.getPlaceOfBirth() != null) { + log.trace("Find 'PlaceOfBirth' attribute: " + eidData.getPlaceOfBirth()); + if (basicConfig + .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE, + true)) { + naturalPerson.setPlaceOfBirth(eidData.getPlaceOfBirth()); + log.trace("Adding 'PlaceOfBirth' to ERnB request ... "); + + } + } + + // set BirthName if available + if (eidData.getBirthName() != null) { + log.trace("Find 'BirthName' attribute: " + eidData.getBirthName()); + if (basicConfig + .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE, + true)) { + final AlternativeNameType alternativeName = new AlternativeNameType(); + naturalPerson.setAlternativeName(alternativeName); + alternativeName.setFamilyName(eidData.getBirthName()); + log.trace("Adding 'BirthName' to ERnB request ... "); + + } + } + + return personInfo; + + } + + private SzrResultHolder requestSzrForIdentityLink(PersonInfoType personInfo) + throws SzrCommunicationException, EaafException { + //request IdentityLink from SZR + final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo); + + final Element idlFromSzr = (Element) result.getAssertion(); + IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink(); + + // get bPK from SZR + String bpk = null; + if (basicConfig + .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) { + List<String> bpkList = szrClient + .getBpk(personInfo, pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), + basicConfig + .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined")); + if (!bpkList.isEmpty()) { + bpk = bpkList.get(0); + + } + + + } else { + log.debug("Calculating bPK from baseId ... "); + new BpkBuilder(); + final Pair<String, String> bpkCalc = BpkBuilder + .generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(), + identityLink.getIdentificationType(), + pendingReq.getServiceProviderConfiguration() + .getAreaSpecificTargetIdentifier()); + bpk = bpkCalc.getFirst(); + + } + + return new SzrResultHolder(identityLink, bpk); + + } + + private void checkStateAndWriteRevisionLog(SzrResultHolder idlResult) throws SzrCommunicationException { + // write some infos into revision log + if (idlResult.getIdentityLink() == null) { + log.error("ERnB did not return an identity link."); + throw new SzrCommunicationException("ernb.00", null); + + } + revisionsLogger.logEvent(pendingReq, + MsConnectorEventCodes.SZR_IDL_RECEIVED, + idlResult.getIdentityLink().getSamlAssertion() + .getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID)); + + if (idlResult.getBpK() == null) { + log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration() + .getAreaSpecificTargetIdentifier()); + throw new SzrCommunicationException("ernb.01", null); + + } + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED); + log.debug("ERnB communication was successfull"); + + } + + private String extendBpkByPrefix(String bpk, String type) { + String bpkType = null; + + if (type.startsWith(EaafConstants.URN_PREFIX_WBPK)) { + bpkType = type.substring(EaafConstants.URN_PREFIX_WBPK.length()); + } else if (type.startsWith(EaafConstants.URN_PREFIX_CDID)) { + bpkType = type.substring(EaafConstants.URN_PREFIX_CDID.length()); + } else if (type.startsWith(EaafConstants.URN_PREFIX_EIDAS)) { + bpkType = type.substring(EaafConstants.URN_PREFIX_EIDAS.length()); + } + + if (bpkType != null) { + log.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + bpkType); + return bpkType + ":" + bpk; + + } else { + log.warn("Service Provider Target with: " + type + " is NOT supported. Set bPK as it is ..."); + return bpk; + + } + + } + + private Map<String, Object> convertEidasAttrToSimpleMap( + ImmutableMap<AttributeDefinition<?>, ImmutableSet<? extends AttributeValue<?>>> attributeMap) { + final Map<String, Object> result = new HashMap<>(); + + for (final AttributeDefinition<?> el : attributeMap.keySet()) { + + final Class<?> parameterizedType = el.getParameterizedType(); + if (DateTime.class.equals(parameterizedType)) { + final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el).asList()); + if (attribute != null) { + result.put(el.getFriendlyName(), attribute); + log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + attribute.toString()); + + } else { + log.info("Ignore empty 'DateTime' attribute"); + } + + } else if (PostalAddress.class.equals(parameterizedType)) { + final PostalAddress addressAttribute = EidasResponseUtils + .translateAddressAttribute(el, attributeMap.get(el).asList()); + if (addressAttribute != null) { + result.put(el.getFriendlyName(), addressAttribute); + log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + addressAttribute.toString()); + + } else { + log.info("Ignore empty 'PostalAddress' attribute"); + } + + } else { + final List<String> natPersonIdObj = EidasResponseUtils + .translateStringListAttribute(el, attributeMap.get(el)); + final String stringAttr = natPersonIdObj.get(0); + if (StringUtils.isNotEmpty(stringAttr)) { + result.put(el.getFriendlyName(), stringAttr); + log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + stringAttr); + + } else { + log.info("Ignore empty 'String' attribute"); + } + + } + } + + log.debug("Receive #" + result.size() + " attributes with names: " + result.keySet().toString()); + + return result; + } + + private void writeMdsLogInformation(ErnbEidData eidData) { + // log MDS and country code into technical log + if (basicConfig + .getBasicConfigurationBoolean(MsEidasNodeConstants.PROP_CONFIG_TECHNICALLOG_WRITE_MDS_INTO_TECH_LOG, false)) { + log.info("eIDAS Auth. for user: " + eidData.getGivenName() + " " + eidData.getFamilyName() + " " + eidData + .getFormatedDateOfBirth() + " " + "from " + eidData.getCitizenCountryCode()); + } + + // log MDS and country code into revision log + if (basicConfig + .getBasicConfigurationBoolean(MsEidasNodeConstants.PROP_CONFIG_REVISIONLOG_WRITE_MDS_INTO_REVISION_LOG, + false)) { + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_MDSDATA, + "{" + eidData.getGivenName() + "," + eidData.getFamilyName() + "," + eidData + .getFormatedDateOfBirth() + "," + eidData.getCitizenCountryCode() + "}"); + } + + } + + @Data + private static class SzrResultHolder { + final IIdentityLink identityLink; + final String bpK; + + } + + /** + * Build a dummy IdentityLink and a dummy bPK based on eIDAS information. + * + * <br><br> + * <b>FOR LOCAL TESTING ONLY!!!</b> + * + * @param eidData Information from eIDAS response + * @return IdentityLink and bPK + * @throws ParserConfigurationException In case of an IDL processing error + * @throws SAXException In case of an IDL processing error + * @throws IOException In case of an IDL processing error + * @throws EaafException In case of a bPK generation error + */ + private SzrResultHolder createDummyIdentityLinkForTestDeployment(ErnbEidData eidData) + throws ParserConfigurationException, SAXException, IOException, EaafException { + log.warn("SZR-Dummy IS ACTIVE! IdentityLink is NOT VALID!!!!"); + // create fake IdL + // - fetch IdL template from resources + final InputStream s = CreateIdentityLinkTask.class + .getResourceAsStream("/resources/xmldata/fakeIdL_IdL_template.xml"); + final Element idlTemplate = DomUtils.parseXmlValidating(s); + + IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlTemplate).parseIdentityLink(); + + // replace data + final Element idlassertion = identityLink.getSamlAssertion(); + + // - set fake baseID; + final Node prIdentification = XPathUtils + .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + prIdentification.getFirstChild().setNodeValue(eidData.getPseudonym()); + + // - set last name + final Node prFamilyName = XPathUtils + .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH); + prFamilyName.getFirstChild().setNodeValue(eidData.getFamilyName()); + + // - set first name + final Node prGivenName = XPathUtils + .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH); + prGivenName.getFirstChild().setNodeValue(eidData.getGivenName()); + + // - set date of birth + final Node prDateOfBirth = XPathUtils + .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH); + + prDateOfBirth.getFirstChild().setNodeValue(eidData.getFormatedDateOfBirth()); + + identityLink = new SimpleIdentityLinkAssertionParser(idlassertion).parseIdentityLink(); + + final Pair<String, String> bpkCalc = BpkBuilder + .generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(), + identityLink.getIdentificationType(), + pendingReq.getServiceProviderConfiguration() + .getAreaSpecificTargetIdentifier()); + return new SzrResultHolder(identityLink, bpkCalc.getFirst()); + + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java new file mode 100644 index 00000000..0f1b5432 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java @@ -0,0 +1,274 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import java.util.UUID; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.stereotype.Component; +import org.springframework.web.util.UriComponentsBuilder; + +import at.asitplus.eidas.specific.core.MsConnectorEventCodes; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; +import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import eu.eidas.auth.commons.EidasParameterKeys; +import eu.eidas.auth.commons.light.ILightRequest; +import eu.eidas.auth.commons.light.impl.LightRequest; +import eu.eidas.auth.commons.tx.BinaryLightToken; +import eu.eidas.specificcommunication.BinaryLightTokenHelper; +import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; +import eu.eidas.specificcommunication.exception.SpecificCommunicationException; +import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; +import lombok.extern.slf4j.Slf4j; + +/** + * Authentication-process task that generates the Authn. Request to eIDAS Node. + * + * @author tlenz + * + */ +@Slf4j +@Component("ConnecteIDASNodeTask") +public class GenerateAuthnRequestTask extends AbstractAuthServletTask { + + @Autowired + IConfiguration basicConfig; + @Autowired + ApplicationContext context; + @Autowired + ITransactionStorage transactionStore; + @Autowired + ISpringMvcGuiFormBuilder guiBuilder; + @Autowired + ICcSpecificEidProcessingService ccSpecificProcessing; + + @Override + public void execute(ExecutionContext executionContext, + HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + + try { + // get target, environment and validate citizen countryCode + final String citizenCountryCode = (String) executionContext.get( + MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY); + final String environment = (String) executionContext.get( + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT); + + if (StringUtils.isEmpty(citizenCountryCode)) { + // illegal state; task should not have been executed without a selected country + throw new EidasSAuthenticationException("eidas.03", new Object[] { "" }); + + } + + // TODO: maybe add countryCode validation before request ref. impl. eIDAS node + log.info("Request eIDAS auth. for citizen of country: " + citizenCountryCode); + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.COUNTRY_SELECTED, citizenCountryCode); + + // build eIDAS AuthnRequest + final LightRequest.Builder authnRequestBuilder = LightRequest.builder(); + authnRequestBuilder.id(UUID.randomUUID().toString()); + + // set nameIDFormat + authnRequestBuilder.nameIdFormat( + authConfig.getBasicConfiguration(Constants.CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT)); + + // set citizen country code for foreign uses + authnRequestBuilder.citizenCountryCode(citizenCountryCode); + + //set Issuer + final String issur = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_ENTITYID); + if (StringUtils.isEmpty(issur)) { + log.error("Found NO 'eIDAS node issuer' in configuration. Authentication NOT possible!"); + throw new EaafConfigurationException("config.27", + new Object[] { "Application config containts NO " + Constants.CONIG_PROPS_EIDAS_NODE_ENTITYID }); + + } + authnRequestBuilder.issuer(issur); + + + // Add country-specific informations into eIDAS request + ccSpecificProcessing.preProcess(citizenCountryCode, pendingReq, authnRequestBuilder); + + // build request + final LightRequest lightAuthnReq = authnRequestBuilder.build(); + + // put request into shared cache + final BinaryLightToken token = putRequestInCommunicationCache(lightAuthnReq); + final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token); + + // Workaround for ms-connector staging + injectStagingWorkaroundForMsConnector(); + + // Workaround, because eIDAS node ref. impl. does not return relayState + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER, + false)) { + log.trace("Put lightRequestId into transactionstore as session-handling backup"); + transactionStore.put(lightAuthnReq.getId(), pendingReq.getPendingRequestId(), -1); + + } + + // select forward URL regarding the selected environment + String forwardUrl = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL); + if (StringUtils.isNotEmpty(environment)) { + forwardUrl = selectedForwardUrlForEnvironment(environment); + } + + if (StringUtils.isEmpty(forwardUrl)) { + log.warn("NO ForwardURL defined in configuration. Can NOT forward to eIDAS node! Process stops"); + throw new EaafConfigurationException("config.08", new Object[] { + environment == null ? Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + : Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + "." + environment + }); + + } + log.debug("ForwardURL: " + forwardUrl + " selected to forward eIDAS request"); + + if (basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD, + Constants.FORWARD_METHOD_GET).equals(Constants.FORWARD_METHOD_GET)) { + + log.debug("Use http-redirect for eIDAS node forwarding ... "); + // send redirect + final UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(forwardUrl); + redirectUrl.queryParam(EidasParameterKeys.TOKEN.toString(), tokenBase64); + response.sendRedirect(redirectUrl.build().encode().toString()); + + } else { + log.debug("Use http-post for eIDAS node forwarding ... "); + final StaticGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( + basicConfig, + pendingReq, + Constants.TEMPLATE_POST_FORWARD_NAME, + null, + resourceLoader); + + config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardUrl); + config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME, + EidasParameterKeys.TOKEN.toString()); + config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE, + tokenBase64); + + guiBuilder.build(request, response, config, "Forward to eIDASNode form"); + + } + + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.EIDAS_NODE_CONNECTED, lightAuthnReq.getId()); + + } catch (final EidasSAuthenticationException e) { + throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", e); + + } catch (final Exception e) { + log.warn("eIDAS AuthnRequest generation FAILED.", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + + } + + + private void injectStagingWorkaroundForMsConnector() throws EaafException { + String alternativReturnEndpoint = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_WORKAROUND_STAGING_MS_CONNECTOR); + if (StringUtils.isNotEmpty(alternativReturnEndpoint)) { + log.info("Inject alternative MS-Connector end-point: {}", alternativReturnEndpoint); + pendingReq.setRawDataToTransaction( + MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, alternativReturnEndpoint); + + // store pending request after update + requestStoreage.storePendingRequest(pendingReq); + + } + } + + /** + * Select a forward URL from configuration for a specific environment <br> + * <br> + * <b>Info: </b> This method is needed, because eIDAS Ref. Impl only supports + * one countrycode on each instance. In consequence, more than one eIDAS Ref. + * Impl nodes are required to support producation, testing, or QS stages for one + * country by using one ms-specific eIDAS connector + * + * @param environment Environment selector from CountrySlection page + * @return + */ + private String selectedForwardUrlForEnvironment(String environment) { + log.trace("Starting endpoint selection process for environment: " + environment + " ... "); + if (environment.equalsIgnoreCase(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_PRODUCTION)) { + return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL); + } else if (environment.equalsIgnoreCase(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS)) { + return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + + "." + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS); + } else if (environment.equalsIgnoreCase( + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING)) { + return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + + "." + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING); + } else if (environment.equalsIgnoreCase( + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT)) { + return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + + "." + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT); + } + + log.info("Environment selector: " + environment + " is not supported"); + return null; + + } + + private BinaryLightToken putRequestInCommunicationCache(ILightRequest lightRequest) + throws ServletException { + final BinaryLightToken binaryLightToken; + try { + final SpecificCommunicationService springManagedSpecificConnectorCommunicationService = + (SpecificCommunicationService) context.getBean( + SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString()); + + binaryLightToken = springManagedSpecificConnectorCommunicationService.putRequest(lightRequest); + + } catch (final SpecificCommunicationException e) { + log.error("Unable to process specific request"); + throw new ServletException(e); + + } + + return binaryLightToken; + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java new file mode 100644 index 00000000..c918b7a4 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java @@ -0,0 +1,177 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.stereotype.Component; +import org.springframework.web.util.UriComponentsBuilder; + +import at.asitplus.eidas.specific.core.MsConnectorEventCodes; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.validator.EidasResponseValidator; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import eu.eidas.auth.commons.EidasParameterKeys; +import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.auth.commons.tx.BinaryLightToken; +import eu.eidas.specificcommunication.BinaryLightTokenHelper; +import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; +import eu.eidas.specificcommunication.exception.SpecificCommunicationException; +import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Component("ReceiveResponseFromeIDASNodeTask") +public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { + + @Autowired + ApplicationContext context; + + @Autowired + private IConfiguration basicConfig; + @Autowired + private EidasAttributeRegistry attrRegistry; + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, + HttpServletResponse response) throws TaskExecutionException { + try { + final ILightResponse eidasResponse = (ILightResponse) request.getAttribute( + Constants.DATA_FULL_EIDAS_RESPONSE); + if (eidasResponse == null) { + log.warn("NO eIDAS response-message found."); + throw new EidasSAuthenticationException("eidas.01", null); + + } + + String stagingEndpoint = pendingReq.getRawData( + MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, String.class); + if (StringUtils.isNotEmpty(stagingEndpoint)) { + log.info("Find ms-connector staging to: {}. Forwarding to that endpoint ... ", stagingEndpoint); + forwardToOtherStage(response, executionContext, eidasResponse, stagingEndpoint); + + } else { + executionContext.put(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, false); + processResponseOnThatStage(executionContext, eidasResponse); + + } + + } catch (final EaafException e) { + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_NOT_VALID); + throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e); + + } catch (final Exception e) { + log.warn("eIDAS Response processing FAILED.", e); + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_NOT_VALID); + throw new TaskExecutionException(pendingReq, e.getMessage(), + new EidasSAuthenticationException("eidas.05", new Object[] { e.getMessage() }, e)); + + } + } + + private void forwardToOtherStage(HttpServletResponse response, ExecutionContext executionContext, + ILightResponse eidasResponse, String stagingEndpoint) throws SpecificCommunicationException, IOException { + executionContext.put(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, true); + + final SpecificCommunicationService specificConnectorCommunicationService = + (SpecificCommunicationService) context.getBean( + SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString()); + BinaryLightToken token = specificConnectorCommunicationService.putResponse(eidasResponse); + final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token); + + final UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(stagingEndpoint); + redirectUrl.queryParam(EidasParameterKeys.TOKEN.toString(), tokenBase64); + + log.debug("Forward to other stage .... "); + response.sendRedirect(redirectUrl.build().encode().toString()); + + } + + private void processResponseOnThatStage(ExecutionContext executionContext, ILightResponse eidasResponse) + throws EaafException { + log.debug("Receive eIDAS response with RespId:" + eidasResponse.getId() + " for ReqId:" + eidasResponse + .getInResponseToId()); + log.trace("Full eIDAS-Resp: " + eidasResponse.toString()); + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE, eidasResponse + .getId()); + + // check response StatusCode + if (!eidasResponse.getStatus().getStatusCode().equals(Constants.SUCCESS_URI)) { + log.info("Receice eIDAS Response with StatusCode:" + eidasResponse.getStatus().getStatusCode() + + " Subcode:" + eidasResponse.getStatus().getSubStatusCode() + " Msg:" + eidasResponse.getStatus() + .getStatusMessage()); + throw new EidasSAuthenticationException("eidas.02", new Object[] { eidasResponse.getStatus() + .getStatusCode(), eidasResponse.getStatus().getStatusMessage() }); + + } + + // extract all Attributes from response + + // ********************************************************** + // ******* MS-specificresponse validation ********** + // ********************************************************** + final String spCountry = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, + "AT"); + final String citizenCountryCode = (String) executionContext.get( + MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY); + EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, + attrRegistry); + + // ********************************************************** + // ******* Store resonse infos into session object ********** + // ********************************************************** + + // update MOA-Session data with received information + log.debug("Store eIDAS response information into pending-request."); + final EidAuthProcessDataWrapper authProcessData = pendingReq.getSessionData(EidAuthProcessDataWrapper.class); + authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance()); + authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse); + + + //inject set flag to inject + authProcessData.setTestIdentity( + basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_IS_TEST_IDENTITY, false)); + + // store MOA-session to database + requestStoreage.storePendingRequest(pendingReq); + + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_VALID); + + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java new file mode 100644 index 00000000..c8c5a069 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java @@ -0,0 +1,179 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.utils; + +import java.util.ArrayList; +import java.util.List; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import javax.annotation.Nullable; + +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableSet; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.gv.egiz.eaaf.core.impl.data.Triple; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.AttributeValue; +import eu.eidas.auth.commons.attribute.AttributeValueMarshaller; +import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException; +import eu.eidas.auth.commons.attribute.AttributeValueTransliterator; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; + +public class EidasResponseUtils { + private static final Logger log = LoggerFactory.getLogger(EidasResponseUtils.class); + + public static final String PERSONALIDENIFIER_VALIDATION_PATTERN = "^[A-Z,a-z]{2}/[A-Z,a-z]{2}/.*"; + + /** + * Validate a eIDAS PersonalIdentifier attribute value This validation is done + * according to eIDAS SAML Attribute Profile - Section 2.2.3 Unique Identifier + * + * @param uniqueID eIDAS attribute value of a unique identifier + * @return true if the uniqueID matches to eIDAS to Unique Identifier + * specification, otherwise false + */ + public static boolean validateEidasPersonalIdentifier(String uniqueID) { + final Pattern pattern = Pattern.compile(PERSONALIDENIFIER_VALIDATION_PATTERN); + final Matcher matcher = pattern.matcher(uniqueID); + return matcher.matches(); + + } + + /** + * Parse an eIDAS PersonalIdentifier attribute value into it components. This + * processing is done according to eIDAS SAML Attribute Profile - Section 2.2.3 + * Unique Identifier + * + * @param uniqueID eIDAS attribute value of a unique identifier + * @return {@link Trible} that contains: <br> + * First : citizen country <br> + * Second: destination country <br> + * Third : unique identifier <br> + * or null if the attribute value has a wrong format + */ + public static Triple<String, String, String> parseEidasPersonalIdentifier(String uniqueID) { + if (!validateEidasPersonalIdentifier(uniqueID)) { + log.error("eIDAS attribute value for {} looks wrong formated. Value: {}", + Constants.eIDAS_ATTR_PERSONALIDENTIFIER, uniqueID); + return null; + + } + return Triple.newInstance(uniqueID.substring(0, 2), uniqueID.substring(3, 5), uniqueID.substring(6)); + + } + + /** + * Get eIDAS attribute-values from eIDAS Node attributes. + * + * @param attributeDefinition eIDAS attribute definition + * @param attributeValues Attributes from eIDAS response + * @return Set of attribute values. If more then one value than the first value contains the 'Latin' value. + */ + // TODO: check possible problem with nonLatinCharacters + public static List<String> translateStringListAttribute(AttributeDefinition<?> attributeDefinition, + ImmutableSet<? extends AttributeValue<?>> attributeValues) { + final List<String> stringListAttribute = new ArrayList<>(); + if (attributeValues != null) { + final AttributeValueMarshaller<?> attributeValueMarshaller = attributeDefinition + .getAttributeValueMarshaller(); + for (final AttributeValue<?> attributeValue : attributeValues.asList()) { + String valueString = null; + try { + valueString = attributeValueMarshaller.marshal((AttributeValue) attributeValue); + + log.trace("Find attr: {} with value: {} nonLatinFlag: {} needTransliteration: {}", + attributeDefinition.getFriendlyName(), attributeValue.toString(), + attributeValue.isNonLatinScriptAlternateVersion(), + AttributeValueTransliterator.needsTransliteration(valueString)); + + // if (attributeValue.isNonLatinScriptAlternateVersion()) { + if (!AttributeValueTransliterator.needsTransliteration(valueString)) { + stringListAttribute.add(0, valueString); + + } else { + log.trace("Find 'needsTransliteration' flag. Setting this value at last list element ... "); + stringListAttribute.add(valueString); + + } + + } catch (final AttributeValueMarshallingException e) { + throw new IllegalStateException(e); + + } + } + + log.trace("Extract values: {} for attr: {}", + StringUtils.join(stringListAttribute, ","), attributeDefinition.getFriendlyName()); + + } else { + log.info("Can not extract infos from 'null' attribute value"); + + } + + return stringListAttribute; + + } + + /** + * Convert eIDAS DateTime attribute to Java Object. + * + * @param attributeDefinition eIDAS attribute definition. + * @param attributeValues eIDAS attribute value + * @return + */ + @Nullable + public static DateTime translateDateAttribute(AttributeDefinition<?> attributeDefinition, + ImmutableList<? extends AttributeValue<?>> attributeValues) { + if (attributeValues.size() != 0) { + final AttributeValue<?> firstAttributeValue = attributeValues.get(0); + return (DateTime) firstAttributeValue.getValue(); + + } + + return null; + } + + /** + * Concert eIDAS Address attribute to Java object. + * + * @param attributeDefinition eIDAS attribute definition + * @param attributeValues eIDAS attribute value + * @return + */ + @Nullable + public static PostalAddress translateAddressAttribute(AttributeDefinition<?> attributeDefinition, + ImmutableList<? extends AttributeValue<?>> attributeValues) { + final AttributeValue<?> firstAttributeValue = attributeValues.get(0); + return (PostalAddress) firstAttributeValue.getValue(); + + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/JoseUtils.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/JoseUtils.java new file mode 100644 index 00000000..e81c4c92 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/JoseUtils.java @@ -0,0 +1,305 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.utils; + +import at.gv.egiz.eaaf.core.exception.EaafKeyUsageException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.utils.X509Utils; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; +import org.jose4j.jca.ProviderContext; +import org.jose4j.jwa.AlgorithmConstraints; +import org.jose4j.jws.AlgorithmIdentifiers; +import org.jose4j.jws.JsonWebSignature; +import org.jose4j.jwx.Headers; +import org.jose4j.jwx.JsonWebStructure; +import org.jose4j.keys.resolvers.X509VerificationKeyResolver; +import org.jose4j.lang.JoseException; +import org.springframework.util.Base64Utils; + +import javax.annotation.Nonnull; +import java.io.IOException; +import java.security.Key; +import java.security.KeyStore; +import java.security.Provider; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.RSAPrivateKey; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; + +/** + * {@link JoseUtils} provides static methods JWS and JWE processing. + * + * @author tlenz + * + */ +@Slf4j +public class JoseUtils { + + /** + * Create a JWS signature. + * + * <p> + * Use {@link AlgorithmIdentifiers.RSA_PSS_USING_SHA256} in case + * of a RSA based key and + * {@link AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256} + * in case of an ECC based key. + * </p> + * + * @param keyStore KeyStore that should be used + * @param keyAlias Alias of the private key + * @param keyPassword Password to access the key + * @param payLoad PayLoad to sign + * @param addFullCertChain If true the full certificate chain will be + * added, otherwise only the + * X509CertSha256Fingerprint is added into JOSE + * header + * @param friendlyNameForLogging FriendlyName for the used KeyStore for logging + * purposes only + * @return Signed PayLoad in serialized form + * @throws EaafException In case of a key-access or key-usage error + * @throws JoseException In case of a JOSE error + */ + public static String createSignature(@Nonnull Pair<KeyStore, Provider> keyStore, + @Nonnull final String keyAlias, @Nonnull final char[] keyPassword, + @Nonnull final String payLoad, boolean addFullCertChain, + @Nonnull String friendlyNameForLogging) throws EaafException, JoseException { + return createSignature(keyStore, keyAlias, keyPassword, payLoad, addFullCertChain, Collections.emptyMap(), + AlgorithmIdentifiers.RSA_PSS_USING_SHA256, AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256, + friendlyNameForLogging); + + } + + /** + * Create a JWS signature. + * + * <p> + * Use {@link AlgorithmIdentifiers.RSA_PSS_USING_SHA256} in case + * of a RSA based key and + * {@link AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256} + * in case of an ECC based key. + * </p> + * + * @param keyStore KeyStore that should be used + * @param keyAlias Alias of the private key + * @param keyPassword Password to access the key + * @param payLoad PayLoad to sign + * @param addFullCertChain If true the full certificate chain will be + * added, otherwise only the + * X509CertSha256Fingerprint is added into JOSE + * header + * @param joseHeaders HeaderName and HeaderValue that should be set + * into JOSE header + * @param friendlyNameForLogging FriendlyName for the used KeyStore for logging + * purposes only + * @return Signed PayLoad in serialized form + * @throws EaafException In case of a key-access or key-usage error + * @throws JoseException In case of a JOSE error + */ + public static String createSignature(@Nonnull Pair<KeyStore, Provider> keyStore, + @Nonnull final String keyAlias, @Nonnull final char[] keyPassword, + @Nonnull final String payLoad, boolean addFullCertChain, + @Nonnull final Map<String, String> joseHeaders, + @Nonnull String friendlyNameForLogging) throws EaafException, JoseException { + return createSignature(keyStore, keyAlias, keyPassword, payLoad, addFullCertChain, joseHeaders, + AlgorithmIdentifiers.RSA_PSS_USING_SHA256, AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256, + friendlyNameForLogging); + + } + + /** + * Create a JWS signature. + * + * @param keyStore KeyStore that should be used + * @param keyAlias Alias of the private key + * @param keyPassword Password to access the key + * @param payLoad PayLoad to sign + * @param addFullCertChain If true the full certificate chain will be + * added, otherwise only the + * X509CertSha256Fingerprint is added into JOSE + * header + * @param joseHeaders HeaderName and HeaderValue that should be set + * into JOSE header + * @param rsaAlgToUse Signing algorithm that should be used in case + * of a signing key based on RSA + * @param eccAlgToUse Signing algorithm that should be used in case + * of a signing key based on ECC + * @param friendlyNameForLogging FriendlyName for the used KeyStore for logging + * purposes only + * @return Signed PayLoad in serialized form + * @throws EaafException In case of a key-access or key-usage error + * @throws JoseException In case of a JOSE error + */ + public static String createSignature(@Nonnull Pair<KeyStore, Provider> keyStore, + @Nonnull final String keyAlias, @Nonnull final char[] keyPassword, + @Nonnull final String payLoad, boolean addFullCertChain, + @Nonnull final Map<String, String> joseHeaders, + @Nonnull final String rsaAlgToUse, @Nonnull final String eccAlgToUse, + @Nonnull String friendlyNameForLogging) throws EaafException, JoseException { + + final JsonWebSignature jws = new JsonWebSignature(); + + // set payload + jws.setPayload(payLoad); + + // set JOSE headers + for (final Entry<String, String> el : joseHeaders.entrySet()) { + log.trace("Set JOSE header: {} with value: {} into JWS", el.getKey(), el.getValue()); + jws.setHeader(el.getKey(), el.getValue()); + + } + + // set signing information + final Pair<Key, X509Certificate[]> signingCred = EaafKeyStoreUtils.getPrivateKeyAndCertificates( + keyStore.getFirst(), keyAlias, keyPassword, true, friendlyNameForLogging); + jws.setKey(signingCred.getFirst()); + jws.setAlgorithmHeaderValue(getKeyOperationAlgorithmFromCredential( + jws.getKey(), rsaAlgToUse, eccAlgToUse, friendlyNameForLogging)); + + // set special provider if required + if (keyStore.getSecond() != null) { + log.trace("Injecting special Java Security Provider: {}", keyStore.getSecond().getName()); + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getSuppliedKeyProviderContext().setSignatureProvider( + keyStore.getSecond().getName()); + jws.setProviderContext(providerCtx); + + } + + if (addFullCertChain) { + jws.setCertificateChainHeaderValue(signingCred.getSecond()); + + } + + jws.setX509CertSha256ThumbprintHeaderValue(signingCred.getSecond()[0]); + + return jws.getCompactSerialization(); + + } + + /** + * Verify a JOSE signature. + * + * @param serializedContent Serialized content that should be verified + * @param trustedCerts Trusted certificates that should be used for + * verification + * @param constraints {@link AlgorithmConstraints} for verification + * @return {@link JwsResult} object + * @throws JoseException In case of a signature verification error + * @throws IOException In case of a general error + */ + public static JwsResult validateSignature(@Nonnull final String serializedContent, + @Nonnull final List<X509Certificate> trustedCerts, @Nonnull final AlgorithmConstraints constraints) + throws JoseException, IOException { + final JsonWebSignature jws = new JsonWebSignature(); + // set payload + jws.setCompactSerialization(serializedContent); + + // set security constrains + jws.setAlgorithmConstraints(constraints); + + // load signinc certs + Key selectedKey = null; + final List<X509Certificate> x5cCerts = jws.getCertificateChainHeaderValue(); + final String x5t256 = jws.getX509CertSha256ThumbprintHeaderValue(); + if (x5cCerts != null) { + log.debug("Found x509 certificate in JOSE header ... "); + log.trace("Sorting received X509 certificates ... "); + final List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); + + if (trustedCerts.contains(sortedX5cCerts.get(0))) { + selectedKey = sortedX5cCerts.get(0).getPublicKey(); + + } else { + log.info("Can NOT find JOSE certificate in truststore."); + if (log.isDebugEnabled()) { + try { + log.debug("Cert: {}", Base64Utils.encodeToString(sortedX5cCerts.get(0).getEncoded())); + + } catch (final CertificateEncodingException e) { + log.warn("Can not create DEBUG output", e); + + } + } + } + + } else if (StringUtils.isNotEmpty(x5t256)) { + log.debug("Found x5t256 fingerprint in JOSE header .... "); + final X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver( + trustedCerts); + selectedKey = x509VerificationKeyResolver.resolveKey(jws, Collections.<JsonWebStructure>emptyList()); + + } else { + throw new JoseException("JWS contains NO signature certificate or NO certificate fingerprint"); + + } + + if (selectedKey == null) { + throw new JoseException("Can NOT select verification key for JWS. Signature verification FAILED"); + + } + + // set verification key + jws.setKey(selectedKey); + + // load payLoad + return new JwsResult( + jws.verifySignature(), + jws.getUnverifiedPayload(), + jws.getHeaders(), + x5cCerts); + + } + + /** + * Select signature algorithm for a given credential. + * + * @param key {@link X509Credential} that will be used for + * key operations + * @param rsaSigAlgorithm RSA based algorithm that should be used in case + * of RSA credential + * @param ecSigAlgorithm EC based algorithm that should be used in case + * of RSA credential + * @param friendlyNameForLogging KeyStore friendlyName for logging purposes + * @return either the RSA based algorithm or the EC based algorithm + * @throws EaafKeyUsageException In case of an unsupported private-key type + */ + private static String getKeyOperationAlgorithmFromCredential(Key key, + String rsaSigAlgorithm, String ecSigAlgorithm, String friendlyNameForLogging) + throws EaafKeyUsageException { + if (key instanceof RSAPrivateKey) { + return rsaSigAlgorithm; + + } else if (key instanceof ECPrivateKey) { + return ecSigAlgorithm; + + } else { + log.warn("Could NOT select the cryptographic algorithm from Private-Key type"); + throw new EaafKeyUsageException(EaafKeyUsageException.ERROR_CODE_01, + friendlyNameForLogging, + "Can not select cryptographic algorithm"); + + } + + } + + private JoseUtils() { + + } + + @Getter + @AllArgsConstructor + public static class JwsResult { + final boolean valid; + final String payLoad; + final Headers fullJoseHeader; + final List<X509Certificate> x5cCerts; + + } +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/LoggingHandler.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/LoggingHandler.java new file mode 100644 index 00000000..70290cd3 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/LoggingHandler.java @@ -0,0 +1,72 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.utils; + +import java.io.ByteArrayOutputStream; +import java.util.Set; + +import javax.xml.namespace.QName; +import javax.xml.soap.SOAPMessage; +import javax.xml.ws.handler.MessageContext; +import javax.xml.ws.handler.soap.SOAPHandler; +import javax.xml.ws.handler.soap.SOAPMessageContext; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class LoggingHandler implements SOAPHandler<SOAPMessageContext> { + + Logger log = LoggerFactory.getLogger(LoggingHandler.class); + + @Override + public boolean handleMessage(SOAPMessageContext context) { + final SOAPMessage msg = context.getMessage(); + final ByteArrayOutputStream bos = new ByteArrayOutputStream(); + + try { + msg.writeTo(bos); + log.trace(bos.toString("UTF-8")); + log.trace(new String(bos.toByteArray(), "UTF-8")); + + } catch (final Exception e) { + log.trace(e.getMessage(), e); + } + return true; + } + + @Override + public boolean handleFault(SOAPMessageContext context) { + return handleMessage(context); + } + + @Override + public void close(MessageContext context) { + } + + @Override + public Set<QName> getHeaders() { + return null; + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java new file mode 100644 index 00000000..9d9a0647 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java @@ -0,0 +1,175 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.validator; + +import java.util.List; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.google.common.collect.ImmutableSet; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasValidationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.data.Triple; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.AttributeValue; +import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance; + +/** + * eIDAS Response validator implementation. + * + * @author tlenz + * + */ +public class EidasResponseValidator { + private static final Logger log = LoggerFactory.getLogger(EidasResponseValidator.class); + + /** + * Validate an eIDAS Response according to internal state. + * + * @param pendingReq Current pending request + * @param eidasResponse eIDAS response object + * @param spCountry Country-Code of the Service Provider + * @param citizenCountryCode Country-Code of the Citizen + * @param attrRegistry eIDAS Attribute registry implementation + * @throws EidasValidationException In case of an validation error + */ + public static void validateResponse(IRequest pendingReq, ILightResponse eidasResponse, String spCountry, + String citizenCountryCode, EidasAttributeRegistry attrRegistry) throws EidasValidationException { + + /*-----------------------------------------------------| + * validate received LoA against minimum required LoA | + *_____________________________________________________| + */ + final LevelOfAssurance respLoA = LevelOfAssurance.fromString(eidasResponse.getLevelOfAssurance()); + final List<String> allowedLoAs = pendingReq.getServiceProviderConfiguration().getRequiredLoA(); + boolean loaValid = false; + for (final String allowedLoaString : allowedLoAs) { + final LevelOfAssurance allowedLoa = LevelOfAssurance.fromString(allowedLoaString); + if (respLoA.numericValue() >= allowedLoa.numericValue()) { + log.debug("Response contains valid LoA. Resume process ... "); + loaValid = true; + break; + + } else { + log.trace("Allowed LoA: " + allowedLoaString + " DOES NOT match response LoA: " + eidasResponse + .getLevelOfAssurance()); + } + + } + + if (!loaValid) { + log.error("eIDAS Response LevelOfAssurance is lower than the required! " + + "(Resp-LoA:{} Req-LoA:{} )", respLoA.getValue(), allowedLoAs.toArray()); + throw new EidasValidationException("eidas.06", new Object[] { respLoA.getValue() }); + + } + + /*-----------------------------------------------------| + * validate 'PersonalIdentifier' attribute | + *_____________________________________________________| + */ + final AttributeDefinition<?> attrDefinition = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); + final ImmutableSet<? extends AttributeValue<?>> attributeValues = eidasResponse.getAttributes() + .getAttributeMap().get(attrDefinition); + final List<String> personalIdObj = EidasResponseUtils.translateStringListAttribute(attrDefinition, + attributeValues); + + // check if attribute exists + if (personalIdObj == null || personalIdObj.isEmpty()) { + log.warn("eIDAS Response include NO 'PersonalIdentifier' attriubte " + + ".... That can be a BIG problem in further processing steps"); + throw new EidasValidationException("eidas.05", new Object[] { "NO 'PersonalIdentifier' attriubte" }); + + } else if (personalIdObj.size() > 1) { + log.warn("eIDAS Response include MORE THAN ONE 'PersonalIdentifier' attriubtes " + + ".... That can be a BIG problem in further processing steps"); + throw new EidasValidationException("eidas.05", new Object[] { + "MORE THAN ONE 'PersonalIdentifier' attriubtes" }); + + } else { + final String natPersId = personalIdObj.get(0); + // validate attribute value format + final Triple<String, String, String> split = + EidasResponseUtils.parseEidasPersonalIdentifier(natPersId); + if (split == null) { + throw new EidasValidationException("eidas.07", + new Object[] { + Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + "Wrong identifier format" }); + + } else { + // validation according to eIDAS SAML Attribute Profile, Section 2.2.3 + if (StringUtils.isEmpty(split.getSecond())) { + log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + + " includes NO destination country. Value:" + natPersId); + throw new EidasValidationException("eidas.07", + new Object[] { + Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + "No or empty destination country" }); + + } + if (!split.getSecond().equalsIgnoreCase(spCountry)) { + log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + + " includes wrong destination country. Value:" + natPersId + + " SP-Country:" + spCountry); + throw new EidasValidationException("eidas.07", + new Object[] { + Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + "Destination country does not match to SP country" }); + + } + + if (StringUtils.isEmpty(split.getFirst())) { + log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + + " includes NO citizen country. Value:" + natPersId); + throw new EidasValidationException("eidas.07", + new Object[] { + Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + "No or empty citizen country" }); + + } + if (!split.getFirst().equalsIgnoreCase(citizenCountryCode)) { + log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + + " includes a citizen country that does not match to service-provider country. " + + " Value:" + natPersId + + " citiczen Country:" + spCountry); + throw new EidasValidationException("eidas.07", + new Object[] { + Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + "Citizen country does not match to eIDAS-node country that generates the response" }); + + } + } + } + + } +} diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/modules/authmodule-eIDAS-v2/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 00000000..a8d2991d --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasAuthenticationSpringResourceProvider
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml new file mode 100644 index 00000000..e645c50e --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="UTF-8"?> +<pd:ProcessDefinition id="eIDASAuthentication_v2" + xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> + + + <pd:Task id="createAuthnRequest" class="ConnecteIDASNodeTask" /> + <pd:Task id="receiveAuthnResponse" + class="ReceiveResponseFromeIDASNodeTask" async="true" /> + <pd:Task id="finalizeAuthentication" + class="FinalizeAuthenticationTask" /> + <pd:Task id="generateIdentityLink" + class="CreateIdentityLinkTask" /> + + <pd:StartEvent id="start" /> + + <pd:Transition from="start" to="createAuthnRequest" /> + <pd:Transition from="createAuthnRequest" to="receiveAuthnResponse" /> + <pd:Transition conditionExpression="ctx['msConnectorStaging']" + from="receiveAuthnResponse" to="end" /> + <pd:Transition from="receiveAuthnResponse" to="generateIdentityLink" /> + <pd:Transition from="generateIdentityLink" to="finalizeAuthentication" /> + <pd:Transition from="finalizeAuthentication" to="end" /> + + <pd:EndEvent id="end" /> + +</pd:ProcessDefinition> diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS/additional-attributes.xml b/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS/additional-attributes.xml new file mode 100644 index 00000000..a72ac1e8 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS/additional-attributes.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ~ Copyright (c) 2017 by European Commission + ~ + ~ Licensed under the EUPL, Version 1.2 or - as soon they will be + ~ approved by the European Commission - subsequent versions of the + ~ EUPL (the "Licence"); + ~ You may not use this work except in compliance with the Licence. + ~ You may obtain a copy of the Licence at: + ~ https://joinup.ec.europa.eu/page/eupl-text-11-12 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the Licence is distributed on an "AS IS" basis, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + ~ implied. + ~ See the Licence for the specific language governing permissions and + ~ limitations under the Licence. + --> + +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> +<properties> + <comment>Dynamic attributes</comment> + + <entry key="1.NameUri">http://eidas.europa.eu/attributes/naturalperson/AdditionalAttribute</entry> + <entry key="1.FriendlyName">AdditionalAttribute</entry> + <entry key="1.PersonType">NaturalPerson</entry> + <entry key="1.Required">false</entry> + <entry key="1.XmlType.NamespaceUri">http://www.w3.org/2001/XMLSchema</entry> + <entry key="1.XmlType.LocalPart">string</entry> + <entry key="1.XmlType.NamespacePrefix">xs</entry> + <entry key="1.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="2.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalAdditionalAttribute</entry> + <entry key="2.FriendlyName">LegalAdditionalAttribute</entry> + <entry key="2.PersonType">LegalPerson</entry> + <entry key="2.Required">false</entry> + <entry key="2.XmlType.NamespaceUri">http://www.w3.org/2001/XMLSchema</entry> + <entry key="2.XmlType.LocalPart">string</entry> + <entry key="2.XmlType.NamespacePrefix">xs</entry> + <entry key="2.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + +</properties> diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS/eidas-attributes.xml b/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS/eidas-attributes.xml new file mode 100644 index 00000000..c9288d59 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS/eidas-attributes.xml @@ -0,0 +1,379 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ~ Copyright (c) 2017 by European Commission + ~ + ~ Licensed under the EUPL, Version 1.2 or - as soon they will be + ~ approved by the European Commission - subsequent versions of the + ~ EUPL (the "Licence"); + ~ You may not use this work except in compliance with the Licence. + ~ You may obtain a copy of the Licence at: + ~ https://joinup.ec.europa.eu/page/eupl-text-11-12 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the Licence is distributed on an "AS IS" basis, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + ~ implied. + ~ See the Licence for the specific language governing permissions and + ~ limitations under the Licence. + --> + +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> +<properties> + <comment>eIDAS attributes</comment> + + <entry key="1.NameUri">http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier</entry> + <entry key="1.FriendlyName">PersonIdentifier</entry> + <entry key="1.PersonType">NaturalPerson</entry> + <entry key="1.Required">true</entry> + <entry key="1.UniqueIdentifier">true</entry> + <entry key="1.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="1.XmlType.LocalPart">PersonIdentifierType</entry> + <entry key="1.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="1.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="2.NameUri">http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName</entry> + <entry key="2.FriendlyName">FamilyName</entry> + <entry key="2.PersonType">NaturalPerson</entry> + <entry key="2.Required">true</entry> + <entry key="2.TransliterationMandatory">true</entry> + <entry key="2.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="2.XmlType.LocalPart">CurrentFamilyNameType</entry> + <entry key="2.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="2.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="3.NameUri">http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName</entry> + <entry key="3.FriendlyName">FirstName</entry> + <entry key="3.PersonType">NaturalPerson</entry> + <entry key="3.Required">true</entry> + <entry key="3.TransliterationMandatory">true</entry> + <entry key="3.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="3.XmlType.LocalPart">CurrentGivenNameType</entry> + <entry key="3.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="3.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="4.NameUri">http://eidas.europa.eu/attributes/naturalperson/DateOfBirth</entry> + <entry key="4.FriendlyName">DateOfBirth</entry> + <entry key="4.PersonType">NaturalPerson</entry> + <entry key="4.Required">true</entry> + <entry key="4.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="4.XmlType.LocalPart">DateOfBirthType</entry> + <entry key="4.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="4.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller</entry> + + <entry key="5.NameUri">http://eidas.europa.eu/attributes/naturalperson/BirthName</entry> + <entry key="5.FriendlyName">BirthName</entry> + <entry key="5.PersonType">NaturalPerson</entry> + <entry key="5.Required">false</entry> + <entry key="5.TransliterationMandatory">true</entry> + <entry key="5.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="5.XmlType.LocalPart">BirthNameType</entry> + <entry key="5.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="5.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="6.NameUri">http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth</entry> + <entry key="6.FriendlyName">PlaceOfBirth</entry> + <entry key="6.PersonType">NaturalPerson</entry> + <entry key="6.Required">false</entry> + <entry key="6.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="6.XmlType.LocalPart">PlaceOfBirthType</entry> + <entry key="6.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="6.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="7.NameUri">http://eidas.europa.eu/attributes/naturalperson/CurrentAddress</entry> + <entry key="7.FriendlyName">CurrentAddress</entry> + <entry key="7.PersonType">NaturalPerson</entry> + <entry key="7.Required">false</entry> + <entry key="7.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="7.XmlType.LocalPart">CurrentAddressType</entry> + <entry key="7.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="7.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller</entry> + + <entry key="8.NameUri">http://eidas.europa.eu/attributes/naturalperson/Gender</entry> + <entry key="8.FriendlyName">Gender</entry> + <entry key="8.PersonType">NaturalPerson</entry> + <entry key="8.Required">false</entry> + <entry key="8.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="8.XmlType.LocalPart">GenderType</entry> + <entry key="8.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="8.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.GenderAttributeValueMarshaller</entry> + + <entry key="9.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier</entry> + <entry key="9.FriendlyName">LegalPersonIdentifier</entry> + <entry key="9.PersonType">LegalPerson</entry> + <entry key="9.Required">true</entry> + <entry key="9.UniqueIdentifier">true</entry> + <entry key="9.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="9.XmlType.LocalPart">LegalPersonIdentifierType</entry> + <entry key="9.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="9.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="10.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalName</entry> + <entry key="10.FriendlyName">LegalName</entry> + <entry key="10.PersonType">LegalPerson</entry> + <entry key="10.Required">true</entry> + <entry key="10.TransliterationMandatory">true</entry> + <entry key="10.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="10.XmlType.LocalPart">LegalNameType</entry> + <entry key="10.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="10.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="11.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalPersonAddress</entry> + <entry key="11.FriendlyName">LegalAddress</entry> + <entry key="11.PersonType">LegalPerson</entry> + <entry key="11.Required">false</entry> + <entry key="11.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="11.XmlType.LocalPart">LegalPersonAddressType</entry> + <entry key="11.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="11.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.LegalAddressAttributeValueMarshaller</entry> + + <entry key="12.NameUri">http://eidas.europa.eu/attributes/legalperson/VATRegistrationNumber</entry> + <entry key="12.FriendlyName">VATRegistration</entry> + <entry key="12.PersonType">LegalPerson</entry> + <entry key="12.Required">false</entry> + <entry key="12.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="12.XmlType.LocalPart">VATRegistrationNumberType</entry> + <entry key="12.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="12.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="13.NameUri">http://eidas.europa.eu/attributes/legalperson/TaxReference</entry> + <entry key="13.FriendlyName">TaxReference</entry> + <entry key="13.PersonType">LegalPerson</entry> + <entry key="13.Required">false</entry> + <entry key="13.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="13.XmlType.LocalPart">TaxReferenceType</entry> + <entry key="13.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="13.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="14.NameUri">http://eidas.europa.eu/attributes/legalperson/D-2012-17-EUIdentifier</entry> + <entry key="14.FriendlyName">D-2012-17-EUIdentifier</entry> + <entry key="14.PersonType">LegalPerson</entry> + <entry key="14.Required">false</entry> + <entry key="14.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="14.XmlType.LocalPart">D-2012-17-EUIdentifierType</entry> + <entry key="14.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="14.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="15.NameUri">http://eidas.europa.eu/attributes/legalperson/LEI</entry> + <entry key="15.FriendlyName">LEI</entry> + <entry key="15.PersonType">LegalPerson</entry> + <entry key="15.Required">false</entry> + <entry key="15.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="15.XmlType.LocalPart">LEIType</entry> + <entry key="15.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="15.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="16.NameUri">http://eidas.europa.eu/attributes/legalperson/EORI</entry> + <entry key="16.FriendlyName">EORI</entry> + <entry key="16.PersonType">LegalPerson</entry> + <entry key="16.Required">false</entry> + <entry key="16.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="16.XmlType.LocalPart">EORIType</entry> + <entry key="16.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="16.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="17.NameUri">http://eidas.europa.eu/attributes/legalperson/SEED</entry> + <entry key="17.FriendlyName">SEED</entry> + <entry key="17.PersonType">LegalPerson</entry> + <entry key="17.Required">false</entry> + <entry key="17.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="17.XmlType.LocalPart">SEEDType</entry> + <entry key="17.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="17.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="18.NameUri">http://eidas.europa.eu/attributes/legalperson/SIC</entry> + <entry key="18.FriendlyName">SIC</entry> + <entry key="18.PersonType">LegalPerson</entry> + <entry key="18.Required">false</entry> + <entry key="18.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="18.XmlType.LocalPart">SICType</entry> + <entry key="18.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="18.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="19.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/PersonIdentifier</entry> + <entry key="19.FriendlyName">RepresentativePersonIdentifier</entry> + <entry key="19.PersonType">RepresentativeNaturalPerson</entry> + <entry key="19.Required">false</entry> + <entry key="19.UniqueIdentifier">true</entry> + <entry key="19.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="19.XmlType.LocalPart">PersonIdentifierType</entry> + <entry key="19.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="19.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="20.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/CurrentFamilyName</entry> + <entry key="20.FriendlyName">RepresentativeFamilyName</entry> + <entry key="20.PersonType">RepresentativeNaturalPerson</entry> + <entry key="20.Required">false</entry> + <entry key="20.TransliterationMandatory">true</entry> + <entry key="20.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="20.XmlType.LocalPart">CurrentFamilyNameType</entry> + <entry key="20.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="20.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="21.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/CurrentGivenName</entry> + <entry key="21.FriendlyName">RepresentativeFirstName</entry> + <entry key="21.PersonType">RepresentativeNaturalPerson</entry> + <entry key="21.Required">false</entry> + <entry key="21.TransliterationMandatory">true</entry> + <entry key="21.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="21.XmlType.LocalPart">CurrentGivenNameType</entry> + <entry key="21.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="21.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="22.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/DateOfBirth</entry> + <entry key="22.FriendlyName">RepresentativeDateOfBirth</entry> + <entry key="22.PersonType">RepresentativeNaturalPerson</entry> + <entry key="22.Required">false</entry> + <entry key="22.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="22.XmlType.LocalPart">DateOfBirthType</entry> + <entry key="22.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="22.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller</entry> + + <entry key="23.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/BirthName</entry> + <entry key="23.FriendlyName">RepresentativeBirthName</entry> + <entry key="23.PersonType">RepresentativeNaturalPerson</entry> + <entry key="23.Required">false</entry> + <entry key="23.TransliterationMandatory">true</entry> + <entry key="23.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="23.XmlType.LocalPart">BirthNameType</entry> + <entry key="23.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="23.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="24.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/PlaceOfBirth</entry> + <entry key="24.FriendlyName">RepresentativePlaceOfBirth</entry> + <entry key="24.PersonType">RepresentativeNaturalPerson</entry> + <entry key="24.Required">false</entry> + <entry key="24.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="24.XmlType.LocalPart">PlaceOfBirthType</entry> + <entry key="24.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="24.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="25.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/CurrentAddress</entry> + <entry key="25.FriendlyName">RepresentativeCurrentAddress</entry> + <entry key="25.PersonType">RepresentativeNaturalPerson</entry> + <entry key="25.Required">false</entry> + <entry key="25.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="25.XmlType.LocalPart">CurrentAddressType</entry> + <entry key="25.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="25.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.RepvCurrentAddressAttributeValueMarshaller</entry> + + <entry key="26.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/Gender</entry> + <entry key="26.FriendlyName">RepresentativeGender</entry> + <entry key="26.PersonType">RepresentativeNaturalPerson</entry> + <entry key="26.Required">false</entry> + <entry key="26.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="26.XmlType.LocalPart">GenderType</entry> + <entry key="26.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="26.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.GenderAttributeValueMarshaller</entry> + + <entry key="27.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonIdentifier</entry> + <entry key="27.FriendlyName">RepresentativeLegalPersonIdentifier</entry> + <entry key="27.PersonType">RepresentativeLegalPerson</entry> + <entry key="27.Required">false</entry> + <entry key="27.UniqueIdentifier">true</entry> + <entry key="27.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="27.XmlType.LocalPart">LegalPersonIdentifierType</entry> + <entry key="27.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="27.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="28.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalName</entry> + <entry key="28.FriendlyName">RepresentativeLegalName</entry> + <entry key="28.PersonType">RepresentativeLegalPerson</entry> + <entry key="28.Required">false</entry> + <entry key="28.TransliterationMandatory">true</entry> + <entry key="28.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="28.XmlType.LocalPart">LegalNameType</entry> + <entry key="28.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="28.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="29.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonAddress</entry> + <entry key="29.FriendlyName">RepresentativeLegalAddress</entry> + <entry key="29.PersonType">RepresentativeLegalPerson</entry> + <entry key="29.Required">false</entry> + <entry key="29.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="29.XmlType.LocalPart">LegalPersonAddressType</entry> + <entry key="29.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="29.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.RepvLegalAddressAttributeValueMarshaller</entry> + + <entry key="30.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/VATRegistrationNumber</entry> + <entry key="30.FriendlyName">RepresentativeVATRegistration</entry> + <entry key="30.PersonType">RepresentativeLegalPerson</entry> + <entry key="30.Required">false</entry> + <entry key="30.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="30.XmlType.LocalPart">VATRegistrationNumberType</entry> + <entry key="30.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="30.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="31.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/TaxReference</entry> + <entry key="31.FriendlyName">RepresentativeTaxReference</entry> + <entry key="31.PersonType">RepresentativeLegalPerson</entry> + <entry key="31.Required">false</entry> + <entry key="31.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="31.XmlType.LocalPart">TaxReferenceType</entry> + <entry key="31.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="31.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="32.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/D-2012-17-EUIdentifier</entry> + <entry key="32.FriendlyName">RepresentativeD-2012-17-EUIdentifier</entry> + <entry key="32.PersonType">RepresentativeLegalPerson</entry> + <entry key="32.Required">false</entry> + <entry key="32.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="32.XmlType.LocalPart">D-2012-17-EUIdentifierType</entry> + <entry key="32.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="32.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="33.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LEI</entry> + <entry key="33.FriendlyName">RepresentativeLEI</entry> + <entry key="33.PersonType">RepresentativeLegalPerson</entry> + <entry key="33.Required">false</entry> + <entry key="33.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="33.XmlType.LocalPart">LEIType</entry> + <entry key="33.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="33.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="34.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/EORI</entry> + <entry key="34.FriendlyName">RepresentativeEORI</entry> + <entry key="34.PersonType">RepresentativeLegalPerson</entry> + <entry key="34.Required">false</entry> + <entry key="34.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="34.XmlType.LocalPart">EORIType</entry> + <entry key="34.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="34.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="35.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/SEED</entry> + <entry key="35.FriendlyName">RepresentativeSEED</entry> + <entry key="35.PersonType">RepresentativeLegalPerson</entry> + <entry key="35.Required">false</entry> + <entry key="35.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="35.XmlType.LocalPart">SEEDType</entry> + <entry key="35.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="35.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="36.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/SIC</entry> + <entry key="36.FriendlyName">RepresentativeSIC</entry> + <entry key="36.PersonType">RepresentativeLegalPerson</entry> + <entry key="36.Required">false</entry> + <entry key="36.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="36.XmlType.LocalPart">SICType</entry> + <entry key="36.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="36.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="39.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonAddress</entry> + <entry key="39.FriendlyName">RepresentativeLegalAddress</entry> + <entry key="39.PersonType">RepresentativeLegalPerson</entry> + <entry key="39.Required">false</entry> + <entry key="39.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="39.XmlType.LocalPart">LegalPersonAddressType</entry> + <entry key="39.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="39.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.RepvLegalAddressAttributeValueMarshaller</entry> + + <entry key="40.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/VATRegistrationNumber</entry> + <entry key="40.FriendlyName">RepresentativeVATRegistration</entry> + <entry key="40.PersonType">RepresentativeLegalPerson</entry> + <entry key="40.Required">false</entry> + <entry key="40.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="40.XmlType.LocalPart">VATRegistrationNumberType</entry> + <entry key="40.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="40.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + +</properties> diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml new file mode 100644 index 00000000..3b0cee54 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -0,0 +1,95 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <context:annotation-config /> + + <import + resource="classpath:specificCommunicationDefinitionApplicationContext.xml" /> + + <bean id="SZRClientForeIDAS" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient" /> + + <bean id="specificConnectorAttributesFile" + class="java.lang.String"> + <constructor-arg value="eidas-attributes.xml" /> + </bean> + + <bean id="specificAdditionalAttributesFile" + class="java.lang.String"> + <constructor-arg value="additional-attributes.xml" /> + </bean> + + <bean id="specificConnectorAttributesFileWithPath" + class="java.lang.String"> + <constructor-arg + value="#{specificConnectorConfigRepository}#{specificConnectorAttributesFile}" /> + </bean> + + <bean id="specificConnectorAdditionalAttributesFileWithPath" + class="java.lang.String"> + <constructor-arg + value="#{specificConnectorConfigRepository}#{specificAdditionalAttributesFile}" /> + </bean> + + <bean id="eIDASAuthModule" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasAuthenticationModulImpl"> + <property name="priority" value="2" /> + </bean> + + <bean id="eIDASSignalServlet" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet" /> + + <bean id="attributeRegistry" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry"> + <property name="eidasAttributesFile" + ref="specificConnectorAttributesFileWithPath" /> + <property name="additionalAttributesFile" + ref="specificConnectorAdditionalAttributesFileWithPath" /> + </bean> + + <!-- <bean id="eIDASDataStore" class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.eIDASDataStore" + /> --> + + <bean id="authBlockSigningService" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.AuthBlockSigningService" /> + + <bean id="EIDPostProcessingService" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService" /> + + <bean id="DE-Processor" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeEidProcessor"> + <property name="priority" value="1" /> + </bean> + + <bean id="LU-Processor" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.LuEidProcessor"> + <property name="priority" value="1" /> + </bean> + + <bean id="Default-Processor" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.GenericEidProcessor"> + <property name="priority" value="0" /> + </bean> + + <!-- Authentication Process Tasks --> + <bean id="ConnecteIDASNodeTask" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask" + scope="prototype" /> + + <bean id="ReceiveResponseFromeIDASNodeTask" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAuthnResponseTask" + scope="prototype" /> + + <bean id="CreateIdentityLinkTask" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask" + scope="prototype" /> + +</beans>
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml b/modules/authmodule-eIDAS-v2/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml new file mode 100644 index 00000000..91b8e5e4 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml @@ -0,0 +1,122 @@ +<?xml version="1.0" encoding="UTF-8"?> +<saml:Assertion + xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" + xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" + xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" + xmlns:si="http://www.w3.org/2001/XMLSchema-instance" + AssertionID="szr.bmi.gv.at-AssertionID13456264458587874" + IssueInstant="2012-08-22T11:07:25+01:00" + Issuer="http://portal.bmi.gv.at/ref/szr/issuer" MajorVersion="1" + MinorVersion="0" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches + </saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person si:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>wJO/bvDJjUysG0yARn7I6w==</pr:Value> + <pr:Type>urn:publicid:gv.at:baseid</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>XXXRúùd</pr:GivenName> + <pr:FamilyName primary="undefined">XXXVà n Nisteĺrooy + </pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1969-02-13</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" + AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2"> + <saml:AttributeValue> + <ecdsa:ECDSAKeyValue> + <ecdsa:DomainParameters> + <ecdsa:NamedCurve + URN="urn:oid:1.2.840.10045.3.1.7" /> + </ecdsa:DomainParameters> + <ecdsa:PublicKey> + <ecdsa:X + Value="22280299907126338788314199678167217078072953115254374209747379168424021905237" + si:type="ecdsa:PrimeFieldElemType" /> + <ecdsa:Y + Value="40387096985250872237992703378062984723606079359080588656963239072881568409170" + si:type="ecdsa:PrimeFieldElemType" /> + </ecdsa:PublicKey> + </ecdsa:ECDSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" + AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2"> + <saml:AttributeValue> + <dsig:RSAKeyValue> + <dsig:Modulus>4Y4FL09VhczsfYQgFPuycP8quJNZBAAu1R1rFXNodI2711B6BTMjAGQn6xuFWfd3/nyFav/MLTr/ + t2VazvANS4TRFxJAcWyIx7xbxCdzZr6gJ+FCmq4g5JPrQvt50v3JX+wKSYft1gHBOWlDn90Ia4Gm + P8MVuze21T+VVKM6ZklmS6d5PT1er/uYQFydGErmJ17xlSQG6Fi5xuftopBDyJxG1tL1KIebpLFg + gaM2EyuB1HxH8/+Mfqa4UgeqIH65 + </dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> + <dsig:Signature> + <dsig:SignedInfo> + <dsig:CanonicalizationMethod + Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> + <dsig:SignatureMethod + Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> + <dsig:Reference URI=""> + <dsig:Transforms> + <dsig:Transform + Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> + <dsig:XPath>not(ancestor-or-self::pr:Identification) + </dsig:XPath> + </dsig:Transform> + <dsig:Transform + Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> + </dsig:Transforms> + <dsig:DigestMethod + Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> + <dsig:DigestValue>KEQEPY2O3Z3IRaISSSoRZVPzsHE= + </dsig:DigestValue> + </dsig:Reference> + <dsig:Reference + Type="http://www.w3.org/2000/09/xmldsig#Manifest" + URI="#manifest"> + <dsig:DigestMethod + Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> + <dsig:DigestValue>gzGhjH1kdmPcPbgen0xojNIoJLk= + </dsig:DigestValue> + </dsig:Reference> + </dsig:SignedInfo> + <dsig:SignatureValue> + 06wqWHgplwpu3N5HMhzb6QC5NkXMO1z4N4oc1L6eDqwZlvFJ9X1XGW//QqviKO9oog3il7IzdfJwnjygR4trgGCIqx+JYCDHJCrG9l8zlxlSW0ZqfsygGXthutcQ1aeUpfO6jYuhnWOUywa8BgzukRtWT+AOJBQZPRYTb8IBmey+uAwlhFLni94eMOd81l+efCvkWi3jRajwsG8ZOaNxSZT3aEV5vj+32Aqtx2MPEVzQWtIA7GqZi+EzcdSdHQvHhg7UB+8kqbU70ENAJbEMTANFZYvLOJ0Om9KfDtPf/+R2TvTc360fNo9RnPl04pHPhCIjcGZhFZorBpUhXFwd2Q== + </dsig:SignatureValue> + <dsig:KeyInfo> + <dsig:X509Data> + <dsig:X509Certificate>MIIF3TCCBMWgAwIBAgIDByniMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMSIwIAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMB4XDTEwMDcyODExMzY0M1oXDTE1MDcyODExMzY0M1owgbYxCzAJBgNVBAYTAkFUMR4wHAYDVQQKDBVEYXRlbnNjaHV0emtvbW1pc3Npb24xIjAgBgNVBAsMGVN0YW1temFobHJlZ2lzdGVyYmVob2VyZGUxLjAsBgNVBAMMJVNpZ25hdHVyc2VydmljZSBEYXRlbnNjaHV0emtvbW1pc3Npb24xFTATBgNVBAUTDDMyNTkyODMyMzk5ODEcMBoGCSqGSIb3DQEJARYNZHNrQGRzay5ndi5hdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+dBSEBGj2jUXIK1Mp3lVxc/Za+pJMiyKrX3G1ZxgX/ikx7D9scsPYMt473LlAWl9cmCbHbJK+PV2XNNdURLMUCIX+4vUNs2MHeDTQtX8BXjJFpwJYSoaRJQ39FVS/1r5sWcra9Hhdm7w5Gtx/2ukyDX0kdkxawkhP4EQEzi/SI+Fugn+WqgQ1nAdlbxb/dcBw5w1h9b3lmuwUf4z3ooQWUD2DgA/kKd1KejNR43mLUsmvSzevPxT9zs78pOR1OacB7IszTVJPXeOEaaNZHnnB/UeO3g8LEV/3OkXcUgcMkbIIiaBHlll71Pq0COj9kqjXoe7OrRjLY5i3KwOpa6TMCAwEAAaOCAgcwggIDMBMGA1UdIwQMMAqACEkcWDpP6A0DMH8GCCsGAQUFBwEBBHMwcTAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AuYS10cnVzdC5hdC9vY3NwMEYGCCsGAQUFBzAChjpodHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMmEuY3J0MFQGA1UdIARNMEswSQYGKigAEQESMD8wPQYIKwYBBQUHAgEWMWh0dHA6Ly93d3cuYS10cnVzdC5hdC9kb2NzL2NwL2Etc2lnbi1BbXRzc2lnbmF0dXIwgZ4GA1UdHwSBljCBkzCBkKCBjaCBioaBh2xkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMixvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTARBgNVHQ4ECgQITAgOnhr0tbowDgYDVR0PAQH/BAQDAgSwMCAGA1UdEQQZMBeBFW1hcmN1cy5oaWxkQGRzay5ndi5hdDAJBgNVHRMEAjAAMA4GByooAAoBBwEEAwEB/zAUBgcqKAAKAQEBBAkMB0JTQi1EU0swDQYJKoZIhvcNAQEFBQADggEBAHTklnvPCH/bJSOlIPbLUEkSGuFHsektSZ8Vr22x/Yv7EzsxoQrJIiz2mQ2gQqFuExdWYxvsowjiSbiis9iUf1c0zscvDS3mIZxGs4M89XHsjHnIyb+Fuwnamw65QrFvM1tNB1ZMjxJ3x+YmHLHdtT3BEBcr3/NCRHd2S0HoBspNz9HVgJaZY1llR7poKBvnAc4g1i+QTvyVb00PtKxR9Lw/9ABInX/1pzpxqrPy7Ib2OP8z6dd3WHmIsCiSHUaj0Dxwwln6fYJjhxZ141SnbovlCLYtrsZLXoi9ljIqX4xO0PwMI2RfNc9cXxTRrRS6rEOvX7PpvgXiDXhp592Yyp4= + </dsig:X509Certificate> + </dsig:X509Data> + </dsig:KeyInfo> + <dsig:Object> + <dsig:Manifest Id="manifest"> + <dsig:Reference URI=""> + <dsig:Transforms> + <dsig:Transform + Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> + <dsig:XPath>not(ancestor-or-self::dsig:Signature) + </dsig:XPath> + </dsig:Transform> + </dsig:Transforms> + <dsig:DigestMethod + Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> + <dsig:DigestValue>8e7RjLnA4Mgltq5ruIJzheKGxu0= + </dsig:DigestValue> + </dsig:Reference> + </dsig:Manifest> + </dsig:Object> + </dsig:Signature> +</saml:Assertion>
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR-1.1.WSDL b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR-1.1.WSDL new file mode 100644 index 00000000..3c34458d --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR-1.1.WSDL @@ -0,0 +1,939 @@ +<?xml version="1.0" encoding="UTF-8"?> +<definitions targetNamespace="urn:SZRServices" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pd="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:pvp="http://egov.gv.at/pvp1.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:szr="urn:SZRServices" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext" xmlns:xs="http://www.w3.org/2001/XMLSchema"> + <types> + <xs:schema elementFormDefault="qualified" targetNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#"> + <xs:complexType name="PhysicalPersonType"> + <xs:sequence> + <xs:element minOccurs="0" name="Identification" type="pd:IdentificationType" /> + <xs:element minOccurs="1" name="Name" type="pd:PersonNameType" /> + <xs:element minOccurs="0" name="AlternativeName" type="pd:AlternativeNameType" /> + <xs:element minOccurs="0" name="Sex" type="xs:string" /> + <xs:element minOccurs="0" name="DateOfBirth" type="xs:string" /> + <xs:element minOccurs="0" name="PlaceOfBirth" type="xs:string" /> + <xs:element minOccurs="0" name="CountryOfBirth" type="xs:string" /> + <xs:element minOccurs="0" name="Nationality" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="IdentificationType"> + <xs:sequence> + <xs:element minOccurs="0" name="Value" type="xs:string" /> + <xs:element minOccurs="0" name="Type" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="PersonNameType"> + <xs:sequence> + <xs:element minOccurs="0" name="PrefixedDegree" type="xs:string" /> + <xs:element name="GivenName" type="xs:string" nillable="true" /> + <xs:element name="FamilyName" type="xs:string" nillable="true" /> + <xs:element minOccurs="0" name="SuffixedDegree" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="AlternativeNameType"> + <xs:sequence> + <xs:element name="FamilyName" type="xs:string" nillable="true" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="PostalAddressType"> + <xs:sequence> + <xs:element minOccurs="0" name="PostalCode" type="xs:string" /> + <xs:element minOccurs="0" name="Municipality" type="xs:string" /> + <xs:element minOccurs="0" name="Locality" type="xs:string" /> + <xs:element minOccurs="0" name="StateCode3" type="xs:string" /> + <xs:element minOccurs="0" name="DeliveryAddress" type="pd:DeliveryAddressType" /> + <xs:element minOccurs="0" name="HistoricRecord" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="DeliveryAddressType"> + <xs:sequence> + <xs:element minOccurs="0" name="AddressLine" type="xs:string" /> + <xs:element minOccurs="0" name="StreetName" type="xs:string" /> + <xs:element minOccurs="0" name="BuildingNumber" type="xs:string" /> + <xs:element minOccurs="0" name="Unit" type="xs:string" /> + <xs:element minOccurs="0" name="DoorNumber" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:schema> + <xs:schema elementFormDefault="qualified" targetNamespace="http://www.w3.org/2001/04/xmldsig-more#"> + <xs:element name="ECDSAKeyValue" type="ecdsa:ECDSAKeyValueType" nillable="true" /> + <xs:complexType name="ECDSAKeyValueType"> + <xs:sequence> + <xs:element minOccurs="0" name="DomainParameters" type="ecdsa:DomainParamsType" /> + <xs:element name="PublicKey" type="ecdsa:ECPointType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="DomainParamsType"> + <xs:sequence> + <xs:element minOccurs="0" name="NamedCurve" type="ecdsa:NamedCurveType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="NamedCurveType"> + <xs:attribute name="URN" type="xs:string" use="required" /> + </xs:complexType> + <xs:complexType name="ECPointType"> + <xs:sequence minOccurs="0"> + <xs:element name="X" type="ecdsa:PrimeFieldElemType" /> + <xs:element name="Y" type="ecdsa:PrimeFieldElemType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="PrimeFieldElemType"> + <xs:attribute name="Value" type="xs:string" use="required" /> + </xs:complexType> + </xs:schema> + <xs:schema elementFormDefault="qualified" targetNamespace="http://www.w3.org/2000/09/xmldsig#" xmlns="http://www.w3.org/2001/XMLSchema"> + <xs:import namespace="http://www.w3.org/2001/04/xmldsig-more#" /> + <xs:complexType name="KeyValueType"> + <xs:sequence> + <xs:element minOccurs="0" name="DSAKeyValue" type="dsig:DSAKeyValueType" /> + <xs:element minOccurs="0" name="RSAKeyValue" type="dsig:RSAKeyValueType" /> + <xs:element minOccurs="0" ref="ecdsa:ECDSAKeyValue" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="DSAKeyValueType"> + <xs:sequence> + <xs:element minOccurs="0" name="P" type="xs:string" /> + <xs:element minOccurs="0" name="Q" type="xs:string" /> + <xs:element minOccurs="0" name="J" type="xs:string" /> + <xs:element minOccurs="0" name="G" type="xs:string" /> + <xs:element minOccurs="0" name="Y" type="xs:string" /> + <!-- https://www.w3.org/TR/xmldsig-core/ defines PgenCounter THEN Seed, SZR.wsdl used Seed BEFORE PgenCounter. To keep it backwards compatible but allow the usual order, both ways are allowed. --> + <xs:choice maxOccurs="unbounded"> + <xs:element minOccurs="0" name="PgenCounter" type="xs:string" /> + <xs:element minOccurs="0" name="Seed" type="xs:string" /> + </xs:choice> + </xs:sequence> + </xs:complexType> + <xs:complexType name="RSAKeyValueType"> + <xs:sequence> + <xs:element minOccurs="0" name="Modulus" type="xs:string" /> + <xs:element minOccurs="0" name="Exponent" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:schema> + <xs:schema elementFormDefault="qualified" targetNamespace="urn:SZRServices"> + <xs:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" /> + <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" /> + <xs:element name="SZRException" type="szr:SZRException" /> + <xs:complexType name="SZRException" /> + <xs:complexType name="PersonInfoType"> + <xs:sequence> + <xs:element name="Person" type="pd:PhysicalPersonType" /> + <xs:element minOccurs="0" name="RegularDomicile" type="pd:PostalAddressType" /> + <xs:element minOccurs="0" name="AddressCodes" type="szr:AddressCodesType" /> + <xs:element minOccurs="0" name="TravelDocument" type="szr:TravelDocumentType" /> + <xs:element minOccurs="0" name="DateOfBirthWildcard" type="xs:boolean" /> + <xs:element minOccurs="0" name="AuskunftssperreGesetzt" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="TravelDocumentType"> + <xs:sequence> + <xs:element minOccurs="0" name="DocumentNumber" type="xs:string" /> + <xs:element minOccurs="0" name="DocumentType" type="xs:string" /> + <xs:element minOccurs="0" name="IssueDate" type="xs:string" /> + <xs:element minOccurs="0" name="IssuingAuthority" type="xs:string" /> + <xs:element minOccurs="0" name="IssuingCountry" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="AddressCodesType"> + <xs:sequence> + <xs:element minOccurs="0" name="GKZ" type="xs:string" /> + <xs:element minOccurs="0" name="OKZ" type="xs:string" /> + <xs:element minOccurs="0" name="SKZ" type="xs:string" /> + <xs:element minOccurs="0" name="ADRCD" type="xs:string" /> + <xs:element minOccurs="0" name="SUBCD" type="xs:string" /> + <xs:element minOccurs="0" name="OBJNR" type="xs:string" /> + <xs:element minOccurs="0" name="NTZLNR" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:element name="TransformBPK"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element name="InputBPK" type="xs:string" /> + <xs:element name="InputBereichsKennung" type="xs:string" /> + <xs:element name="Begruendung" type="xs:string" /> + <xs:element maxOccurs="unbounded" name="Target" type="szr:FremdBPKRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="TransformBPKResponse"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="TransformBPKReturn" type="szr:FremdBPKType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetVKZPermission"> + <xs:complexType> + <xs:sequence> + <xs:element name="VKZ" type="xs:string" /> + <xs:element name="BereichsKennung" type="xs:string" /> + <xs:element minOccurs="0" name="ParticipantId" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetVKZPermissionResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetVKZPermissionReturn" type="szr:GetVKZPermissionResponseType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="IdentityLinkType"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element name="Assertion" type="xs:anyType" /> + <xs:element minOccurs="0" name="AdditionalInfo" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="ResultRecord"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element name="Register" type="xs:string" /> + <xs:element name="bPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPK" type="szr:FremdBPKType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKKombiRequestType"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="0" name="InsertERnP"> + <xs:simpleType> + <xs:restriction base="xs:string"> + <xs:enumeration value="NoInsert" /> + <xs:enumeration value="InsertOnNoMatch" /> + <xs:enumeration value="ForceInsert" /> + </xs:restriction> + </xs:simpleType> + </xs:element> + <xs:element minOccurs="0" name="Suchwizard" type="xs:boolean" /> + <xs:element name="VKZ" type="xs:string" nillable="true" /> + <xs:element minOccurs="0" name="BehoerdenKennzeichen" type="xs:string" /> + <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" /> + <xs:element minOccurs="0" name="Sessionid" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKKombiResponseType"> + <xs:complexContent> + <xs:extension base="szr:GetBPKZPVResponseType"> + <xs:sequence> + <xs:element name="FoundWithSuchwizard" type="xs:boolean" /> + <xs:element name="Sessionid" type="xs:string" /> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + <xs:complexType name="GetBPKZPVRequestType"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="0" name="InsertERnP" type="xs:boolean" default="false" /> + <xs:element minOccurs="1" name="VKZ" type="xs:string" /> + <xs:element minOccurs="0" name="BehoerdenKennzeichen" type="xs:string" /> + <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKZPVResponseType"> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="ResultRecord" type="szr:ResultRecord" /> + <xs:element name="InsertERnPResult" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKFromStammzahlEncryptedRequestType"> + <xs:sequence> + <xs:element minOccurs="1" name="StammzahlEncrypted" type="xs:string" /> + <xs:element minOccurs="0" name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="1" name="VKZ" type="xs:string" /> + <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKFromStammzahlEncryptedResponseType"> + <xs:sequence> + <xs:element minOccurs="0" name="bPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPK" type="szr:FremdBPKType" /> + </xs:sequence> + </xs:complexType> + <xs:element name="GetIdentityLink"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="0" maxOccurs="unbounded" name="KeyValue" type="dsig:KeyValueType" /> + <xs:element minOccurs="0" name="InsertERnP" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetIdentityLinkResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetIdentityLinkReturn" type="szr:IdentityLinkType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetIdentityLinkEidas"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetIdentityLinkEidasResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetIdentityLinkReturn" type="szr:IdentityLinkType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPK"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" /> + <xs:element minOccurs="0" name="VKZ" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" /> + <xs:element minOccurs="0" name="ListMultiplePersons" type="xs:boolean" /> + <xs:element minOccurs="0" name="InsertERnP" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKResponse"> + <xs:complexType> + <xs:sequence> + <xs:element minOccurs="0" name="GetBPKReturn" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPK" type="szr:FremdBPKType" /> + <xs:element maxOccurs="5" minOccurs="0" name="PersonInfo" type="szr:PersonInfoType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKs"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" /> + <xs:element name="VKZ" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKsResponse"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="ResultRecord" type="szr:GetBPKsResponseType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="GetBPKsResponseType"> + <xs:sequence> + <xs:element minOccurs="0" name="BPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPK" type="szr:FremdBPKType" /> + <xs:element minOccurs="0" name="Fault"> + <xs:complexType> + <xs:attribute name="Code" type="xs:string" /> + <xs:attribute name="String" type="xs:string" /> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + <xs:element name="GetBPKKombi"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKKombiRequest" type="szr:GetBPKKombiRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKKombiResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKKombiResponse" type="szr:GetBPKKombiResponseType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKZPV"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKZPVRequest" type="szr:GetBPKZPVRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKZPVResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKZPVResponse" type="szr:GetBPKZPVResponseType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKFromStammzahlEncrypted"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKFromStammzahlEncryptedRequest" type="szr:GetBPKFromStammzahlEncryptedRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKFromStammzahlEncryptedResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKFromStammzahlEncryptedResponse" type="szr:GetBPKFromStammzahlEncryptedResponseType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="ValidateIdentityLink"> + <xs:complexType> + <xs:sequence> + <xs:element name="IdentityLink" type="szr:IdentityLinkType" /> + <xs:element name="BereichsKennung" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="ValidateIdentityLinkResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="ValidateIdentityLinkReturn" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="BPKzuBasiszahl"> + <xs:complexType> + <xs:sequence> + <xs:element name="Bereich" type="xs:string" /> + <xs:element name="BPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" name="BasisZahl" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="BPKzuBasiszahlResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="BPKzuBasiszahlReturn" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="FremdBPKRequestType"> + <xs:sequence> + <xs:element name="BereichsKennung" type="xs:string" /> + <xs:element name="VKZ" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="FremdBPKType"> + <xs:sequence> + <xs:element name="BereichsKennung" type="xs:string" /> + <xs:element name="FremdBPK" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetVKZPermissionResponseType"> + <xs:sequence> + <xs:element name="isAllowed" type="xs:boolean" /> + <xs:element minOccurs="0" name="behSchluessel" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:element name="BasiszahlZuBPK"> + <xs:complexType> + <xs:sequence> + <xs:element minOccurs="0" name="VKZ" type="xs:string" /> + <xs:element maxOccurs="unbounded" name="BasisZahl" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Bereich" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPKTargets" type="szr:FremdBPKRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="BasiszahlZuBPKReturnType"> + <xs:sequence> + <xs:element maxOccurs="unbounded" minOccurs="0" name="BPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPKs" type="szr:FremdBPKType" /> + </xs:sequence> + </xs:complexType> + <xs:element name="BasiszahlZuBPKResponse"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="BasiszahlZuBPKReturn" type="szr:BasiszahlZuBPKReturnType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="ZMRAnwendungsIntegration"> + <xs:complexType> + <xs:sequence> + <xs:element name="Bereich" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPKTargets" type="szr:FremdBPKRequestType" /> + <xs:element maxOccurs="unbounded" name="ZMRfremdbPK" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="ZMRAnwendungsIntegrationReturnType"> + <xs:sequence> + <xs:element name="BPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPKs" type="szr:FremdBPKType" /> + </xs:sequence> + </xs:complexType> + <xs:element name="ZMRAnwendungsIntegrationResponse"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="ZMRAnwendungsIntegrationReturn" type="szr:ZMRAnwendungsIntegrationReturnType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahl"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahlResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="Stammzahl" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahlEncrypted"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="0" name="InsertERnP" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahlEncryptedResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="Stammzahl" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetVersion" nillable="true" /> + <xs:element name="GetVersionResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="Version" type="xs:string" /> + <xs:element name="Revision" type="xs:string" /> + <xs:element name="Time" type="xs:string" /> + <xs:element name="IdentityLinkNotAfter" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:schema> + <xs:schema targetNamespace="http://egov.gv.at/pvp1.xsd"> + <xs:include schemaLocation="pvp1.xsd" /> + </xs:schema> + <xs:schema elementFormDefault="qualified" targetNamespace="http://schemas.xmlsoap.org/ws/2002/04/secext"> + <xs:element name="Security"> + <xs:complexType> + <xs:sequence> + <!-- add the pvpToken here. You can also uncomment the following line if you support XSD 1.1 --> + <!-- <xs:element ref="pvp:pvpToken" /> --> + <xs:any processContents="lax" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + <xs:anyAttribute processContents="lax" /> + </xs:complexType> + </xs:element> + </xs:schema> + </types> + <message name="Header"> + <part name="SecurityHeader" element="wsse:Security" /> + </message> + <message name="GetIdentityLinkRequest"> + <part element="szr:GetIdentityLink" name="parameters" /> + </message> + <message name="GetIdentityLinkResponse"> + <part element="szr:GetIdentityLinkResponse" name="parameters" /> + </message> + <message name="GetIdentityLinkEidasRequest"> + <part element="szr:GetIdentityLinkEidas" name="parameters" /> + </message> + <message name="GetIdentityLinkEidasResponse"> + <part element="szr:GetIdentityLinkEidasResponse" name="parameters" /> + </message> + <message name="GetBPKRequest"> + <part element="szr:GetBPK" name="parameters" /> + </message> + <message name="GetBPKResponse"> + <part element="szr:GetBPKResponse" name="parameters" /> + </message> + <message name="GetBPKsRequest"> + <part element="szr:GetBPKs" name="parameters" /> + </message> + <message name="GetBPKsResponse"> + <part element="szr:GetBPKsResponse" name="parameters" /> + </message> + <message name="GetBPKKombiRequest"> + <part element="szr:GetBPKKombi" name="parameters" /> + </message> + <message name="GetBPKKombiResponse"> + <part element="szr:GetBPKKombiResponse" name="parameters" /> + </message> + <message name="GetBPKZPVRequest"> + <part element="szr:GetBPKZPV" name="parameters" /> + </message> + <message name="GetBPKZPVResponse"> + <part element="szr:GetBPKZPVResponse" name="parameters" /> + </message> + <message name="GetBPKFromStammzahlEncryptedRequest"> + <part element="szr:GetBPKFromStammzahlEncrypted" name="parameters" /> + </message> + <message name="GetBPKFromStammzahlEncryptedResponse"> + <part element="szr:GetBPKFromStammzahlEncryptedResponse" name="parameters" /> + </message> + <message name="BPKzuBasiszahlRequest"> + <part element="szr:BPKzuBasiszahl" name="parameters" /> + </message> + <message name="BPKzuBasiszahlResponse"> + <part element="szr:BPKzuBasiszahlResponse" name="parameters" /> + </message> + <message name="BasiszahlZuBPKRequest"> + <part element="szr:BasiszahlZuBPK" name="parameters" /> + </message> + <message name="BasiszahlZuBPKResponse"> + <part element="szr:BasiszahlZuBPKResponse" name="parameters" /> + </message> + <message name="ValidateIdentityLinkRequest"> + <part element="szr:ValidateIdentityLink" name="parameters" /> + </message> + <message name="ValidateIdentityLinkResponse"> + <part element="szr:ValidateIdentityLinkResponse" name="parameters" /> + </message> + <message name="TransformBPKRequest"> + <part element="szr:TransformBPK" name="parameters" /> + </message> + <message name="TransformBPKResponse"> + <part element="szr:TransformBPKResponse" name="parameters" /> + </message> + <message name="GetVKZPermissionRequest"> + <part element="szr:GetVKZPermission" name="parameters" /> + </message> + <message name="GetVKZPermissionResponse"> + <part element="szr:GetVKZPermissionResponse" name="parameters" /> + </message> + <message name="ZMRAnwendungsIntegrationRequest"> + <part element="szr:ZMRAnwendungsIntegration" name="parameters" /> + </message> + <message name="ZMRAnwendungsIntegrationResponse"> + <part element="szr:ZMRAnwendungsIntegrationResponse" name="parameters" /> + </message> + <message name="GetStammzahlRequest"> + <part element="szr:GetStammzahl" name="parameters" /> + </message> + <message name="GetStammzahlResponse"> + <part element="szr:GetStammzahlResponse" name="parameters" /> + </message> + <message name="GetStammzahlEncryptedRequest"> + <part element="szr:GetStammzahlEncrypted" name="parameters" /> + </message> + <message name="GetStammzahlEncryptedResponse"> + <part element="szr:GetStammzahlEncryptedResponse" name="parameters" /> + </message> + <message name="GetVersionRequest"> + <part element="szr:GetVersion" name="parameters" /> + </message> + <message name="GetVersionResponse"> + <part element="szr:GetVersionResponse" name="parameters" /> + </message> + <message name="SZRException"> + <part element="szr:SZRException" name="fault" /> + </message> + <portType name="SZR"> + <operation name="GetIdentityLink"> + <input message="szr:GetIdentityLinkRequest" name="GetIdentityLinkRequest" /> + <output message="szr:GetIdentityLinkResponse" name="GetIdentityLinkResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetIdentityLinkEidas"> + <input message="szr:GetIdentityLinkEidasRequest" name="GetIdentityLinkEidasRequest" /> + <output message="szr:GetIdentityLinkEidasResponse" name="GetIdentityLinkEidasResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPK"> + <jaxws:bindings xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"> + <jaxws:enableWrapperStyle>false</jaxws:enableWrapperStyle> + </jaxws:bindings> + <input message="szr:GetBPKRequest" name="GetBPKRequest" /> + <output message="szr:GetBPKResponse" name="GetBPKResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPKs"> + <input message="szr:GetBPKsRequest" name="GetBPKsRequest" /> + <output message="szr:GetBPKsResponse" name="GetBPKsResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPKKombi"> + <input message="szr:GetBPKKombiRequest" name="GetBPKKombiRequest" /> + <output message="szr:GetBPKKombiResponse" name="GetBPKKombiResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPKZPV"> + <input message="szr:GetBPKZPVRequest" name="GetBPKZPVRequest" /> + <output message="szr:GetBPKZPVResponse" name="GetBPKZPVResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPKFromStammzahlEncrypted"> + <input message="szr:GetBPKFromStammzahlEncryptedRequest" name="GetBPKFromStammzahlEncryptedRequest" /> + <output message="szr:GetBPKFromStammzahlEncryptedResponse" name="GetBPKFromStammzahlEncryptedResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="ValidateIdentityLink"> + <input message="szr:ValidateIdentityLinkRequest" name="ValidateIdentityLinkRequest" /> + <output message="szr:ValidateIdentityLinkResponse" name="ValidateIdentityLinkResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="TransformBPK"> + <input message="szr:TransformBPKRequest" name="TransformBPKRequest" /> + <output message="szr:TransformBPKResponse" name="TransformBPKResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetVKZPermission"> + <input message="szr:GetVKZPermissionRequest" name="GetVKZPermissionRequest" /> + <output message="szr:GetVKZPermissionResponse" name="GetVKZPermissionResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="BPKzuBasiszahl"> + <input message="szr:BPKzuBasiszahlRequest" name="BPKzuBasiszahlRequest" /> + <output message="szr:BPKzuBasiszahlResponse" name="BPKzuBasiszahlResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="BasiszahlZuBPK"> + <input message="szr:BasiszahlZuBPKRequest" name="BasiszahlZuBPKRequest" /> + <output message="szr:BasiszahlZuBPKResponse" name="BasiszahlZuBPKResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="ZMRAnwendungsIntegration"> + <input message="szr:ZMRAnwendungsIntegrationRequest" name="ZMRAnwendungsIntegrationRequest" /> + <output message="szr:ZMRAnwendungsIntegrationResponse" name="ZMRAnwendungsIntegrationResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetStammzahl"> + <input message="szr:GetStammzahlRequest" name="GetStammzahlRequest" /> + <output message="szr:GetStammzahlResponse" name="GetStammzahlResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetStammzahlEncrypted"> + <input message="szr:GetStammzahlEncryptedRequest" name="GetStammzahlEncryptedRequest" /> + <output message="szr:GetStammzahlEncryptedResponse" name="GetStammzahlEncryptedResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetVersion"> + <input message="szr:GetVersionRequest" name="GetVersionRequest" /> + <output message="szr:GetVersionResponse" name="GetVersionResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + </portType> + <binding name="SZRSoapBinding" type="szr:SZR"> + <wsdlsoap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" /> + <operation name="GetIdentityLink"> + <wsdlsoap:operation soapAction="" /> + <input name="GetIdentityLinkRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetIdentityLinkResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetIdentityLinkEidas"> + <wsdlsoap:operation soapAction="" /> + <input name="GetIdentityLinkEidasRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetIdentityLinkEidasResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPK"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPKs"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKsRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKsResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPKKombi"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKKombiRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKKombiResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPKZPV"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKZPVRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKZPVResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPKFromStammzahlEncrypted"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKFromStammzahlEncryptedRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKFromStammzahlEncryptedResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetVKZPermission"> + <wsdlsoap:operation soapAction="" /> + <input name="GetVKZPermissionRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetVKZPermissionResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="ValidateIdentityLink"> + <wsdlsoap:operation soapAction="" /> + <input name="ValidateIdentityLinkRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="ValidateIdentityLinkResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="TransformBPK"> + <wsdlsoap:operation soapAction="" /> + <input name="TransformBPKRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="TransformBPKResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="BPKzuBasiszahl"> + <wsdlsoap:operation soapAction="" /> + <input name="BPKzuBasiszahlRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="BPKzuBasiszahlResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="BasiszahlZuBPK"> + <wsdlsoap:operation soapAction="" /> + <input name="BasiszahlZuBPKRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="BasiszahlZuBPKResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="ZMRAnwendungsIntegration"> + <wsdlsoap:operation soapAction="" /> + <input name="ZMRAnwendungsIntegrationRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="ZMRAnwendungsIntegrationResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetStammzahl"> + <wsdlsoap:operation soapAction="" /> + <input name="GetStammzahlRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetStammzahlResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetStammzahlEncrypted"> + <wsdlsoap:operation soapAction="" /> + <input name="GetStammzahlEncryptedRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetStammzahlEncryptedResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetVersion"> + <wsdlsoap:operation soapAction="" /> + <input name="GetVersionRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetVersionResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + </binding> + <service name="SZRService"> + <port binding="szr:SZRSoapBinding" name="SZRBusinesspartnerTestumgebung"> + <wsdlsoap:address location="https://pvawp.bmi.gv.at/at.gv.bmi.szrsrv-b/services/SZR" /> + </port> + <port binding="szr:SZRSoapBinding" name="SZRTestumgebung"> + <wsdlsoap:address location="https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services-T/services/SZR" /> + </port> + <port binding="szr:SZRSoapBinding" name="SZRProduktionsumgebung"> + <wsdlsoap:address location="https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services/services/SZR" /> + </port> + </service> +</definitions>
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR-1.WSDL b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR-1.WSDL new file mode 100644 index 00000000..4ad2645a --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR-1.WSDL @@ -0,0 +1,901 @@ +<?xml version="1.0" encoding="UTF-8"?> +<definitions targetNamespace="urn:SZRServices" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pd="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:pvp="http://egov.gv.at/pvp1.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:szr="urn:SZRServices" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext" xmlns:xs="http://www.w3.org/2001/XMLSchema"> + <types> + <xs:schema elementFormDefault="qualified" targetNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#"> + <xs:complexType name="PhysicalPersonType"> + <xs:sequence> + <xs:element minOccurs="0" name="Identification" type="pd:IdentificationType" /> + <xs:element minOccurs="1" name="Name" type="pd:PersonNameType" /> + <xs:element minOccurs="0" name="AlternativeName" type="pd:AlternativeNameType" /> + <xs:element minOccurs="0" name="Sex" type="xs:string" /> + <xs:element minOccurs="0" name="DateOfBirth" type="xs:string" /> + <xs:element minOccurs="0" name="PlaceOfBirth" type="xs:string" /> + <xs:element minOccurs="0" name="CountryOfBirth" type="xs:string" /> + <xs:element minOccurs="0" name="Nationality" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="IdentificationType"> + <xs:sequence> + <xs:element minOccurs="0" name="Value" type="xs:string" /> + <xs:element minOccurs="0" name="Type" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="PersonNameType"> + <xs:sequence> + <xs:element minOccurs="0" name="PrefixedDegree" type="xs:string" /> + <xs:element name="GivenName" type="xs:string" nillable="true" /> + <xs:element name="FamilyName" type="xs:string" nillable="true" /> + <xs:element minOccurs="0" name="SuffixedDegree" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="AlternativeNameType"> + <xs:sequence> + <xs:element name="FamilyName" type="xs:string" nillable="true" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="PostalAddressType"> + <xs:sequence> + <xs:element minOccurs="0" name="PostalCode" type="xs:string" /> + <xs:element minOccurs="0" name="Municipality" type="xs:string" /> + <xs:element minOccurs="0" name="Locality" type="xs:string" /> + <xs:element minOccurs="0" name="StateCode3" type="xs:string" /> + <xs:element minOccurs="0" name="DeliveryAddress" type="pd:DeliveryAddressType" /> + <xs:element minOccurs="0" name="HistoricRecord" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="DeliveryAddressType"> + <xs:sequence> + <xs:element minOccurs="0" name="AddressLine" type="xs:string" /> + <xs:element minOccurs="0" name="StreetName" type="xs:string" /> + <xs:element minOccurs="0" name="BuildingNumber" type="xs:string" /> + <xs:element minOccurs="0" name="Unit" type="xs:string" /> + <xs:element minOccurs="0" name="DoorNumber" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:schema> + <xs:schema elementFormDefault="qualified" targetNamespace="http://www.w3.org/2001/04/xmldsig-more#"> + <xs:element name="ECDSAKeyValue" type="ecdsa:ECDSAKeyValueType" nillable="true" /> + <xs:complexType name="ECDSAKeyValueType"> + <xs:sequence> + <xs:element minOccurs="0" name="DomainParameters" type="ecdsa:DomainParamsType" /> + <xs:element name="PublicKey" type="ecdsa:ECPointType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="DomainParamsType"> + <xs:sequence> + <xs:element minOccurs="0" name="NamedCurve" type="ecdsa:NamedCurveType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="NamedCurveType"> + <xs:attribute name="URN" type="xs:string" use="required" /> + </xs:complexType> + <xs:complexType name="ECPointType"> + <xs:sequence minOccurs="0"> + <xs:element name="X" type="ecdsa:PrimeFieldElemType" /> + <xs:element name="Y" type="ecdsa:PrimeFieldElemType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="PrimeFieldElemType"> + <xs:attribute name="Value" type="xs:string" use="required" /> + </xs:complexType> + </xs:schema> + <xs:schema elementFormDefault="qualified" targetNamespace="http://www.w3.org/2000/09/xmldsig#" xmlns="http://www.w3.org/2001/XMLSchema"> + <xs:import namespace="http://www.w3.org/2001/04/xmldsig-more#" /> + <xs:complexType name="KeyValueType"> + <xs:sequence> + <xs:element minOccurs="0" name="DSAKeyValue" type="dsig:DSAKeyValueType" /> + <xs:element minOccurs="0" name="RSAKeyValue" type="dsig:RSAKeyValueType" /> + <xs:element minOccurs="0" ref="ecdsa:ECDSAKeyValue" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="DSAKeyValueType"> + <xs:sequence> + <xs:element minOccurs="0" name="P" type="xs:string" /> + <xs:element minOccurs="0" name="Q" type="xs:string" /> + <xs:element minOccurs="0" name="J" type="xs:string" /> + <xs:element minOccurs="0" name="G" type="xs:string" /> + <xs:element minOccurs="0" name="Y" type="xs:string" /> + <!-- https://www.w3.org/TR/xmldsig-core/ defines PgenCounter THEN Seed, SZR.wsdl used Seed BEFORE PgenCounter. To keep it backwards compatible but allow the usual order, both ways are allowed. --> + <xs:choice maxOccurs="unbounded"> + <xs:element minOccurs="0" name="PgenCounter" type="xs:string" /> + <xs:element minOccurs="0" name="Seed" type="xs:string" /> + </xs:choice> + </xs:sequence> + </xs:complexType> + <xs:complexType name="RSAKeyValueType"> + <xs:sequence> + <xs:element minOccurs="0" name="Modulus" type="xs:string" /> + <xs:element minOccurs="0" name="Exponent" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:schema> + <xs:schema elementFormDefault="qualified" targetNamespace="urn:SZRServices"> + <xs:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" /> + <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" /> + <xs:element name="SZRException" type="szr:SZRException" /> + <xs:complexType name="SZRException" /> + <xs:complexType name="PersonInfoType"> + <xs:sequence> + <xs:element name="Person" type="pd:PhysicalPersonType" /> + <xs:element minOccurs="0" name="RegularDomicile" type="pd:PostalAddressType" /> + <xs:element minOccurs="0" name="AddressCodes" type="szr:AddressCodesType" /> + <xs:element minOccurs="0" name="TravelDocument" type="szr:TravelDocumentType" /> + <xs:element minOccurs="0" name="DateOfBirthWildcard" type="xs:boolean" /> + <xs:element minOccurs="0" name="AuskunftssperreGesetzt" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="TravelDocumentType"> + <xs:sequence> + <xs:element minOccurs="0" name="DocumentNumber" type="xs:string" /> + <xs:element minOccurs="0" name="DocumentType" type="xs:string" /> + <xs:element minOccurs="0" name="IssueDate" type="xs:string" /> + <xs:element minOccurs="0" name="IssuingAuthority" type="xs:string" /> + <xs:element minOccurs="0" name="IssuingCountry" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="AddressCodesType"> + <xs:sequence> + <xs:element minOccurs="0" name="GKZ" type="xs:string" /> + <xs:element minOccurs="0" name="OKZ" type="xs:string" /> + <xs:element minOccurs="0" name="SKZ" type="xs:string" /> + <xs:element minOccurs="0" name="ADRCD" type="xs:string" /> + <xs:element minOccurs="0" name="SUBCD" type="xs:string" /> + <xs:element minOccurs="0" name="OBJNR" type="xs:string" /> + <xs:element minOccurs="0" name="NTZLNR" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:element name="TransformBPK"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element name="InputBPK" type="xs:string" /> + <xs:element name="InputBereichsKennung" type="xs:string" /> + <xs:element name="Begruendung" type="xs:string" /> + <xs:element maxOccurs="unbounded" name="Target" type="szr:FremdBPKRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="TransformBPKResponse"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="TransformBPKReturn" type="szr:FremdBPKType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetVKZPermission"> + <xs:complexType> + <xs:sequence> + <xs:element name="VKZ" type="xs:string" /> + <xs:element name="BereichsKennung" type="xs:string" /> + <xs:element minOccurs="0" name="ParticipantId" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetVKZPermissionResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetVKZPermissionReturn" type="szr:GetVKZPermissionResponseType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="IdentityLinkType"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element name="Assertion" type="xs:anyType" /> + <xs:element minOccurs="0" name="AdditionalInfo" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="ResultRecord"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element name="Register" type="xs:string" /> + <xs:element name="bPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPK" type="szr:FremdBPKType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKKombiRequestType"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="0" name="InsertERnP"> + <xs:simpleType> + <xs:restriction base="xs:string"> + <xs:enumeration value="NoInsert" /> + <xs:enumeration value="InsertOnNoMatch" /> + <xs:enumeration value="ForceInsert" /> + </xs:restriction> + </xs:simpleType> + </xs:element> + <xs:element minOccurs="0" name="Suchwizard" type="xs:boolean" /> + <xs:element name="VKZ" type="xs:string" nillable="true" /> + <xs:element minOccurs="0" name="BehoerdenKennzeichen" type="xs:string" /> + <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" /> + <xs:element minOccurs="0" name="Sessionid" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKKombiResponseType"> + <xs:complexContent> + <xs:extension base="szr:GetBPKZPVResponseType"> + <xs:sequence> + <xs:element name="FoundWithSuchwizard" type="xs:boolean" /> + <xs:element name="Sessionid" type="xs:string" /> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + <xs:complexType name="GetBPKZPVRequestType"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="0" name="InsertERnP" type="xs:boolean" default="false" /> + <xs:element minOccurs="1" name="VKZ" type="xs:string" /> + <xs:element minOccurs="0" name="BehoerdenKennzeichen" type="xs:string" /> + <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKZPVResponseType"> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="ResultRecord" type="szr:ResultRecord" /> + <xs:element name="InsertERnPResult" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKFromStammzahlEncryptedRequestType"> + <xs:sequence> + <xs:element minOccurs="1" name="StammzahlEncrypted" type="xs:string" /> + <xs:element minOccurs="0" name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="1" name="VKZ" type="xs:string" /> + <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKFromStammzahlEncryptedResponseType"> + <xs:sequence> + <xs:element minOccurs="0" name="bPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPK" type="szr:FremdBPKType" /> + </xs:sequence> + </xs:complexType> + <xs:element name="GetIdentityLink"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element maxOccurs="unbounded" name="KeyValue" type="dsig:KeyValueType" /> + <xs:element minOccurs="0" name="InsertERnP" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetIdentityLinkResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetIdentityLinkReturn" type="szr:IdentityLinkType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPK"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" /> + <xs:element minOccurs="0" name="VKZ" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" /> + <xs:element minOccurs="0" name="ListMultiplePersons" type="xs:boolean" /> + <xs:element minOccurs="0" name="InsertERnP" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKResponse"> + <xs:complexType> + <xs:sequence> + <xs:element minOccurs="0" name="GetBPKReturn" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPK" type="szr:FremdBPKType" /> + <xs:element maxOccurs="5" minOccurs="0" name="PersonInfo" type="szr:PersonInfoType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKs"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" /> + <xs:element name="VKZ" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKsResponse"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="ResultRecord" type="szr:GetBPKsResponseType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="GetBPKsResponseType"> + <xs:sequence> + <xs:element minOccurs="0" name="BPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPK" type="szr:FremdBPKType" /> + <xs:element minOccurs="0" name="Fault"> + <xs:complexType> + <xs:attribute name="Code" type="xs:string" /> + <xs:attribute name="String" type="xs:string" /> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + <xs:element name="GetBPKKombi"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKKombiRequest" type="szr:GetBPKKombiRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKKombiResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKKombiResponse" type="szr:GetBPKKombiResponseType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKZPV"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKZPVRequest" type="szr:GetBPKZPVRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKZPVResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKZPVResponse" type="szr:GetBPKZPVResponseType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKFromStammzahlEncrypted"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKFromStammzahlEncryptedRequest" type="szr:GetBPKFromStammzahlEncryptedRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKFromStammzahlEncryptedResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKFromStammzahlEncryptedResponse" type="szr:GetBPKFromStammzahlEncryptedResponseType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="ValidateIdentityLink"> + <xs:complexType> + <xs:sequence> + <xs:element name="IdentityLink" type="szr:IdentityLinkType" /> + <xs:element name="BereichsKennung" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="ValidateIdentityLinkResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="ValidateIdentityLinkReturn" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="BPKzuBasiszahl"> + <xs:complexType> + <xs:sequence> + <xs:element name="Bereich" type="xs:string" /> + <xs:element name="BPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" name="BasisZahl" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="BPKzuBasiszahlResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="BPKzuBasiszahlReturn" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="FremdBPKRequestType"> + <xs:sequence> + <xs:element name="BereichsKennung" type="xs:string" /> + <xs:element name="VKZ" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="FremdBPKType"> + <xs:sequence> + <xs:element name="BereichsKennung" type="xs:string" /> + <xs:element name="FremdBPK" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetVKZPermissionResponseType"> + <xs:sequence> + <xs:element name="isAllowed" type="xs:boolean" /> + <xs:element minOccurs="0" name="behSchluessel" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:element name="BasiszahlZuBPK"> + <xs:complexType> + <xs:sequence> + <xs:element minOccurs="0" name="VKZ" type="xs:string" /> + <xs:element maxOccurs="unbounded" name="BasisZahl" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Bereich" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPKTargets" type="szr:FremdBPKRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="BasiszahlZuBPKReturnType"> + <xs:sequence> + <xs:element maxOccurs="unbounded" minOccurs="0" name="BPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPKs" type="szr:FremdBPKType" /> + </xs:sequence> + </xs:complexType> + <xs:element name="BasiszahlZuBPKResponse"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="BasiszahlZuBPKReturn" type="szr:BasiszahlZuBPKReturnType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="ZMRAnwendungsIntegration"> + <xs:complexType> + <xs:sequence> + <xs:element name="Bereich" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPKTargets" type="szr:FremdBPKRequestType" /> + <xs:element maxOccurs="unbounded" name="ZMRfremdbPK" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="ZMRAnwendungsIntegrationReturnType"> + <xs:sequence> + <xs:element name="BPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPKs" type="szr:FremdBPKType" /> + </xs:sequence> + </xs:complexType> + <xs:element name="ZMRAnwendungsIntegrationResponse"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="ZMRAnwendungsIntegrationReturn" type="szr:ZMRAnwendungsIntegrationReturnType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahl"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahlResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="Stammzahl" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahlEncrypted"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="0" name="InsertERnP" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahlEncryptedResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="Stammzahl" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetVersion" /> + <xs:element name="GetVersionResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="Version" type="xs:string" /> + <xs:element name="Revision" type="xs:string" /> + <xs:element name="Time" type="xs:string" /> + <xs:element name="IdentityLinkNotAfter" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:schema> + <xs:schema targetNamespace="http://egov.gv.at/pvp1.xsd"> + <xs:include schemaLocation="pvp1.xsd" /> + </xs:schema> + <xs:schema elementFormDefault="qualified" targetNamespace="http://schemas.xmlsoap.org/ws/2002/04/secext"> + <xs:element name="Security"> + <xs:complexType> + <xs:sequence> + <!-- add the pvpToken here. You can also uncomment the following line if you support XSD 1.1 --> + <!-- <xs:element ref="pvp:pvpToken" /> --> + <xs:any processContents="lax" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + <xs:anyAttribute processContents="lax" /> + </xs:complexType> + </xs:element> + </xs:schema> + </types> + <message name="Header"> + <part name="SecurityHeader" element="wsse:Security" /> + </message> + <message name="GetIdentityLinkRequest"> + <part element="szr:GetIdentityLink" name="parameters" /> + </message> + <message name="GetIdentityLinkResponse"> + <part element="szr:GetIdentityLinkResponse" name="parameters" /> + </message> + <message name="GetBPKRequest"> + <part element="szr:GetBPK" name="parameters" /> + </message> + <message name="GetBPKResponse"> + <part element="szr:GetBPKResponse" name="parameters" /> + </message> + <message name="GetBPKsRequest"> + <part element="szr:GetBPKs" name="parameters" /> + </message> + <message name="GetBPKsResponse"> + <part element="szr:GetBPKsResponse" name="parameters" /> + </message> + <message name="GetBPKKombiRequest"> + <part element="szr:GetBPKKombi" name="parameters" /> + </message> + <message name="GetBPKKombiResponse"> + <part element="szr:GetBPKKombiResponse" name="parameters" /> + </message> + <message name="GetBPKZPVRequest"> + <part element="szr:GetBPKZPV" name="parameters" /> + </message> + <message name="GetBPKZPVResponse"> + <part element="szr:GetBPKZPVResponse" name="parameters" /> + </message> + <message name="GetBPKFromStammzahlEncryptedRequest"> + <part element="szr:GetBPKFromStammzahlEncrypted" name="parameters" /> + </message> + <message name="GetBPKFromStammzahlEncryptedResponse"> + <part element="szr:GetBPKFromStammzahlEncryptedResponse" name="parameters" /> + </message> + <message name="BPKzuBasiszahlRequest"> + <part element="szr:BPKzuBasiszahl" name="parameters" /> + </message> + <message name="BPKzuBasiszahlResponse"> + <part element="szr:BPKzuBasiszahlResponse" name="parameters" /> + </message> + <message name="BasiszahlZuBPKRequest"> + <part element="szr:BasiszahlZuBPK" name="parameters" /> + </message> + <message name="BasiszahlZuBPKResponse"> + <part element="szr:BasiszahlZuBPKResponse" name="parameters" /> + </message> + <message name="ValidateIdentityLinkRequest"> + <part element="szr:ValidateIdentityLink" name="parameters" /> + </message> + <message name="ValidateIdentityLinkResponse"> + <part element="szr:ValidateIdentityLinkResponse" name="parameters" /> + </message> + <message name="TransformBPKRequest"> + <part element="szr:TransformBPK" name="parameters" /> + </message> + <message name="TransformBPKResponse"> + <part element="szr:TransformBPKResponse" name="parameters" /> + </message> + <message name="GetVKZPermissionRequest"> + <part element="szr:GetVKZPermission" name="parameters" /> + </message> + <message name="GetVKZPermissionResponse"> + <part element="szr:GetVKZPermissionResponse" name="parameters" /> + </message> + <message name="ZMRAnwendungsIntegrationRequest"> + <part element="szr:ZMRAnwendungsIntegration" name="parameters" /> + </message> + <message name="ZMRAnwendungsIntegrationResponse"> + <part element="szr:ZMRAnwendungsIntegrationResponse" name="parameters" /> + </message> + <message name="GetStammzahlRequest"> + <part element="szr:GetStammzahl" name="parameters" /> + </message> + <message name="GetStammzahlResponse"> + <part element="szr:GetStammzahlResponse" name="parameters" /> + </message> + <message name="GetStammzahlEncryptedRequest"> + <part element="szr:GetStammzahlEncrypted" name="parameters" /> + </message> + <message name="GetStammzahlEncryptedResponse"> + <part element="szr:GetStammzahlEncryptedResponse" name="parameters" /> + </message> + <message name="GetVersionRequest"> + <part element="szr:GetVersion" name="parameters" /> + </message> + <message name="GetVersionResponse"> + <part element="szr:GetVersionResponse" name="parameters" /> + </message> + <message name="SZRException"> + <part element="szr:SZRException" name="fault" /> + </message> + <portType name="SZR"> + <operation name="GetIdentityLink"> + <input message="szr:GetIdentityLinkRequest" name="GetIdentityLinkRequest" /> + <output message="szr:GetIdentityLinkResponse" name="GetIdentityLinkResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPK"> + <jaxws:bindings xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"> + <jaxws:enableWrapperStyle>false</jaxws:enableWrapperStyle> + </jaxws:bindings> + <input message="szr:GetBPKRequest" name="GetBPKRequest" /> + <output message="szr:GetBPKResponse" name="GetBPKResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPKs"> + <input message="szr:GetBPKsRequest" name="GetBPKsRequest" /> + <output message="szr:GetBPKsResponse" name="GetBPKsResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPKKombi"> + <input message="szr:GetBPKKombiRequest" name="GetBPKKombiRequest" /> + <output message="szr:GetBPKKombiResponse" name="GetBPKKombiResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPKZPV"> + <input message="szr:GetBPKZPVRequest" name="GetBPKZPVRequest" /> + <output message="szr:GetBPKZPVResponse" name="GetBPKZPVResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPKFromStammzahlEncrypted"> + <input message="szr:GetBPKFromStammzahlEncryptedRequest" name="GetBPKFromStammzahlEncryptedRequest" /> + <output message="szr:GetBPKFromStammzahlEncryptedResponse" name="GetBPKFromStammzahlEncryptedResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="ValidateIdentityLink"> + <input message="szr:ValidateIdentityLinkRequest" name="ValidateIdentityLinkRequest" /> + <output message="szr:ValidateIdentityLinkResponse" name="ValidateIdentityLinkResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="TransformBPK"> + <input message="szr:TransformBPKRequest" name="TransformBPKRequest" /> + <output message="szr:TransformBPKResponse" name="TransformBPKResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetVKZPermission"> + <input message="szr:GetVKZPermissionRequest" name="GetVKZPermissionRequest" /> + <output message="szr:GetVKZPermissionResponse" name="GetVKZPermissionResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="BPKzuBasiszahl"> + <input message="szr:BPKzuBasiszahlRequest" name="BPKzuBasiszahlRequest" /> + <output message="szr:BPKzuBasiszahlResponse" name="BPKzuBasiszahlResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="BasiszahlZuBPK"> + <input message="szr:BasiszahlZuBPKRequest" name="BasiszahlZuBPKRequest" /> + <output message="szr:BasiszahlZuBPKResponse" name="BasiszahlZuBPKResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="ZMRAnwendungsIntegration"> + <input message="szr:ZMRAnwendungsIntegrationRequest" name="ZMRAnwendungsIntegrationRequest" /> + <output message="szr:ZMRAnwendungsIntegrationResponse" name="ZMRAnwendungsIntegrationResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetStammzahl"> + <input message="szr:GetStammzahlRequest" name="GetStammzahlRequest" /> + <output message="szr:GetStammzahlResponse" name="GetStammzahlResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetStammzahlEncrypted"> + <input message="szr:GetStammzahlEncryptedRequest" name="GetStammzahlEncryptedRequest" /> + <output message="szr:GetStammzahlEncryptedResponse" name="GetStammzahlEncryptedResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetVersion"> + <input message="szr:GetVersionRequest" name="GetVersionRequest" /> + <output message="szr:GetVersionResponse" name="GetVersionResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + </portType> + <binding name="SZRSoapBinding" type="szr:SZR"> + <wsdlsoap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" /> + <operation name="GetIdentityLink"> + <wsdlsoap:operation soapAction="" /> + <input name="GetIdentityLinkRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetIdentityLinkResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPK"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPKs"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKsRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKsResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPKKombi"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKKombiRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKKombiResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPKZPV"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKZPVRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKZPVResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPKFromStammzahlEncrypted"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKFromStammzahlEncryptedRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKFromStammzahlEncryptedResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetVKZPermission"> + <wsdlsoap:operation soapAction="" /> + <input name="GetVKZPermissionRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetVKZPermissionResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="ValidateIdentityLink"> + <wsdlsoap:operation soapAction="" /> + <input name="ValidateIdentityLinkRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="ValidateIdentityLinkResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="TransformBPK"> + <wsdlsoap:operation soapAction="" /> + <input name="TransformBPKRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="TransformBPKResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="BPKzuBasiszahl"> + <wsdlsoap:operation soapAction="" /> + <input name="BPKzuBasiszahlRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="BPKzuBasiszahlResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="BasiszahlZuBPK"> + <wsdlsoap:operation soapAction="" /> + <input name="BasiszahlZuBPKRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="BasiszahlZuBPKResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="ZMRAnwendungsIntegration"> + <wsdlsoap:operation soapAction="" /> + <input name="ZMRAnwendungsIntegrationRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="ZMRAnwendungsIntegrationResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetStammzahl"> + <wsdlsoap:operation soapAction="" /> + <input name="GetStammzahlRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetStammzahlResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetStammzahlEncrypted"> + <wsdlsoap:operation soapAction="" /> + <input name="GetStammzahlEncryptedRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetStammzahlEncryptedResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetVersion"> + <wsdlsoap:operation soapAction="" /> + <input name="GetVersionRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetVersionResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + </binding> + <service name="SZRService"> + <port binding="szr:SZRSoapBinding" name="SZRBusinesspartnerTestumgebung"> + <wsdlsoap:address location="https://pvawp.bmi.gv.at/at.gv.bmi.szrsrv-b/services/SZR" /> + </port> + <port binding="szr:SZRSoapBinding" name="SZRTestumgebung"> + <wsdlsoap:address location="https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services-T/services/SZR" /> + </port> + <port binding="szr:SZRSoapBinding" name="SZRProduktionsumgebung"> + <wsdlsoap:address location="https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services/services/SZR" /> + </port> + </service> +</definitions>
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR_v4.0.wsdl b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR_v4.0.wsdl new file mode 100644 index 00000000..e7f296bd --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR_v4.0.wsdl @@ -0,0 +1,441 @@ +<?xml version="1.0" encoding="UTF-8"?> +<definitions targetNamespace="urn:SZRServices" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pd="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:pvp="http://egov.gv.at/pvp1.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:szr="urn:SZRServices" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext" xmlns:xs="http://www.w3.org/2001/XMLSchema"> + <types> + <xs:schema> + <xs:import namespace="urn:SZRServices" schemaLocation="szr_v4.0.xsd"/> + </xs:schema> + </types> + <message name="Header"> + <part name="SecurityHeader" element="wsse:Security" /> + </message> + <message name="GetIdentityLinkRequest"> + <part element="szr:GetIdentityLink" name="parameters" /> + </message> + <message name="GetIdentityLinkResponse"> + <part element="szr:GetIdentityLinkResponse" name="parameters" /> + </message> + <message name="GetIdentityLinkEidasRequest"> + <part element="szr:GetIdentityLinkEidas" name="parameters" /> + </message> + <message name="GetIdentityLinkEidasResponse"> + <part element="szr:GetIdentityLinkEidasResponse" name="parameters" /> + </message> + <message name="GetBPKRequest"> + <part element="szr:GetBPK" name="parameters" /> + </message> + <message name="GetBPKResponse"> + <part element="szr:GetBPKResponse" name="parameters" /> + </message> + <message name="GetBPKsRequest"> + <part element="szr:GetBPKs" name="parameters" /> + </message> + <message name="GetBPKsResponse"> + <part element="szr:GetBPKsResponse" name="parameters" /> + </message> + <message name="GetBPKKombiRequest"> + <part element="szr:GetBPKKombi" name="parameters" /> + </message> + <message name="GetBPKKombiResponse"> + <part element="szr:GetBPKKombiResponse" name="parameters" /> + </message> + <message name="GetBPKZPVRequest"> + <part element="szr:GetBPKZPV" name="parameters" /> + </message> + <message name="GetBPKZPVResponse"> + <part element="szr:GetBPKZPVResponse" name="parameters" /> + </message> + <message name="GetBPKFromStammzahlEncryptedRequest"> + <part element="szr:GetBPKFromStammzahlEncrypted" name="parameters" /> + </message> + <message name="GetBPKFromStammzahlEncryptedResponse"> + <part element="szr:GetBPKFromStammzahlEncryptedResponse" name="parameters" /> + </message> + <message name="SignContentRequest"> + <part element="szr:SignContent" name="parameters" /> + </message> + <message name="SignContentResponse"> + <part element="szr:SignContentResponse" name="parameters" /> + </message> + <message name="BPKzuBasiszahlRequest"> + <part element="szr:BPKzuBasiszahl" name="parameters" /> + </message> + <message name="BPKzuBasiszahlResponse"> + <part element="szr:BPKzuBasiszahlResponse" name="parameters" /> + </message> + <message name="BasiszahlZuBPKRequest"> + <part element="szr:BasiszahlZuBPK" name="parameters" /> + </message> + <message name="BasiszahlZuBPKResponse"> + <part element="szr:BasiszahlZuBPKResponse" name="parameters" /> + </message> + <message name="ValidateIdentityLinkRequest"> + <part element="szr:ValidateIdentityLink" name="parameters" /> + </message> + <message name="ValidateIdentityLinkResponse"> + <part element="szr:ValidateIdentityLinkResponse" name="parameters" /> + </message> + <message name="TransformBPKRequest"> + <part element="szr:TransformBPK" name="parameters" /> + </message> + <message name="TransformBPKResponse"> + <part element="szr:TransformBPKResponse" name="parameters" /> + </message> + <message name="GetVKZPermissionRequest"> + <part element="szr:GetVKZPermission" name="parameters" /> + </message> + <message name="GetVKZPermissionResponse"> + <part element="szr:GetVKZPermissionResponse" name="parameters" /> + </message> + <message name="ZMRAnwendungsIntegrationRequest"> + <part element="szr:ZMRAnwendungsIntegration" name="parameters" /> + </message> + <message name="ZMRAnwendungsIntegrationResponse"> + <part element="szr:ZMRAnwendungsIntegrationResponse" name="parameters" /> + </message> + <message name="GetStammzahlRequest"> + <part element="szr:GetStammzahl" name="parameters" /> + </message> + <message name="GetStammzahlResponse"> + <part element="szr:GetStammzahlResponse" name="parameters" /> + </message> + <message name="GetStammzahlEncryptedRequest"> + <part element="szr:GetStammzahlEncrypted" name="parameters" /> + </message> + <message name="GetStammzahlEncryptedResponse"> + <part element="szr:GetStammzahlEncryptedResponse" name="parameters" /> + </message> + <message name="GetVersionRequest"> + <part element="szr:GetVersion" name="parameters" /> + </message> + <message name="GetVersionResponse"> + <part element="szr:GetVersionResponse" name="parameters" /> + </message> + <message name="SZRException"> + <part element="szr:SZRException" name="fault" /> + </message> + <portType name="SZR"> + <operation name="GetIdentityLink"> + <input message="szr:GetIdentityLinkRequest" name="GetIdentityLinkRequest" /> + <output message="szr:GetIdentityLinkResponse" name="GetIdentityLinkResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetIdentityLinkEidas"> + <input message="szr:GetIdentityLinkEidasRequest" name="GetIdentityLinkEidasRequest" /> + <output message="szr:GetIdentityLinkEidasResponse" name="GetIdentityLinkEidasResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPK"> + <jaxws:bindings xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"> + <jaxws:enableWrapperStyle>false</jaxws:enableWrapperStyle> + </jaxws:bindings> + <input message="szr:GetBPKRequest" name="GetBPKRequest" /> + <output message="szr:GetBPKResponse" name="GetBPKResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPKs"> + <input message="szr:GetBPKsRequest" name="GetBPKsRequest" /> + <output message="szr:GetBPKsResponse" name="GetBPKsResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPKKombi"> + <input message="szr:GetBPKKombiRequest" name="GetBPKKombiRequest" /> + <output message="szr:GetBPKKombiResponse" name="GetBPKKombiResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPKZPV"> + <input message="szr:GetBPKZPVRequest" name="GetBPKZPVRequest" /> + <output message="szr:GetBPKZPVResponse" name="GetBPKZPVResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPKFromStammzahlEncrypted"> + <input message="szr:GetBPKFromStammzahlEncryptedRequest" name="GetBPKFromStammzahlEncryptedRequest" /> + <output message="szr:GetBPKFromStammzahlEncryptedResponse" name="GetBPKFromStammzahlEncryptedResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="SignContent"> + <input message="szr:SignContentRequest" name="SignContentRequest" /> + <output message="szr:SignContentResponse" name="SignContentResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="ValidateIdentityLink"> + <input message="szr:ValidateIdentityLinkRequest" name="ValidateIdentityLinkRequest" /> + <output message="szr:ValidateIdentityLinkResponse" name="ValidateIdentityLinkResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="TransformBPK"> + <input message="szr:TransformBPKRequest" name="TransformBPKRequest" /> + <output message="szr:TransformBPKResponse" name="TransformBPKResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetVKZPermission"> + <input message="szr:GetVKZPermissionRequest" name="GetVKZPermissionRequest" /> + <output message="szr:GetVKZPermissionResponse" name="GetVKZPermissionResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="BPKzuBasiszahl"> + <input message="szr:BPKzuBasiszahlRequest" name="BPKzuBasiszahlRequest" /> + <output message="szr:BPKzuBasiszahlResponse" name="BPKzuBasiszahlResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="BasiszahlZuBPK"> + <input message="szr:BasiszahlZuBPKRequest" name="BasiszahlZuBPKRequest" /> + <output message="szr:BasiszahlZuBPKResponse" name="BasiszahlZuBPKResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="ZMRAnwendungsIntegration"> + <input message="szr:ZMRAnwendungsIntegrationRequest" name="ZMRAnwendungsIntegrationRequest" /> + <output message="szr:ZMRAnwendungsIntegrationResponse" name="ZMRAnwendungsIntegrationResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetStammzahl"> + <input message="szr:GetStammzahlRequest" name="GetStammzahlRequest" /> + <output message="szr:GetStammzahlResponse" name="GetStammzahlResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetStammzahlEncrypted"> + <input message="szr:GetStammzahlEncryptedRequest" name="GetStammzahlEncryptedRequest" /> + <output message="szr:GetStammzahlEncryptedResponse" name="GetStammzahlEncryptedResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetVersion"> + <input message="szr:GetVersionRequest" name="GetVersionRequest" /> + <output message="szr:GetVersionResponse" name="GetVersionResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + </portType> + <binding name="SZRSoapBinding" type="szr:SZR"> + <wsdlsoap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" /> + <operation name="GetIdentityLink"> + <wsdlsoap:operation soapAction="" /> + <input name="GetIdentityLinkRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetIdentityLinkResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetIdentityLinkEidas"> + <wsdlsoap:operation soapAction="" /> + <input name="GetIdentityLinkEidasRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetIdentityLinkEidasResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPK"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPKs"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKsRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKsResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPKKombi"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKKombiRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKKombiResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPKZPV"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKZPVRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKZPVResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPKFromStammzahlEncrypted"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKFromStammzahlEncryptedRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKFromStammzahlEncryptedResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="SignContent"> + <wsdlsoap:operation soapAction="" /> + <input name="SignContentRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="SignContentResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetVKZPermission"> + <wsdlsoap:operation soapAction="" /> + <input name="GetVKZPermissionRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetVKZPermissionResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="ValidateIdentityLink"> + <wsdlsoap:operation soapAction="" /> + <input name="ValidateIdentityLinkRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="ValidateIdentityLinkResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="TransformBPK"> + <wsdlsoap:operation soapAction="" /> + <input name="TransformBPKRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="TransformBPKResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="BPKzuBasiszahl"> + <wsdlsoap:operation soapAction="" /> + <input name="BPKzuBasiszahlRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="BPKzuBasiszahlResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="BasiszahlZuBPK"> + <wsdlsoap:operation soapAction="" /> + <input name="BasiszahlZuBPKRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="BasiszahlZuBPKResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="ZMRAnwendungsIntegration"> + <wsdlsoap:operation soapAction="" /> + <input name="ZMRAnwendungsIntegrationRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="ZMRAnwendungsIntegrationResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetStammzahl"> + <wsdlsoap:operation soapAction="" /> + <input name="GetStammzahlRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetStammzahlResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetStammzahlEncrypted"> + <wsdlsoap:operation soapAction="" /> + <input name="GetStammzahlEncryptedRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetStammzahlEncryptedResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetVersion"> + <wsdlsoap:operation soapAction="" /> + <input name="GetVersionRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetVersionResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + </binding> + <service name="SZRService"> + <port binding="szr:SZRSoapBinding" name="SZRBusinesspartnerTestumgebung"> + <wsdlsoap:address location="https://pvawp.bmi.gv.at/at.gv.bmi.szrsrv-b/services/SZR" /> + </port> + <port binding="szr:SZRSoapBinding" name="SZRTestumgebung"> + <wsdlsoap:address location="https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services-T/services/SZR" /> + </port> + <port binding="szr:SZRSoapBinding" name="SZRProduktionsumgebung"> + <wsdlsoap:address location="https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services/services/SZR" /> + </port> + </service> +</definitions>
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp1.xsd b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp1.xsd new file mode 100644 index 00000000..09c0b1e3 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp1.xsd @@ -0,0 +1,133 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v2004 rel. 2 U (http://www.xmlspy.com) by BM (Bundeskanzleramt) --> +<!-- PVP Schema 1.8.10 --> +<!-- pvpToken wird über das Element <Security> aus der Spezifikation WS-Security in den SOAP-Header eingebunden --> +<!--erstellt: rainer.hoerbe@bmi.gv.at 2004-04-30 --> +<!--geändert: rainer.hoerbe@beko.at 2007-04-04: Extensions Points definiert --> +<xs:schema targetNamespace="http://egov.gv.at/pvp1.xsd" xmlns="http://egov.gv.at/pvp1.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified"> + <xs:element name="pvpToken"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="pvpTokenType" /> + </xs:complexContent> + </xs:complexType> + </xs:element> + <xs:complexType name="pvpTokenType"> + <xs:sequence> + <xs:element name="authenticate"> + <xs:complexType> + <xs:sequence> + <xs:element name="participantId" type="xs:string" /> + <xs:element name="gvOuDomain" type="xs:string" minOccurs="0" maxOccurs="1" /> + <xs:choice> + <xs:element name="userPrincipal"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="pvpPrincipalType"> + <xs:sequence> + <xs:element name="gvGid" type="xs:string" /> + <xs:element name="mail" type="xs:string" minOccurs="0" maxOccurs="1" /> + <xs:element name="tel" type="xs:string" minOccurs="0" maxOccurs="1" /> + <xs:element name="bpk" type="xs:string" minOccurs="0" maxOccurs="1" /> + <xs:element name="gvFunction" type="xs:string" minOccurs="0" maxOccurs="1" /> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + <xs:element name="systemPrincipal" type="pvpPrincipalType" /> + </xs:choice> + <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"> + <xs:annotation> + <xs:documentation>additional authentication properties</xs:documentation> + </xs:annotation> + </xs:any> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="authorize" minOccurs="0" maxOccurs="1"> + <xs:complexType> + <xs:sequence> + <xs:sequence minOccurs="0"> + <xs:element name="gvOuId" type="xs:string" /> + <xs:element name="ou" type="xs:string" /> + </xs:sequence> + <xs:element name="role" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:any namespace="##any" processContents="skip" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + <xs:attribute name="value" type="xs:string" use="required" /> + </xs:complexType> + </xs:element> + <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"> + <xs:annotation> + <xs:documentation>additional authorization properties</xs:documentation> + </xs:annotation> + </xs:any> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="accounting" minOccurs="0"> + <xs:complexType> + <xs:sequence> + <xs:any processContents="skip" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="pvpChainedToken" type="pvpTokenType" minOccurs="0" /> + <xs:element name="pvpExtension" block="extension" minOccurs="0"> + <xs:complexType> + <xs:sequence> + <xs:any namespace="##any" processContents="skip" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + <xs:attribute name="version" type="gvVersionType" use="required" /> + <xs:anyAttribute namespace="##any" processContents="lax" /> + </xs:complexType> + <xs:complexType name="pvpPrincipalType"> + <xs:sequence> + <xs:element name="userId" type="xs:string" /> + <xs:element name="cn" type="xs:string" /> + <xs:element name="gvOuId" type="xs:string" /> + <xs:element name="ou" type="xs:string" /> + <xs:element name="gvOuOKZ" type="xs:string" minOccurs="0" /> <!-- steht auch in der pvp doku, fehlt aber im normalen pvp1.xsd --> + <xs:element name="gvSecClass" type="gvSecClassType" minOccurs="0" /> + <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"> + <xs:annotation> + <xs:documentation>additional principal attributes</xs:documentation> + </xs:annotation> + </xs:any> + </xs:sequence> + <xs:anyAttribute namespace="##any" processContents="lax" /> + </xs:complexType> + <xs:simpleType name="gvSecClassType"> + <xs:restriction base="xs:integer"> + <xs:enumeration value="0" /> + <xs:enumeration value="1" /> + <xs:enumeration value="2" /> + <xs:enumeration value="3" /> + </xs:restriction> + </xs:simpleType> + <xs:simpleType name="gvVersionType"> + <xs:restriction base="xs:string"> + <xs:enumeration value="1.0" /> + <xs:enumeration value="1.1" /> + <xs:enumeration value="1.2" /> + <xs:enumeration value="1.8" /> + <xs:enumeration value="1.9" /> + </xs:restriction> + </xs:simpleType> + <xs:simpleType name="logLevelType"> + <xs:restriction base="xs:integer"> + <xs:enumeration value="0" /> + <xs:enumeration value="1" /> + <xs:enumeration value="2" /> + <xs:enumeration value="3" /> + <xs:enumeration value="4" /> + <xs:enumeration value="5" /> + </xs:restriction> + </xs:simpleType> +</xs:schema> diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp19.xsd b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp19.xsd new file mode 100644 index 00000000..596a2b99 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp19.xsd @@ -0,0 +1,133 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v2004 rel. 2 U (http://www.xmlspy.com) by BM (Bundeskanzleramt) --> +<!-- PVP Schema 1.8.10 --> +<!-- pvpToken wird über das Element <Security> aus der Spezifikation WS-Security in den SOAP-Header eingebunden --> +<!--erstellt: rainer.hoerbe@bmi.gv.at 2004-04-30 --> +<!--geändert: rainer.hoerbe@beko.at 2007-04-04: Extensions Points definiert --> +<xs:schema targetNamespace="http://egov.gv.at/pvp1.xsd" xmlns="http://egov.gv.at/pvp1.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified"> + <xs:element name="pvpToken"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="pvpTokenType" /> + </xs:complexContent> + </xs:complexType> + </xs:element> + <xs:complexType name="pvpTokenType"> + <xs:sequence> + <xs:element name="authenticate"> + <xs:complexType> + <xs:sequence> + <xs:element name="participantId" type="xs:string" /> + <xs:element name="gvOuDomain" type="xs:string" minOccurs="0" maxOccurs="1" /> + <xs:choice> + <xs:element name="userPrincipal"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="pvpPrincipalType"> + <xs:sequence> + <xs:element name="gvGid" type="xs:string" /> + <xs:element name="mail" type="xs:string" minOccurs="0" maxOccurs="1" /> + <xs:element name="tel" type="xs:string" minOccurs="0" maxOccurs="1" /> + <xs:element name="bpk" type="xs:string" minOccurs="0" maxOccurs="1" /> + <xs:element name="gvFunction" type="xs:string" minOccurs="0" maxOccurs="1" /> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + <xs:element name="systemPrincipal" type="pvpPrincipalType" /> + </xs:choice> + <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"> + <xs:annotation> + <xs:documentation>additional authentication properties</xs:documentation> + </xs:annotation> + </xs:any> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="authorize" minOccurs="0" maxOccurs="1"> + <xs:complexType> + <xs:sequence> + <xs:sequence minOccurs="0"> + <xs:element name="gvOuId" type="xs:string" /> + <xs:element name="ou" type="xs:string" /> + </xs:sequence> + <xs:element name="role" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:any namespace="##any" processContents="skip" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + <xs:attribute name="value" type="xs:string" use="required" /> + </xs:complexType> + </xs:element> + <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"> + <xs:annotation> + <xs:documentation>additional authorization properties</xs:documentation> + </xs:annotation> + </xs:any> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="accounting" minOccurs="0"> + <xs:complexType> + <xs:sequence> + <xs:any processContents="skip" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="pvpChainedToken" type="pvpTokenType" minOccurs="0" /> + <xs:element name="pvpExtension" block="extension" minOccurs="0"> + <xs:complexType> + <xs:sequence> + <xs:any namespace="##any" processContents="skip" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + <xs:attribute name="version" type="gvVersionType" use="required" /> + <xs:anyAttribute namespace="##any" processContents="lax" /> + </xs:complexType> + <xs:complexType name="pvpPrincipalType"> + <xs:sequence> + <xs:element name="userId" type="xs:string" /> + <xs:element name="cn" type="xs:string" /> + <xs:element name="gvOuId" type="xs:string" /> + <xs:element name="ou" type="xs:string" /> + <xs:element name="gvOuOKZ" type="xs:string" minOccurs="0" /> + <xs:element name="gvSecClass" type="gvSecClassType" minOccurs="0" /> + <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"> + <xs:annotation> + <xs:documentation>additional principal attributes</xs:documentation> + </xs:annotation> + </xs:any> + </xs:sequence> + <xs:anyAttribute namespace="##any" processContents="lax" /> + </xs:complexType> + <xs:simpleType name="gvSecClassType"> + <xs:restriction base="xs:integer"> + <xs:enumeration value="0" /> + <xs:enumeration value="1" /> + <xs:enumeration value="2" /> + <xs:enumeration value="3" /> + </xs:restriction> + </xs:simpleType> + <xs:simpleType name="gvVersionType"> + <xs:restriction base="xs:string"> + <xs:enumeration value="1.0" /> + <xs:enumeration value="1.1" /> + <xs:enumeration value="1.2" /> + <xs:enumeration value="1.8" /> + <xs:enumeration value="1.9" /> + </xs:restriction> + </xs:simpleType> + <xs:simpleType name="logLevelType"> + <xs:restriction base="xs:integer"> + <xs:enumeration value="0" /> + <xs:enumeration value="1" /> + <xs:enumeration value="2" /> + <xs:enumeration value="3" /> + <xs:enumeration value="4" /> + <xs:enumeration value="5" /> + </xs:restriction> + </xs:simpleType> +</xs:schema> diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr.xsd b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr.xsd new file mode 100644 index 00000000..85acfb65 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr.xsd @@ -0,0 +1,388 @@ +<xs:schema elementFormDefault="qualified" targetNamespace="urn:SZRServices" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:pd="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:szr="urn:SZRServices" xmlns:xs="http://www.w3.org/2001/XMLSchema"> + <xs:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" /> + <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" /> + <xs:element name="SZRException" type="szr:SZRException" /> + <xs:complexType name="SZRException" /> + <xs:complexType name="PersonInfoType"> + <xs:sequence> + <xs:element name="Person" type="pd:PhysicalPersonType" /> + <xs:element minOccurs="0" name="RegularDomicile" type="pd:PostalAddressType" /> + <xs:element minOccurs="0" name="AddressCodes" type="szr:AddressCodesType" /> + <xs:element minOccurs="0" name="TravelDocument" type="szr:TravelDocumentType" /> + <xs:element minOccurs="0" name="DateOfBirthWildcard" type="xs:boolean" /> + <xs:element minOccurs="0" name="AuskunftssperreGesetzt" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="TravelDocumentType"> + <xs:sequence> + <xs:element minOccurs="0" name="DocumentNumber" type="xs:string" /> + <xs:element minOccurs="0" name="DocumentType" type="xs:string" /> + <xs:element minOccurs="0" name="IssueDate" type="xs:string" /> + <xs:element minOccurs="0" name="IssuingAuthority" type="xs:string" /> + <xs:element minOccurs="0" name="IssuingCountry" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="AddressCodesType"> + <xs:sequence> + <xs:element minOccurs="0" name="GKZ" type="xs:string" /> + <xs:element minOccurs="0" name="OKZ" type="xs:string" /> + <xs:element minOccurs="0" name="SKZ" type="xs:string" /> + <xs:element minOccurs="0" name="ADRCD" type="xs:string" /> + <xs:element minOccurs="0" name="SUBCD" type="xs:string" /> + <xs:element minOccurs="0" name="OBJNR" type="xs:string" /> + <xs:element minOccurs="0" name="NTZLNR" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:element name="TransformBPK"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element name="InputBPK" type="xs:string" /> + <xs:element name="InputBereichsKennung" type="xs:string" /> + <xs:element name="Begruendung" type="xs:string" /> + <xs:element maxOccurs="unbounded" name="Target" type="szr:FremdBPKRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="TransformBPKResponse"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="TransformBPKReturn" type="szr:FremdBPKType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetVKZPermission"> + <xs:complexType> + <xs:sequence> + <xs:element name="VKZ" type="xs:string" /> + <xs:element name="BereichsKennung" type="xs:string" /> + <xs:element minOccurs="0" name="ParticipantId" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetVKZPermissionResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetVKZPermissionReturn" type="szr:GetVKZPermissionResponseType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="IdentityLinkType"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element name="Assertion" type="xs:anyType" /> + <xs:element minOccurs="0" name="AdditionalInfo" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="ResultRecord"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element name="Register" type="xs:string" /> + <xs:element name="bPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPK" type="szr:FremdBPKType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKKombiRequestType"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="0" name="InsertERnP"> + <xs:simpleType> + <xs:restriction base="xs:string"> + <xs:enumeration value="NoInsert" /> + <xs:enumeration value="InsertOnNoMatch" /> + <xs:enumeration value="ForceInsert" /> + </xs:restriction> + </xs:simpleType> + </xs:element> + <xs:element minOccurs="0" name="Suchwizard" type="xs:boolean" /> + <xs:element name="VKZ" type="xs:string" nillable="true" /> + <xs:element minOccurs="0" name="BehoerdenKennzeichen" type="xs:string" /> + <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" /> + <xs:element minOccurs="0" name="Sessionid" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKKombiResponseType"> + <xs:complexContent> + <xs:extension base="szr:GetBPKZPVResponseType"> + <xs:sequence> + <xs:element name="FoundWithSuchwizard" type="xs:boolean" /> + <xs:element name="Sessionid" type="xs:string" /> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + <xs:complexType name="GetBPKZPVRequestType"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="0" name="InsertERnP" type="xs:boolean" default="false" /> + <xs:element minOccurs="1" name="VKZ" type="xs:string" /> + <xs:element minOccurs="0" name="BehoerdenKennzeichen" type="xs:string" /> + <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKZPVResponseType"> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="ResultRecord" type="szr:ResultRecord" /> + <xs:element name="InsertERnPResult" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKFromStammzahlEncryptedRequestType"> + <xs:sequence> + <xs:element minOccurs="1" name="StammzahlEncrypted" type="xs:string" /> + <xs:element minOccurs="0" name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="1" name="VKZ" type="xs:string" /> + <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKFromStammzahlEncryptedResponseType"> + <xs:sequence> + <xs:element minOccurs="0" name="bPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPK" type="szr:FremdBPKType" /> + </xs:sequence> + </xs:complexType> + <xs:element name="GetIdentityLink"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element maxOccurs="unbounded" name="KeyValue" type="dsig:KeyValueType" /> + <xs:element minOccurs="0" name="InsertERnP" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetIdentityLinkResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetIdentityLinkReturn" type="szr:IdentityLinkType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPK"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" /> + <xs:element minOccurs="0" name="VKZ" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" /> + <xs:element minOccurs="0" name="ListMultiplePersons" type="xs:boolean" /> + <xs:element minOccurs="0" name="InsertERnP" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKResponse"> + <xs:complexType> + <xs:sequence> + <xs:element minOccurs="0" name="GetBPKReturn" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPK" type="szr:FremdBPKType" /> + <xs:element maxOccurs="5" minOccurs="0" name="PersonInfo" type="szr:PersonInfoType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKs"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" /> + <xs:element name="VKZ" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKsResponse"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="ResultRecord" type="szr:GetBPKsResponseType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="GetBPKsResponseType"> + <xs:sequence> + <xs:element minOccurs="0" name="BPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPK" type="szr:FremdBPKType" /> + <xs:element minOccurs="0" name="Fault"> + <xs:complexType> + <xs:attribute name="Code" type="xs:string" /> + <xs:attribute name="String" type="xs:string" /> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + <xs:element name="GetBPKKombi"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKKombiRequest" type="szr:GetBPKKombiRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKKombiResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKKombiResponse" type="szr:GetBPKKombiResponseType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKZPV"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKZPVRequest" type="szr:GetBPKZPVRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKZPVResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKZPVResponse" type="szr:GetBPKZPVResponseType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKFromStammzahlEncrypted"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKFromStammzahlEncryptedRequest" type="szr:GetBPKFromStammzahlEncryptedRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKFromStammzahlEncryptedResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKFromStammzahlEncryptedResponse" type="szr:GetBPKFromStammzahlEncryptedResponseType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="ValidateIdentityLink"> + <xs:complexType> + <xs:sequence> + <xs:element name="IdentityLink" type="szr:IdentityLinkType" /> + <xs:element name="BereichsKennung" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="ValidateIdentityLinkResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="ValidateIdentityLinkReturn" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="BPKzuBasiszahl"> + <xs:complexType> + <xs:sequence> + <xs:element name="Bereich" type="xs:string" /> + <xs:element name="BPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" name="BasisZahl" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="BPKzuBasiszahlResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="BPKzuBasiszahlReturn" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="FremdBPKRequestType"> + <xs:sequence> + <xs:element name="BereichsKennung" type="xs:string" /> + <xs:element name="VKZ" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="FremdBPKType"> + <xs:sequence> + <xs:element name="BereichsKennung" type="xs:string" /> + <xs:element name="FremdBPK" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetVKZPermissionResponseType"> + <xs:sequence> + <xs:element name="isAllowed" type="xs:boolean" /> + <xs:element minOccurs="0" name="behSchluessel" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:element name="BasiszahlZuBPK"> + <xs:complexType> + <xs:sequence> + <xs:element minOccurs="0" name="VKZ" type="xs:string" /> + <xs:element maxOccurs="unbounded" name="BasisZahl" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Bereich" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPKTargets" type="szr:FremdBPKRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="BasiszahlZuBPKReturnType"> + <xs:sequence> + <xs:element maxOccurs="unbounded" minOccurs="0" name="BPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPKs" type="szr:FremdBPKType" /> + </xs:sequence> + </xs:complexType> + <xs:element name="BasiszahlZuBPKResponse"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="BasiszahlZuBPKReturn" type="szr:BasiszahlZuBPKReturnType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="ZMRAnwendungsIntegration"> + <xs:complexType> + <xs:sequence> + <xs:element name="Bereich" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPKTargets" type="szr:FremdBPKRequestType" /> + <xs:element maxOccurs="unbounded" name="ZMRfremdbPK" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="ZMRAnwendungsIntegrationReturnType"> + <xs:sequence> + <xs:element name="BPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPKs" type="szr:FremdBPKType" /> + </xs:sequence> + </xs:complexType> + <xs:element name="ZMRAnwendungsIntegrationResponse"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="ZMRAnwendungsIntegrationReturn" type="szr:ZMRAnwendungsIntegrationReturnType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahl"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahlResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="Stammzahl" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahlEncrypted"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="0" name="InsertERnP" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahlEncryptedResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="Stammzahl" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetVersion" /> + <xs:element name="GetVersionResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="Version" type="xs:string" /> + <xs:element name="Revision" type="xs:string" /> + <xs:element name="Time" type="xs:string" /> + <xs:element name="IdentityLinkNotAfter" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> +</xs:schema>
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_ecdsa.xsd b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_ecdsa.xsd new file mode 100644 index 00000000..87ee80be --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_ecdsa.xsd @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xs:schema elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema" + targetNamespace="http://www.w3.org/2001/04/xmldsig-more#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#"> + <xs:element name="ECDSAKeyValue" type="ecdsa:ECDSAKeyValueType" /> + <xs:complexType name="ECDSAKeyValueType"> + <xs:sequence> + <xs:element name="DomainParameters" type="ecdsa:DomainParamsType" + minOccurs="0" /> + <xs:element name="PublicKey" type="ecdsa:ECPointType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="DomainParamsType"> + <xs:sequence> + <xs:element name="NamedCurve" minOccurs="0" + type="ecdsa:NamedCurveType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="NamedCurveType"> + <xs:attribute name="URN" type="xs:string" use="required" /> + </xs:complexType> + <xs:complexType name="ECPointType"> + <xs:sequence minOccurs="0"> + <xs:element name="X" type="ecdsa:PrimeFieldElemType" /> + <xs:element name="Y" type="ecdsa:PrimeFieldElemType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="PrimeFieldElemType"> + <xs:attribute name="Value" type="xs:string" use="required" /> + </xs:complexType> +</xs:schema>
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_persondata.xsd b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_persondata.xsd new file mode 100644 index 00000000..3c9ac932 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_persondata.xsd @@ -0,0 +1,54 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xs:schema elementFormDefault="qualified" xmlns:pd="http://reference.e-government.gv.at/namespace/persondata/20020228#" + targetNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xs="http://www.w3.org/2001/XMLSchema"> + <xs:complexType name="PhysicalPersonType"> + <xs:sequence> + <xs:element minOccurs="0" name="Identification" type="pd:IdentificationType" /> + <xs:element minOccurs="1" name="Name" type="pd:PersonNameType" /> + <xs:element minOccurs="0" name="AlternativeName" type="pd:AlternativeNameType" /> + <xs:element minOccurs="0" name="Sex" type="xs:string" /> + <xs:element minOccurs="0" name="DateOfBirth" type="xs:string" /> + <xs:element minOccurs="0" name="PlaceOfBirth" type="xs:string" /> + <xs:element minOccurs="0" name="CountryOfBirth" type="xs:string" /> + <xs:element minOccurs="0" name="Nationality" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="IdentificationType"> + <xs:sequence> + <xs:element minOccurs="0" name="Value" type="xs:string" /> + <xs:element minOccurs="0" name="Type" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="PersonNameType"> + <xs:sequence> + <xs:element minOccurs="0" name="PrefixedDegree" type="xs:string" /> + <xs:element name="GivenName" type="xs:string" nillable="true" /> + <xs:element name="FamilyName" type="xs:string" nillable="true" /> + <xs:element minOccurs="0" name="SuffixedDegree" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="AlternativeNameType"> + <xs:sequence> + <xs:element name="FamilyName" type="xs:string" nillable="true" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="PostalAddressType"> + <xs:sequence> + <xs:element minOccurs="0" name="PostalCode" type="xs:string" /> + <xs:element minOccurs="0" name="Municipality" type="xs:string" /> + <xs:element minOccurs="0" name="Locality" type="xs:string" /> + <xs:element minOccurs="0" name="StateCode3" type="xs:string" /> + <xs:element minOccurs="0" name="DeliveryAddress" type="pd:DeliveryAddressType" /> + <xs:element minOccurs="0" name="HistoricRecord" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="DeliveryAddressType"> + <xs:sequence> + <xs:element minOccurs="0" name="AddressLine" type="xs:string" /> + <xs:element minOccurs="0" name="StreetName" type="xs:string" /> + <xs:element minOccurs="0" name="BuildingNumber" type="xs:string" /> + <xs:element minOccurs="0" name="Unit" type="xs:string" /> + <xs:element minOccurs="0" name="DoorNumber" type="xs:string" /> + </xs:sequence> + </xs:complexType> +</xs:schema>
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_pvp_sec.xsd b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_pvp_sec.xsd new file mode 100644 index 00000000..5001c1b8 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_pvp_sec.xsd @@ -0,0 +1,10 @@ +<xs:schema xmlns:pvp="http://egov.gv.at/pvp1.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://schemas.xmlsoap.org/ws/2002/04/secext" elementFormDefault="qualified"> + <xs:import namespace="http://egov.gv.at/pvp1.xsd" schemaLocation="pvp19.xsd"/> + <xs:element name="Security"> + <xs:complexType> + <xs:sequence> + <xs:element ref="pvp:pvpToken"/> + </xs:sequence> + </xs:complexType> + </xs:element> +</xs:schema> diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-schemas.xml b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-schemas.xml new file mode 100644 index 00000000..d40efa45 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-schemas.xml @@ -0,0 +1,54 @@ +<?xml version="1.0" encoding="UTF-8"?> +<bindings version="2.0" xmlns="http://java.sun.com/xml/ns/jaxb" + xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" + xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc"> + + <bindings schemaLocation="../szr_v4/szr_v4.0.xsd"> + <bindings node="/xsd:schema"> + <schemaBindings> + <package name="at.gv.util.xsd.szr_v4" /> + </schemaBindings> + </bindings> + </bindings> + + <bindings schemaLocation="../szr/szr_ecdsa.xsd"> + <bindings node="/xsd:schema"> + <schemaBindings> + <package name="at.gv.util.xsd.szr.ecdsa" /> + </schemaBindings> + </bindings> + </bindings> + + <bindings schemaLocation="../szr_v4/szr_persondata.xsd"> + <bindings node="/xsd:schema"> + <schemaBindings> + <package name="at.gv.util.xsd.szr.persondata" /> + </schemaBindings> + </bindings> + </bindings> + + <bindings schemaLocation="../szr_v4/szr_pvp_sec.xsd"> + <bindings node="/xsd:schema"> + <schemaBindings> + <package name="at.gv.util.xsd.szr.pvp19.sec" /> + </schemaBindings> + </bindings> + </bindings> + + <bindings schemaLocation="../szr_v4/pvp19.xsd"> + <bindings node="/xsd:schema"> + <schemaBindings> + <package name="at.gv.util.xsd.szr.pvp19" /> + </schemaBindings> + </bindings> + </bindings> + + <bindings schemaLocation="../szr/szr_xmldsig.xsd"> + <bindings node="/xsd:schema"> + <schemaBindings> + <package name="at.gv.util.xsd.szr.xmldsig" /> + </schemaBindings> + </bindings> + </bindings> + +</bindings>
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-wsdl.xml b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-wsdl.xml new file mode 100644 index 00000000..f95c35f0 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-wsdl.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<bindings xmlns="http://java.sun.com/xml/ns/jaxws" + xmlns:jaxb="http://java.sun.com/xml/ns/jaxb" + xmlns:xsd="http://www.w3.org/2001/XMLSchema" + xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"> + + <enableWrapperStyle>false</enableWrapperStyle> + <package name="at.gv.util.wsdl.szr_v4"/> + +</bindings>
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0.xsd b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0.xsd new file mode 100644 index 00000000..2d25f2dc --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0.xsd @@ -0,0 +1,443 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:szr="urn:SZRServices" xmlns:pd="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="urn:SZRServices" elementFormDefault="qualified"> + <xs:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="szr_persondata.xsd"/> + <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="szr_xmldsig.xsd"/> + <xs:element name="SZRException" type="szr:SZRException"/> + <xs:complexType name="SZRException"/> + <xs:complexType name="PersonInfoType"> + <xs:sequence> + <xs:element name="Person" type="pd:PhysicalPersonType"/> + <xs:element name="RegularDomicile" type="pd:PostalAddressType" minOccurs="0"/> + <xs:element name="AddressCodes" type="szr:AddressCodesType" minOccurs="0"/> + <xs:element name="TravelDocument" type="szr:TravelDocumentType" minOccurs="0"/> + <xs:element name="DateOfBirthWildcard" type="xs:boolean" minOccurs="0"/> + <xs:element name="AuskunftssperreGesetzt" type="xs:boolean" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + <xs:complexType name="TravelDocumentType"> + <xs:sequence> + <xs:element name="DocumentNumber" type="xs:string" minOccurs="0"/> + <xs:element name="DocumentType" type="xs:string" minOccurs="0"/> + <xs:element name="IssueDate" type="xs:string" minOccurs="0"/> + <xs:element name="IssuingAuthority" type="xs:string" minOccurs="0"/> + <xs:element name="IssuingCountry" type="xs:string" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + <xs:complexType name="AddressCodesType"> + <xs:sequence> + <xs:element name="GKZ" type="xs:string" minOccurs="0"/> + <xs:element name="OKZ" type="xs:string" minOccurs="0"/> + <xs:element name="SKZ" type="xs:string" minOccurs="0"/> + <xs:element name="ADRCD" type="xs:string" minOccurs="0"/> + <xs:element name="SUBCD" type="xs:string" minOccurs="0"/> + <xs:element name="OBJNR" type="xs:string" minOccurs="0"/> + <xs:element name="NTZLNR" type="xs:string" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + <xs:element name="TransformBPK"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType"/> + <xs:element name="InputBPK" type="xs:string"/> + <xs:element name="InputBereichsKennung" type="xs:string"/> + <xs:element name="Begruendung" type="xs:string"/> + <xs:element name="Target" type="szr:FremdBPKRequestType" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="TransformBPKResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="TransformBPKReturn" type="szr:FremdBPKType" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetVKZPermission"> + <xs:complexType> + <xs:sequence> + <xs:element name="VKZ" type="xs:string"/> + <xs:element name="BereichsKennung" type="xs:string"/> + <xs:element name="ParticipantId" type="xs:string" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetVKZPermissionResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetVKZPermissionReturn" type="szr:GetVKZPermissionResponseType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="IdentityLinkType"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType"/> + <xs:element name="Assertion" type="xs:anyType"/> + <xs:element name="AdditionalInfo" type="xs:string" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + <xs:complexType name="ResultRecord"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType"/> + <xs:element name="Register" type="xs:string"/> + <xs:element name="bPK" type="xs:string"/> + <xs:element name="FremdBPK" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKKombiRequestType"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType"/> + <xs:element name="InsertERnP" minOccurs="0"> + <xs:simpleType> + <xs:restriction base="xs:string"> + <xs:enumeration value="NoInsert"/> + <xs:enumeration value="InsertOnNoMatch"/> + <xs:enumeration value="ForceInsert"/> + </xs:restriction> + </xs:simpleType> + </xs:element> + <xs:element name="Suchwizard" type="xs:boolean" minOccurs="0"/> + <xs:element name="VKZ" type="xs:string" nillable="true"/> + <xs:element name="BehoerdenKennzeichen" type="xs:string" minOccurs="0"/> + <xs:element name="BereichsKennung" type="xs:string" minOccurs="0"/> + <xs:element name="Target" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="Sessionid" type="xs:string" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKKombiResponseType"> + <xs:complexContent> + <xs:extension base="szr:GetBPKZPVResponseType"> + <xs:sequence> + <xs:element name="FoundWithSuchwizard" type="xs:boolean"/> + <xs:element name="Sessionid" type="xs:string"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + <xs:complexType name="GetBPKZPVRequestType"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType"/> + <xs:element name="InsertERnP" type="xs:boolean" default="false" minOccurs="0"/> + <xs:element name="VKZ" type="xs:string" minOccurs="1"/> + <xs:element name="BehoerdenKennzeichen" type="xs:string" minOccurs="0"/> + <xs:element name="BereichsKennung" type="xs:string" minOccurs="0"/> + <xs:element name="Target" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKZPVResponseType"> + <xs:sequence> + <xs:element name="ResultRecord" type="szr:ResultRecord" maxOccurs="unbounded"/> + <xs:element name="InsertERnPResult" type="xs:boolean"/> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKFromStammzahlEncryptedRequestType"> + <xs:sequence> + <xs:element name="StammzahlEncrypted" type="xs:string" minOccurs="1"/> + <xs:element name="PersonInfo" type="szr:PersonInfoType" minOccurs="0"/> + <xs:element name="VKZ" type="xs:string" minOccurs="1"/> + <xs:element name="BereichsKennung" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="Target" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="key"/> + </xs:complexType> + <xs:complexType name="GetBPKFromStammzahlEncryptedResponseType"> + <xs:sequence> + <xs:element name="bPK" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="FremdBPK" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="Fault" type="szr:Fault" minOccurs="0"/> + </xs:sequence> + <xs:attribute name="key"/> + </xs:complexType> + <xs:complexType name="Fault"> + <xs:attribute name="Code" type="xs:string"/> + <xs:attribute name="String" type="xs:string"/> + </xs:complexType> + <xs:complexType name="SignContentResponseType"> + <xs:sequence> + <xs:element name="JwsAlg" type="xs:string" minOccurs="0"/> + <xs:element name="Out" type="szr:SignContentEntry" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + <xs:complexType name="SignContentEntry"> + <xs:simpleContent> + <xs:extension base="xs:string"> + <xs:attribute name="key"/> + </xs:extension> + </xs:simpleContent> + </xs:complexType> + <xs:element name="GetIdentityLink"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType"/> + <xs:element name="KeyValue" type="dsig:KeyValueType" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="InsertERnP" type="xs:boolean" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetIdentityLinkResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetIdentityLinkReturn" type="szr:IdentityLinkType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetIdentityLinkEidas"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetIdentityLinkEidasResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetIdentityLinkReturn" type="szr:IdentityLinkType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPK"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType"/> + <xs:element name="BereichsKennung" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="VKZ" type="xs:string" minOccurs="0"/> + <xs:element name="Target" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="ListMultiplePersons" type="xs:boolean" minOccurs="0"/> + <xs:element name="InsertERnP" type="xs:boolean" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKReturn" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="FremdBPK" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="PersonInfo" type="szr:PersonInfoType" minOccurs="0" maxOccurs="5"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKs"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" maxOccurs="unbounded"/> + <xs:element name="BereichsKennung" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="VKZ" type="xs:string"/> + <xs:element name="Target" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKsResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="ResultRecord" type="szr:GetBPKsResponseType" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="GetBPKsResponseType"> + <xs:sequence> + <xs:element name="BPK" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="FremdBPK" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="Fault" minOccurs="0"> + <xs:complexType> + <xs:attribute name="Code" type="xs:string"/> + <xs:attribute name="String" type="xs:string"/> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + <xs:element name="GetBPKKombi"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKKombiRequest" type="szr:GetBPKKombiRequestType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKKombiResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKKombiResponse" type="szr:GetBPKKombiResponseType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKZPV"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKZPVRequest" type="szr:GetBPKZPVRequestType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKZPVResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKZPVResponse" type="szr:GetBPKZPVResponseType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKFromStammzahlEncrypted"> + <xs:complexType> + <xs:sequence> + <xs:element name="In" type="szr:GetBPKFromStammzahlEncryptedRequestType" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKFromStammzahlEncryptedResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="Out" type="szr:GetBPKFromStammzahlEncryptedResponseType" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="SignContent"> + <xs:complexType> + <xs:sequence> + <xs:element name="AppendCert" type="xs:boolean" default="false" minOccurs="0"/> + <xs:element name="JWSHeaderParam" type="szr:JwsHeaderParam" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="In" type="szr:SignContentEntry" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="JwsHeaderParam"> + <xs:attribute name="key" type="xs:string" use="required"/> + <xs:attribute name="value" type="xs:string" use="required"/> + </xs:complexType> + <xs:element name="SignContentResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="SignContentResponse" type="szr:SignContentResponseType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="ValidateIdentityLink"> + <xs:complexType> + <xs:sequence> + <xs:element name="IdentityLink" type="szr:IdentityLinkType"/> + <xs:element name="BereichsKennung" type="xs:string"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="ValidateIdentityLinkResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="ValidateIdentityLinkReturn" type="xs:string"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="BPKzuBasiszahl"> + <xs:complexType> + <xs:sequence> + <xs:element name="Bereich" type="xs:string"/> + <xs:element name="BPK" type="xs:string"/> + <xs:element name="BasisZahl" type="xs:string" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="BPKzuBasiszahlResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="BPKzuBasiszahlReturn" type="xs:string"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="FremdBPKRequestType"> + <xs:sequence> + <xs:element name="BereichsKennung" type="xs:string"/> + <xs:element name="VKZ" type="xs:string"/> + </xs:sequence> + </xs:complexType> + <xs:complexType name="FremdBPKType"> + <xs:sequence> + <xs:element name="BereichsKennung" type="xs:string"/> + <xs:element name="FremdBPK" type="xs:string"/> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetVKZPermissionResponseType"> + <xs:sequence> + <xs:element name="isAllowed" type="xs:boolean"/> + <xs:element name="behSchluessel" type="xs:string" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + <xs:element name="BasiszahlZuBPK"> + <xs:complexType> + <xs:sequence> + <xs:element name="VKZ" type="xs:string" minOccurs="0"/> + <xs:element name="BasisZahl" type="xs:string" maxOccurs="unbounded"/> + <xs:element name="Bereich" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="FremdBPKTargets" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="BasiszahlZuBPKReturnType"> + <xs:sequence> + <xs:element name="BPK" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="FremdBPKs" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + <xs:element name="BasiszahlZuBPKResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="BasiszahlZuBPKReturn" type="szr:BasiszahlZuBPKReturnType" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="ZMRAnwendungsIntegration"> + <xs:complexType> + <xs:sequence> + <xs:element name="Bereich" type="xs:string"/> + <xs:element name="FremdBPKTargets" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="ZMRfremdbPK" type="xs:string" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="ZMRAnwendungsIntegrationReturnType"> + <xs:sequence> + <xs:element name="BPK" type="xs:string"/> + <xs:element name="FremdBPKs" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + <xs:element name="ZMRAnwendungsIntegrationResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="ZMRAnwendungsIntegrationReturn" type="szr:ZMRAnwendungsIntegrationReturnType" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahl"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahlResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="Stammzahl" type="xs:string"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahlEncrypted"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType"/> + <xs:element name="InsertERnP" type="xs:boolean" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahlEncryptedResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="Stammzahl" type="xs:string"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetVersion" nillable="true"/> + <xs:element name="GetVersionResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="Version" type="xs:string"/> + <xs:element name="Revision" type="xs:string"/> + <xs:element name="Time" type="xs:string"/> + <xs:element name="IdentityLinkNotAfter" type="xs:string"/> + </xs:sequence> + </xs:complexType> + </xs:element> +</xs:schema> diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_xmldsig.xsd b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_xmldsig.xsd new file mode 100644 index 00000000..96b50b40 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_xmldsig.xsd @@ -0,0 +1,31 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xs:schema elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" + targetNamespace="http://www.w3.org/2000/09/xmldsig#" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <xs:import namespace="http://www.w3.org/2001/04/xmldsig-more#" schemaLocation="szr_ecdsa.xsd"/> + <xs:complexType name="KeyValueType"> + <xs:sequence> + <xs:element name="DSAKeyValue" minOccurs="0" + type="dsig:DSAKeyValueType" /> + <xs:element name="RSAKeyValue" minOccurs="0" + type="dsig:RSAKeyValueType" /> + <xs:element ref="ecdsa:ECDSAKeyValue" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="DSAKeyValueType"> + <xs:sequence> + <xs:element name="P" minOccurs="0" type="xs:string" /> + <xs:element name="Q" minOccurs="0" type="xs:string" /> + <xs:element name="J" minOccurs="0" type="xs:string" /> + <xs:element name="G" minOccurs="0" type="xs:string" /> + <xs:element name="Y" minOccurs="0" type="xs:string" /> + <xs:element name="PgenCounter" minOccurs="0" type="xs:string" /> + <xs:element name="Seed" minOccurs="0" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="RSAKeyValueType"> + <xs:sequence> + <xs:element name="Modulus" minOccurs="0" type="xs:string" /> + <xs:element name="Exponent" minOccurs="0" type="xs:string" /> + </xs:sequence> + </xs:complexType> +</xs:schema> diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/templates/eidas_node_forward.html b/modules/authmodule-eIDAS-v2/src/main/resources/templates/eidas_node_forward.html new file mode 100644 index 00000000..186937d7 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/resources/templates/eidas_node_forward.html @@ -0,0 +1,36 @@ +<!DOCTYPE html> +<html xmlns:th="http://www.thymeleaf.org" + xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout" + layout:decorator="fragments/base" + th:with="lang=${#locale.language}" th:lang="${lang}"> +<head> + <script src="$contextPath/autocommit.js" + th:attr="src=@{/autocommit.js}"></script> +</head> +<body> + <noscript> + <p> + <strong>Note:</strong> Since your browser does not support + JavaScript, you must press the Continue button once to proceed. + </p> + </noscript> + + <div id="alert">Your login is being processed. Thank you for + waiting.</div> + + <form action="${endPoint}" method="post" target="_parent" + th:attr="action=@{${endPoint}}"> + <div> + <input type="hidden" name="${tokenName}" value="${tokenValue}" + th:attr="value=${tokenValue},name=${tokenName}" /> + </div> + <noscript> + <div> + <p>Your browser does not support JavaScript. Click the button to continuing the process .</p> + <input type="submit" value="Continue" /> + </div> + </noscript> + </form> + +</body> +</html>
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasAuthSpringResourceProviderTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasAuthSpringResourceProviderTest.java new file mode 100644 index 00000000..aef290f5 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasAuthSpringResourceProviderTest.java @@ -0,0 +1,56 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test; + +import java.io.IOException; +import java.io.InputStream; + +import org.apache.commons.io.IOUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; +import org.springframework.core.io.Resource; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasAuthenticationSpringResourceProvider; +import at.gv.egiz.eaaf.core.test.TestConstants; + + + +@RunWith(BlockJUnit4ClassRunner.class) +public class EidasAuthSpringResourceProviderTest { + + @Test + public void testSpringConfig() { + final EidasAuthenticationSpringResourceProvider test = + new EidasAuthenticationSpringResourceProvider(); + for (final Resource el : test.getResourcesToLoad()) { + try { + IOUtils.toByteArray(el.getInputStream()); + + } catch (final IOException e) { + Assert.fail("Ressouce: " + el.getFilename() + " not found"); + } + + } + + Assert.assertNotNull("no Name", test.getName()); + Assert.assertNull("Find package definitions", test.getPackagesToScan()); + + } + + @Test + public void testSpILoaderConfig() { + final InputStream el = this.getClass().getResourceAsStream(TestConstants.TEST_SPI_LOADER_PATH); + try { + final String spiFile = IOUtils.toString(el, "UTF-8"); + + Assert.assertEquals("Wrong classpath in SPI file", + EidasAuthenticationSpringResourceProvider.class.getName(), spiFile); + + + } catch (final IOException e) { + Assert.fail("Ressouce: " + TestConstants.TEST_SPI_LOADER_PATH + " not found"); + + } + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasAuthenticationModulImplTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasAuthenticationModulImplTest.java new file mode 100644 index 00000000..86af87ad --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasAuthenticationModulImplTest.java @@ -0,0 +1,121 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasAuthenticationModulImpl; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml"}) +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) +public class EidasAuthenticationModulImplTest { + + @Autowired ModuleRegistration moduleReg; + @Autowired ResourceLoader loader; + + private final ExecutionContext executionContext = new ExecutionContextImpl(); + private DummySpConfiguration oaParam; + private TestRequestImpl pendingReq; + private EidasAuthenticationModulImpl authProcess = new EidasAuthenticationModulImpl(); + + /** + * jUnit class initializer. + * + */ + @BeforeClass + public static void classInitializer() throws IOException { + final String current = new java.io.File(".").toURI().toString(); + System.setProperty("eidas.ms.configuration", current + "../../basicConfig/default_config.properties"); + + } + + /** + * jUnit test set-up. + * + */ + @Before + public void initialize() { + Map<String, String> configMap = new HashMap<String, String>(); + configMap.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "http://test.com/test"); + IConfiguration basicConfig = new DummyConfiguration(); + oaParam = new DummySpConfiguration(configMap, basicConfig); + pendingReq = new TestRequestImpl(); + pendingReq.setSpConfig(oaParam); + } + + @Test + public void checkProcessDefinition() { + Assert.assertNotNull("AuthModule is null", authProcess); + Assert.assertNotNull("AuthModule process is null", authProcess.getProcessDefinitions()); + + for (String el : authProcess.getProcessDefinitions()) { + Resource res = loader.getResource(el); + Assert.assertTrue("AuthProcess description not extist", res.exists()); + + } + } + + @Test + public void countrySelected() throws Exception { + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, RandomStringUtils.randomAlphanumeric(2)); + final String result = + moduleReg.selectProcess(executionContext, pendingReq); + Assert.assertNotNull("Process is null", result); + Assert.assertEquals("Process Id not match", "eIDASAuthentication_v2", result); + + } + + @Test + public void noCountryValid() throws Exception { + final String result = + moduleReg.selectProcess(executionContext, pendingReq); + + Assert.assertNull("Select wrong process", result); + + } + + @Test + public void selectCountryWrongType() throws Exception { + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, 1); + final String result = + moduleReg.selectProcess(executionContext, pendingReq); + Assert.assertNull("Select wrong process", result); + + } + + @Test + public void selectCountryEmpty() throws Exception { + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, ""); + final String result = + moduleReg.selectProcess(executionContext, pendingReq); + Assert.assertNull("Select wrong process", result); + + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasDataStoreTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasDataStoreTest.java new file mode 100644 index 00000000..1051bd9f --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasDataStoreTest.java @@ -0,0 +1,118 @@ +/* + * Copyright 2018 A-SIT Plus GmbH AT-specific eIDAS Connector has been developed + * in a cooperation between EGIZ, A-SIT Plus GmbH, A-SIT, and Graz University of + * Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. You may + * obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. The "NOTICE" text file + * is part of the distribution. Any derivative works that you distribute must + * include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test; + +//import java.security.MessageDigest; +// +//import org.apache.commons.lang3.StringUtils; +//import org.junit.Test; +//import org.junit.runner.RunWith; +//import org.springframework.beans.factory.annotation.Autowired; +//import org.springframework.test.context.ContextConfiguration; +//import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +//import org.springframework.util.Base64Utils; +// +//import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SQLiteServiceException; +//import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.eIDASAuthenticationException; +//import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.eIDASResponseUtils; +//import at.gv.egiz.eaaf.core.impl.data.Trible; +// +//@RunWith(SpringJUnit4ClassRunner.class) +//@ContextConfiguration("/SpringTest-context_basic_test.xml") +//public class EidasDataStoreTest { +// +// @Autowired +// private EidasDataStore dataStore; +// +// private static final String P1_TRANSID = "123456789"; +// private static final String P1_eIDASID = +// "DE/AT/121asdf1as5f1as6f1asd2f1asdf1asdf1asd23f1asdf1asdf4sd7fsdf1asdf1asd2f1asd56f7asdf4asdfasdf1"; +// +// private static final String P2_TRANSID = "987654321"; +// private static final String P2_eIDASID = +// "EE/AT/asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd"; +// +// @Test +// public void dummyTest() { +// +// } +// +// @Test +// public void insertTestOne() throws SQLiteServiceException, eIDASAuthenticationException { +// Trible<String, String, String> eidasId = eIDASResponseUtils.parseEidasPersonalIdentifier(P1_eIDASID); +// String ernbId = createHashFromUniqueId(eidasId.getThird()); +// dataStore.storeNationalId( +// P1_TRANSID, +// eidasId, +// ernbId); +// +// if (StringUtils.isEmpty(dataStore.getEidasRawNationalId(ernbId)) { +// && dataStore.getEidasRawNationalId(ernbId).equals(eidasId.getThird())) +// throw new SQLiteServiceException("No eIDAS RAW Id in SQLite DB", null); +// +// } +// +// if (StringUtils.isEmpty(dataStore.getErnbNationalId(eidasId)) { +// && dataStore.getErnbNationalId(eidasId).equals(ernbId)) +// throw new SQLiteServiceException("No ERnB Id in SQLite DB", null); +// } +// +// } +// +// @Test +// public void insertTestTwo() throws SQLiteServiceException, eIDASAuthenticationException { +// Trible<String, String, String> eidasId = eIDASResponseUtils.parseEidasPersonalIdentifier(P2_eIDASID); +// String ernbId = createHashFromUniqueId(eidasId.getThird()); +// dataStore.storeNationalId( +// P2_TRANSID, +// eidasId, +// ernbId); +// +// if (StringUtils.isEmpty(dataStore.getEidasRawNationalId(ernbId)) { +// && dataStore.getEidasRawNationalId(ernbId).equals(eidasId.getThird())) +// throw new SQLiteServiceException("No eIDAS RAW Id in SQLite DB", null); +// +// } +// +// if (StringUtils.isEmpty(dataStore.getErnbNationalId(eidasId)) { +// && dataStore.getErnbNationalId(eidasId).equals(ernbId)) +// throw new SQLiteServiceException("No ERnB Id in SQLite DB", null); +// +// } +// +// } +// +// private String createHashFromUniqueId(String uniqueId) throws eIDASAuthenticationException { +// try { +// MessageDigest md = MessageDigest.getInstance("SHA-256"); +// byte[] hash = md.digest(uniqueId.getBytes("UTF-8")); +// String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", ""); +// return hashBase64; +// +// } catch (Exception ex) { +// throw new eIDASAuthenticationException("internal.03", new Object[] {}, ex); +// +// } +// } +//} diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasSignalServletTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasSignalServletTest.java new file mode 100644 index 00000000..0d9d4fb8 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasSignalServletTest.java @@ -0,0 +1,244 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test; + +import static at.asitplus.eidas.specific.core.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; + +import java.io.IOException; +import java.net.URISyntaxException; +import java.util.Arrays; +import java.util.Base64; +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; +import org.springframework.web.servlet.config.annotation.EnableWebMvc; + +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummySpConfiguration; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyProtocolAuthService; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import eu.eidas.auth.commons.EidasParameterKeys; +import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse; +import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse.Builder; +import eu.eidas.auth.commons.tx.BinaryLightToken; +import eu.eidas.specificcommunication.exception.SpecificCommunicationException; + +@RunWith(SpringJUnit4ClassRunner.class) +@PrepareForTest(CreateIdentityLinkTask.class) +@DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml"}) +@EnableWebMvc +public class EidasSignalServletTest { + + @Autowired private MsConnectorDummyConfigMap basicConfig; + @Autowired private EidasSignalServlet controller; + @Autowired private IRequestStorage storage; + @Autowired private ITransactionStorage transStore; + @Autowired private DummyProtocolAuthService protAuthService; + @Autowired private DummySpecificCommunicationService connector; + + + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + private TestRequestImpl pendingReq; + private MsConnectorDummySpConfiguration oaParam; + + + /** + * jUnit test set-up. + */ + @Before + public void setUp() throws EaafStorageException, URISyntaxException { + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + final Map<String, String> spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); + spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); + spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true"); + oaParam = new MsConnectorDummySpConfiguration(spConfig, basicConfig); + oaParam.setLoa(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH)); + pendingReq = new TestRequestImpl(); + + pendingReq.setSpConfig(oaParam); + pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); + pendingReq.setAuthUrl("http://test.com/"); + pendingReq.setTransactionId("avaasbav"); + pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10)); + + connector.setiLightResponse(null); + + + } + + @Test + public void noResponsToken() throws IOException, EaafException { + //set-up + + //execute test + controller.restoreEidasAuthProcess(httpReq, httpResp); + + //validate state + Assert.assertNull("eIDAS response", httpReq.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE)); + Assert.assertNotNull("missing error", protAuthService.getException()); + Assert.assertEquals("Wrong errorId", "auth.26", + ((EaafException) protAuthService.getException()).getErrorId()); + + } + + @Test + public void unknownResponseToken() throws IOException, EaafException { + //set-up + httpReq.setParameter(EidasParameterKeys.TOKEN.toString(), + RandomStringUtils.randomAlphanumeric(10)); + + //execute test + controller.restoreEidasAuthProcess(httpReq, httpResp); + + //validate state + Assert.assertNull("eIDAS response", httpReq.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE)); + Assert.assertNotNull("missing error", protAuthService.getException()); + Assert.assertEquals("Wrong errorId", "auth.26", + ((EaafException) protAuthService.getException()).getErrorId()); + + } + + @Test + public void withRelayState() throws IOException, EaafException, SpecificCommunicationException { + //set-up + String relayState = RandomStringUtils.randomAlphanumeric(10); + pendingReq.setPendingReqId(relayState); + storage.storePendingRequest(pendingReq); + + Builder iLightResponse = new AuthenticationResponse.Builder(); + iLightResponse.id("_".concat(Random.nextHexRandom16())) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .subject(RandomStringUtils.randomAlphabetic(10)) + .statusCode(Constants.SUCCESS_URI) + .inResponseTo("_".concat(Random.nextHexRandom16())) + .subjectNameIdFormat("afaf") + .relayState(relayState); + + AuthenticationResponse eidasResp = iLightResponse.build(); + BinaryLightToken token = connector.putResponse(eidasResp); + httpReq.setParameter(EidasParameterKeys.TOKEN.toString(), + Base64.getEncoder().encodeToString(token.getTokenBytes())); + + + //execute test + controller.restoreEidasAuthProcess(httpReq, httpResp); + + + //validate state + Assert.assertNotNull("eIDAS response", httpReq.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE)); + Assert.assertEquals("wrong eIDAS response", eidasResp, + httpReq.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE)); + + Assert.assertNotNull("missing error", protAuthService.getException()); + Assert.assertEquals("Wrong errorId", "PendingRequest object is not of type 'RequestImpl.class'", + ((EaafException) protAuthService.getException()).getErrorId()); + + } + + @Test + public void withOutRelayStateMissingPendingReq() throws IOException, EaafException, SpecificCommunicationException { + //set-up + String pendingReqId = RandomStringUtils.randomAlphanumeric(10); + pendingReq.setPendingReqId(pendingReqId); + storage.storePendingRequest(pendingReq); + + String inResponseTo = "_".concat(Random.nextHexRandom16()); + + Builder iLightResponse = new AuthenticationResponse.Builder(); + iLightResponse.id("_".concat(Random.nextHexRandom16())) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .subject(RandomStringUtils.randomAlphabetic(10)) + .statusCode(Constants.SUCCESS_URI) + .inResponseTo(inResponseTo) + .subjectNameIdFormat("afaf"); + + AuthenticationResponse eidasResp = iLightResponse.build(); + BinaryLightToken token = connector.putResponse(eidasResp); + httpReq.setParameter(EidasParameterKeys.TOKEN.toString(), + Base64.getEncoder().encodeToString(token.getTokenBytes())); + + + //execute test + controller.restoreEidasAuthProcess(httpReq, httpResp); + + + //validate state + Assert.assertNull("eIDAS response", httpReq.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE)); + Assert.assertNotNull("missing error", protAuthService.getException()); + Assert.assertEquals("Wrong errorId", "auth.26", + ((EaafException) protAuthService.getException()).getErrorId()); + + } + + @Test + public void withInResponseToElement() throws IOException, EaafException, SpecificCommunicationException { + //set-up + String pendingReqId = RandomStringUtils.randomAlphanumeric(10); + pendingReq.setPendingReqId(pendingReqId); + storage.storePendingRequest(pendingReq); + + String inResponseTo = "_".concat(Random.nextHexRandom16()); + transStore.put(inResponseTo, pendingReqId, -1); + + Builder iLightResponse = new AuthenticationResponse.Builder(); + iLightResponse.id("_".concat(Random.nextHexRandom16())) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .subject(RandomStringUtils.randomAlphabetic(10)) + .statusCode(Constants.SUCCESS_URI) + .inResponseTo(inResponseTo) + .subjectNameIdFormat("afaf"); + + AuthenticationResponse eidasResp = iLightResponse.build(); + BinaryLightToken token = connector.putResponse(eidasResp); + httpReq.setParameter(EidasParameterKeys.TOKEN.toString(), + Base64.getEncoder().encodeToString(token.getTokenBytes())); + + + //execute test + controller.restoreEidasAuthProcess(httpReq, httpResp); + + + //validate state + Assert.assertNotNull("eIDAS response", httpReq.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE)); + Assert.assertEquals("wrong eIDAS response", eidasResp, + httpReq.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE)); + + Assert.assertNotNull("missing error", protAuthService.getException()); + Assert.assertEquals("Wrong errorId", "PendingRequest object is not of type 'RequestImpl.class'", + ((EaafException) protAuthService.getException()).getErrorId()); + + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java new file mode 100644 index 00000000..4d9ae035 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java @@ -0,0 +1,439 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test; + +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyList; +import static org.mockito.Mockito.when; + +import java.io.IOException; +import java.security.InvalidKeyException; +import java.security.MessageDigest; +import java.security.NoSuchProviderException; +import java.util.List; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.ws.soap.SOAPFaultException; + +import org.apache.commons.io.IOUtils; +import org.apache.commons.lang3.RandomStringUtils; +import org.apache.commons.lang3.StringUtils; +import org.apache.cxf.binding.soap.SoapFault; +import org.joda.time.DateTime; +import org.jose4j.lang.JoseException; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Ignore; +import org.junit.Rule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.util.Base64Utils; +import org.w3c.dom.Element; +import org.xml.sax.SAXException; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.JsonMappingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.github.skjolber.mockito.soap.SoapServiceRule; + +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; +import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EaafParserException; +import at.gv.egiz.eaaf.core.impl.data.Triple; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import szrservices.GetBPKFromStammzahlEncryptedResponse; +import szrservices.GetBPKFromStammzahlEncryptedResponseType; +import szrservices.GetIdentityLinkEidasResponse; +import szrservices.IdentityLinkType; +import szrservices.PersonInfoType; +import szrservices.SZR; +import szrservices.SZRException_Exception; +import szrservices.SignContentEntry; +import szrservices.SignContentResponse; +import szrservices.SignContentResponseType; +import szrservices.TravelDocumentType; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml"}) +@DirtiesContext(classMode = ClassMode.AFTER_CLASS) +public class SzrClientTest { + private static final Logger log = LoggerFactory.getLogger(SzrClientTest.class); + + @Autowired SzrClient szrClient; + @Autowired MsConnectorDummyConfigMap basicConfig; + + private static ObjectMapper mapper = new ObjectMapper(); + + private static final String givenName = "Franz"; + private static final String familyName = "Mustermann"; + private static final String dateOfBirth = "1989-05-05"; + private static final String eIDASeID = "IS/AT/1234sdgsdfg56789ABCDEF"; + private static final String DUMMY_TARGET = EaafConstants.URN_PREFIX_CDID + "ZP"; + + private SZR szrMock = null; + ErnbEidData eidData = null; + + @Rule + public SoapServiceRule soap = SoapServiceRule.newInstance(); + + /** + * Initialize jUnit test. + */ + @Before + public void initializer() { + if (szrMock == null) { + szrMock = soap.mock(SZR.class, "http://localhost:1234/demoszr"); + + } + + eidData = new ErnbEidData(); + eidData.setFamilyName(familyName); + eidData.setGivenName(givenName); + eidData.setDateOfBirth(new DateTime()); + eidData.setCitizenCountryCode("IS"); + eidData.setPseudonym("1234sdgsdfg56789ABCDEF"); + + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject", "false"); + + } + + + + + @Test + public void getStammzahlenEcryptedTest() throws JAXBException, SZRException_Exception, SzrCommunicationException { + final GetBPKFromStammzahlEncryptedResponse szrResponse = new GetBPKFromStammzahlEncryptedResponse(); + final GetBPKFromStammzahlEncryptedResponseType result1 = new GetBPKFromStammzahlEncryptedResponseType(); + szrResponse.getOut().add(result1); + + result1.setKey(RandomStringUtils.randomAlphanumeric(20)); + + // when(szrMock.getBPKFromStammzahlEncrypted(anyList())) + // .thenReturn(Arrays.asList(result1)); + when(szrMock.getStammzahlEncrypted(any(), any())).thenReturn(result1.getKey()); + + String stammzahlEncrypted = szrClient.getEncryptedStammzahl(new PersonInfoType()); + + Assert.assertEquals("bcBind not match", result1.getKey(), stammzahlEncrypted); + + when(szrMock.getStammzahlEncrypted(any(), any())).thenReturn(null); + try { + stammzahlEncrypted = szrClient.getEncryptedStammzahl(new PersonInfoType()); + } catch (SzrCommunicationException e) { + Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01")); + } + } + + @Test + public void getEidasBindRealSzrResponse() throws SZRException_Exception, SzrCommunicationException, IOException { + final SignContentResponse szrResponse = new SignContentResponse(); + final SignContentEntry result1 = new SignContentEntry(); + final SignContentResponseType content = new SignContentResponseType(); + content.getOut().add(result1); + szrResponse.setSignContentResponse(content); + + result1.setKey("bcBindReq"); + result1.setValue(IOUtils.toString(SzrClient.class.getResourceAsStream("/data/szr/signed_eidasBind.jws"))); + + when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(content); + + final String bcBind = szrClient + .getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), + RandomStringUtils.randomAlphabetic(10), eidData); + + Assert.assertNotNull("bcBind is null", bcBind); + Assert.assertEquals("bcBind not match", result1.getValue(), bcBind); + + } + + @Test + public void eidasBindNull() throws SZRException_Exception { + when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(null); + + try { + szrClient + .getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), + RandomStringUtils.randomAlphabetic(10), eidData); + } catch (SzrCommunicationException e) { + Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01")); + + } + } + + @Test + public void eidasBindInvalidResponse() throws SZRException_Exception { + final SignContentEntry result2 = new SignContentEntry(); + final SignContentResponseType content1 = new SignContentResponseType(); + content1.getOut().add(result2); + when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(content1); + + try { + szrClient + .getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), + RandomStringUtils.randomAlphabetic(10), eidData); + } catch (SzrCommunicationException e) { + Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01")); + + } + } + + public void eidasBindEmptyResponse() throws SZRException_Exception { + final SignContentEntry result2 = new SignContentEntry(); + final SignContentResponseType content1 = new SignContentResponseType(); + content1.getOut().add(result2); + result2.setKey("bcBindReq"); + result2.setValue(""); + when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(content1); + + try { + szrClient + .getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), + RandomStringUtils.randomAlphabetic(10), eidData); + } catch (SzrCommunicationException e) { + Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01")); + + } + } + + @Test + public void eidasBindValid() throws SZRException_Exception, SzrCommunicationException, JsonMappingException, + JsonProcessingException, JoseException { + final SignContentResponse szrResponse = new SignContentResponse(); + final SignContentEntry result1 = new SignContentEntry(); + final SignContentResponseType content = new SignContentResponseType(); + content.getOut().add(result1); + szrResponse.setSignContentResponse(content); + + result1.setKey("bcBindReq"); + result1.setValue(RandomStringUtils.randomAlphanumeric(100)); + + when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(content); + + final String bcBind = szrClient + .getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), + RandomStringUtils.randomAlphabetic(10), eidData); + + Assert.assertNotNull("bcBind is null", bcBind); + Assert.assertEquals("bcBind not match", result1.getValue(), bcBind); + + } + + @Test + public void eidasBindValidWithMds() throws SZRException_Exception, SzrCommunicationException, JoseException, + JsonMappingException, JsonProcessingException { + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject", "true"); + + final SignContentResponse szrResponse = new SignContentResponse(); + final SignContentEntry result1 = new SignContentEntry(); + final SignContentResponseType content = new SignContentResponseType(); + content.getOut().add(result1); + szrResponse.setSignContentResponse(content); + + result1.setKey("bcBindReq"); + result1.setValue(RandomStringUtils.randomAlphanumeric(100)); + + when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(content); + + final String bcBind = szrClient + .getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), + RandomStringUtils.randomAlphabetic(10), eidData); + + Assert.assertNotNull("bcBind is null", bcBind); + Assert.assertEquals("bcBind not match", result1.getValue(), bcBind); + + } + + @Test + public void getIdentityLinkRawModeValidResponse() + throws SZRException_Exception, EaafParserException, NoSuchProviderException, IOException, InvalidKeyException, + EidasSAuthenticationException, JAXBException { + setSzrResponseIdentityLink("/data/szr/szr_resp_valid_1.xml"); + + try { + log.debug("Starting connecting SZR Gateway"); + final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(getPersonInfo()); + + Assert.assertNotNull(result); + Assert.assertNotNull(result.getAssertion()); + + final IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser((Element) result.getAssertion()) + .parseIdentityLink(); + Assert.assertNotNull(identityLink); + + System.out.println(identityLink.getSerializedSamlAssertion()); + + checkElement("Mustermann", identityLink.getFamilyName()); + checkElement("Hans", identityLink.getGivenName()); + checkElement("1989-05-05", identityLink.getDateOfBirth()); + checkElement("urn:publicid:gv.at:baseid", identityLink.getIdentificationType()); + checkElement("k+zDM1BVpN1WJO4x7ZQ3ng==", identityLink.getIdentificationValue()); + Assert.assertNotNull(identityLink.getSerializedSamlAssertion()); + Assert.assertNotNull(identityLink.getSamlAssertion()); + + } catch (final SzrCommunicationException e) { + Assert.fail(); + + } + + } + + @Test + public void getIdentityLinkRawModeErrorTravelerDocExists() + throws SZRException_Exception, EaafParserException, NoSuchProviderException, IOException, InvalidKeyException, + EidasSAuthenticationException, JAXBException, ParserConfigurationException, SAXException { + setSzrExceptionIdentityLink("/data/szr/szr_resp_error_travelerdocexists.xml"); + + try { + log.debug("Starting connecting SZR Gateway"); + szrClient.getIdentityLinkInRawMode(getPersonInfo()); + Assert.fail(); + + } catch (final SzrCommunicationException e) { + checkElement("ernb.02", e.getErrorId()); + Assert.assertNotNull(e.getCause()); + org.springframework.util.Assert.isInstanceOf(SOAPFaultException.class, e.getCause()); + Assert.assertNotNull(((SOAPFaultException) e.getCause()).getFault()); + checkElement("p344:F455", ((SOAPFaultException) e.getCause()).getFault().getFaultCode()); + checkElement( + "The travel document you sent to insert a person already exists for another person. " + "Either check the document or have the person altered accordingly", + ((SOAPFaultException) e.getCause()).getFault().getFaultString()); + + } + + } + + @Ignore + @Test + public void getBpkTest() throws SZRException_Exception, EidasSAuthenticationException { + final List<String> bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET, basicConfig + .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined")); + + if (bPK.isEmpty()) { + throw new SzrCommunicationException("ernb.01", new Object[]{"bPK list is empty"}); + } + for (final String b : bPK) { + if (StringUtils.isEmpty(b)) { + throw new SzrCommunicationException("ernb.01", new Object[]{"bPK is null or empty"}); + } + } + + } + + private void checkElement(String expected, String value) { + Assert.assertNotNull(value); + Assert.assertEquals(expected, value); + + } + + private void setSzrResponseIdentityLink(String responseXmlPath) throws JAXBException, SZRException_Exception { + final JAXBContext jaxbContext = JAXBContext + .newInstance(szrservices.ObjectFactory.class, org.w3._2001._04.xmldsig_more.ObjectFactory.class, + org.w3._2000._09.xmldsig.ObjectFactory.class, + at.gv.e_government.reference.namespace.persondata._20020228.ObjectFactory.class); + final Unmarshaller jaxbUnmarshaller = jaxbContext.createUnmarshaller(); + final GetIdentityLinkEidasResponse szrResponse = (GetIdentityLinkEidasResponse) jaxbUnmarshaller + .unmarshal(this.getClass().getResourceAsStream(responseXmlPath)); + when(szrMock.getIdentityLinkEidas(any(PersonInfoType.class))).thenReturn(szrResponse.getGetIdentityLinkReturn()); + + } + + private void setSzrExceptionIdentityLink(String responseXmlPath) + throws JAXBException, ParserConfigurationException, SAXException, IOException, SZRException_Exception { + final Element detailerror = DomUtils.parseXmlNonValidating(this.getClass().getResourceAsStream(responseXmlPath)); + final javax.xml.namespace.QName qName = new javax.xml.namespace.QName("urn:SZRServices", "F455", "p344"); + final SoapFault fault = new SoapFault( + "The travel document you sent to insert a person already exists for another person. " + "Either check the document or have the person altered accordingly", + qName); + fault.setRole("urn:SZRServices"); + fault.setDetail(detailerror); + when(szrMock.getIdentityLinkEidas(any(PersonInfoType.class))).thenThrow(fault); + + } + + private String createHashFromUniqueId(String uniqueId) throws EidasSAuthenticationException { + try { + final MessageDigest md = MessageDigest.getInstance("SHA-256"); + final byte[] hash = md.digest(uniqueId.getBytes("UTF-8")); + final String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", ""); + return hashBase64; + + } catch (final Exception ex) { + throw new EidasSAuthenticationException("internal.03", new Object[]{}, ex); + + } + } + + private PersonInfoType getPersonInfo() throws EidasSAuthenticationException { + final PersonInfoType personInfo = new PersonInfoType(); + final PersonNameType personName = new PersonNameType(); + final PhysicalPersonType naturalPerson = new PhysicalPersonType(); + final TravelDocumentType eDocument = new TravelDocumentType(); + + naturalPerson.setName(personName); + personInfo.setPerson(naturalPerson); + personInfo.setTravelDocument(eDocument); + + // parse some eID attributes + final Triple<String, String, String> eIdentifier = EidasResponseUtils.parseEidasPersonalIdentifier(eIDASeID); + final String uniqueId = createHashFromUniqueId(eIdentifier.getThird()); + final String citizenCountry = eIdentifier.getFirst(); + + // person information + personName.setFamilyName(familyName); + personName.setGivenName(givenName); + naturalPerson.setDateOfBirth(dateOfBirth); + eDocument.setIssuingCountry(citizenCountry); + eDocument.setDocumentNumber(uniqueId); + + // eID document information + eDocument.setDocumentType(basicConfig + .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, + Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE)); + + return personInfo; + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java new file mode 100644 index 00000000..1e7ff369 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java @@ -0,0 +1,236 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test; + +import java.io.IOException; +import java.security.InvalidKeyException; +import java.security.MessageDigest; +import java.security.NoSuchProviderException; +import java.util.List; + +import org.apache.commons.lang3.RandomStringUtils; +import org.apache.commons.lang3.StringUtils; +import org.bouncycastle.util.encoders.Base64; +import org.joda.time.DateTime; +import org.junit.Assert; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.IfProfileValue; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.util.Base64Utils; +import org.w3c.dom.Element; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; +import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EaafParserException; +import at.gv.egiz.eaaf.core.impl.data.Triple; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; +import szrservices.IdentityLinkType; +import szrservices.PersonInfoType; +import szrservices.SZRException_Exception; +import szrservices.TravelDocumentType; + + +@IfProfileValue(name = "spring.profiles.active", value = "devEnvironment") +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_realConfig.xml"}) +@TestPropertySource(locations = { + //"classpath:/application.properties", + "file:/home/tlenz/Projekte/config/ms_connector/default_config.properties", + }) +public class SzrClientTestProduction { + private static final Logger log = LoggerFactory.getLogger(SzrClientTestProduction.class); + + @Autowired + SzrClient szrClient; + @Autowired + IConfiguration basicConfig; + + private static final String givenName = "Franz"; + private static final String familyName = "Mustermann"; + // private static final String dateOfBirth = "1989-05-05"; + private static final String dateOfBirth = "1989-05-04"; + private static final String eIDASeID = "IS/AT/1234ffgsdfg56789ABCDEF"; + + private static final String DUMMY_TARGET = EaafConstants.URN_PREFIX_CDID + "ZP"; + + @Test + public void dummyTest() { + + } + + @Test + public void getVsz() throws SzrCommunicationException, EidasSAuthenticationException { + String vsz = szrClient.getEncryptedStammzahl(getPersonInfo()); + Assert.assertNotNull("vsz", vsz); + + } + + @Test + public void getEidasBind() throws SzrCommunicationException, EidasSAuthenticationException { + String vsz = RandomStringUtils.randomAlphanumeric(10); + String bindingPubKey = Base64.toBase64String(RandomStringUtils.random(20).getBytes()); + String eidStatus = "urn:eidgvat:eid.status.eidas"; + ErnbEidData eidData = new ErnbEidData(); + eidData.setFamilyName(familyName); + eidData.setGivenName(givenName); + eidData.setDateOfBirth(new DateTime()); + eidData.setCitizenCountryCode("IS"); + eidData.setPseudonym("1234sdgsdfg56789ABCDEF"); + + + String eidasBind = szrClient.getEidsaBind(vsz, bindingPubKey, eidStatus, eidData); + + Assert.assertNotNull("eidasBind", eidasBind); + + } + + + @Test + public void getIdentityLinkRawMode() throws SZRException_Exception, EaafParserException, + NoSuchProviderException, IOException, InvalidKeyException, EidasSAuthenticationException { + log.debug("Starting connecting SZR Gateway"); + final IdentityLinkType result = szrClient.getIdentityLinkInRawMode( + getPersonInfo()); + + final Element idlFromSzr = (Element) result.getAssertion(); + final IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink(); + + if (identityLink == null) { + throw new SzrCommunicationException("ernb.00", new Object[] { "NO IDL object" }); + } + + System.out.println(identityLink.getSerializedSamlAssertion()); + + if (StringUtils.isEmpty(identityLink.getFamilyName())) { + throw new SzrCommunicationException("ernb.00", new Object[] { "NO FamilyName from IDL" }); + } + + if (StringUtils.isEmpty(identityLink.getGivenName())) { + throw new SzrCommunicationException("ernb.00", new Object[] { "NO GivenName from IDL" }); + } + + if (StringUtils.isEmpty(identityLink.getDateOfBirth())) { + throw new SzrCommunicationException("ernb.00", new Object[] { "NO DateOfBirthName from IDL" }); + } + + if (StringUtils.isEmpty(identityLink.getIdentificationType())) { + throw new SzrCommunicationException("ernb.00", new Object[] { "NO baseIdType from IDL" }); + } + + if (StringUtils.isEmpty(identityLink.getIdentificationValue())) { + throw new SzrCommunicationException("ernb.00", new Object[] { "NO baseId from IDL" }); + } + + if (StringUtils.isEmpty(identityLink.getSerializedSamlAssertion())) { + throw new SzrCommunicationException("ernb.00", new Object[] { "NO serialized IDL" }); + } + + if (identityLink.getSamlAssertion() == null) { + throw new SzrCommunicationException("ernb.00", new Object[] { "NO raw IDL" }); + } + + } + + + @Ignore + @Test + public void getBpkTest() throws SZRException_Exception, EidasSAuthenticationException { + final List<String> bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET, + basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, + "no VKZ defined")); + + if (bPK.isEmpty()) { + throw new SzrCommunicationException("ernb.01", new Object[]{"bPK list is empty"}); + } + for (String b : bPK) { + if (StringUtils.isEmpty(b)) { + throw new SzrCommunicationException("ernb.01", new Object[]{"bPK is null or empty"}); + } + } + + } + + private String createHashFromUniqueId(String uniqueId) throws EidasSAuthenticationException { + try { + final MessageDigest md = MessageDigest.getInstance("SHA-256"); + final byte[] hash = md.digest(uniqueId.getBytes("UTF-8")); + final String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", ""); + return hashBase64; + + } catch (final Exception ex) { + throw new EidasSAuthenticationException("internal.03", new Object[] {}, ex); + + } + } + + private PersonInfoType getPersonInfo() throws EidasSAuthenticationException { + final PersonInfoType personInfo = new PersonInfoType(); + final PersonNameType personName = new PersonNameType(); + final PhysicalPersonType naturalPerson = new PhysicalPersonType(); + final TravelDocumentType eDocument = new TravelDocumentType(); + + naturalPerson.setName(personName); + personInfo.setPerson(naturalPerson); + personInfo.setTravelDocument(eDocument); + + // parse some eID attributes + final Triple<String, String, String> eIdentifier = + EidasResponseUtils.parseEidasPersonalIdentifier(eIDASeID); + final String uniqueId = createHashFromUniqueId(eIdentifier.getThird()); + final String citizenCountry = eIdentifier.getFirst(); + + // person information + personName.setFamilyName(familyName); + personName.setGivenName(givenName); + naturalPerson.setDateOfBirth(dateOfBirth); + eDocument.setIssuingCountry(citizenCountry); + eDocument.setDocumentNumber(uniqueId); + + // eID document information + eDocument.setDocumentType(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, + Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE)); + + return personInfo; + } +} diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummySpecificCommunicationService.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummySpecificCommunicationService.java new file mode 100644 index 00000000..d2b0c1ae --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummySpecificCommunicationService.java @@ -0,0 +1,58 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy; + +import java.util.Collection; + +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.light.ILightRequest; +import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.auth.commons.tx.BinaryLightToken; +import eu.eidas.specificcommunication.BinaryLightTokenHelper; +import eu.eidas.specificcommunication.exception.SpecificCommunicationException; +import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; + +public class DummySpecificCommunicationService implements SpecificCommunicationService { + + private ILightRequest lightRequest; + private ILightResponse lightResponse; + + @Override + public BinaryLightToken putRequest(ILightRequest lightRequest) throws SpecificCommunicationException { + this.lightRequest = lightRequest; + return BinaryLightTokenHelper.createBinaryLightToken("Test", "TestSecret", "SHA-256"); + } + + @Override + public ILightRequest getAndRemoveRequest(String tokenBase64, Collection<AttributeDefinition<?>> registry) + throws SpecificCommunicationException { + return lightRequest; + } + + @Override + public BinaryLightToken putResponse(ILightResponse lightResponse) throws SpecificCommunicationException { + this.lightResponse = lightResponse; + return BinaryLightTokenHelper.createBinaryLightToken("Test", "TestSecret", "SHA-256"); + } + + @Override + public ILightResponse getAndRemoveResponse(String tokenBase64, Collection<AttributeDefinition<?>> registry) + throws SpecificCommunicationException { + return lightResponse; + } + + public ILightRequest getiLightRequest() { + return lightRequest; + } + + public void setiLightRequest(ILightRequest lightReques) { + this.lightRequest = lightReques; + } + + public ILightResponse getiLightResponse() { + return lightResponse; + } + + public void setiLightResponse(ILightResponse lightResponse) { + this.lightResponse = lightResponse; + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java new file mode 100644 index 00000000..7aab1f3e --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java @@ -0,0 +1,492 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import static at.asitplus.eidas.specific.core.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; +import static org.powermock.api.mockito.PowerMockito.when; + +import java.net.URISyntaxException; +import java.security.KeyStore; +import java.security.Provider; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +import javax.annotation.Nonnull; + +import org.apache.commons.lang3.RandomStringUtils; +import org.jose4j.jwa.AlgorithmConstraints; +import org.jose4j.jwa.AlgorithmConstraints.ConstraintType; +import org.jose4j.jws.AlgorithmIdentifiers; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.ArgumentCaptor; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.github.skjolber.mockito.soap.SoapServiceRule; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils.JwsResult; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.Builder; +import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse; +import lombok.val; +import szrservices.JwsHeaderParam; +import szrservices.PersonInfoType; +import szrservices.SZR; +import szrservices.SignContentEntry; +import szrservices.SignContentResponseType; + +@RunWith(SpringJUnit4ClassRunner.class) +@PrepareForTest(CreateIdentityLinkTask.class) +@DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml"}) +public class CreateIdentityLinkTaskEidNewTest { + + @Autowired(required = true) + private CreateIdentityLinkTask task; + + @Autowired(required = true) + private MsConnectorDummyConfigMap basicConfig; + @Autowired + protected EidasAttributeRegistry attrRegistry; + + @Autowired + EaafKeyStoreFactory keyStoreFactory; + + @Autowired + private IRequestStorage requestStorage; + + final ExecutionContext executionContext = new ExecutionContextImpl(); + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + private TestRequestImpl pendingReq; + private DummySpConfiguration oaParam; + private SZR szrMock; + + private static final String PW = "f/+saJBc3a}*/T^s"; + private static final String ALIAS = "connectorkeypair"; + + private static final List<String> BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList(Arrays + .asList(AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256, + AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512, AlgorithmIdentifiers.RSA_PSS_USING_SHA256, + AlgorithmIdentifiers.RSA_PSS_USING_SHA512)); + + private static ObjectMapper mapper = new ObjectMapper(); + + private AuthenticationResponse response; + + @Rule + public final SoapServiceRule soap = SoapServiceRule.newInstance(); + + /** + * jUnit test set-up. + */ + @Before + public void setUp() throws EaafStorageException, URISyntaxException { + + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false"); + + final Map<String, String> spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); + spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); + spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true"); + oaParam = new DummySpConfiguration(spConfig, basicConfig); + pendingReq = new TestRequestImpl(); + + response = buildDummyAuthResponse(false); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); + + + pendingReq.setSpConfig(oaParam); + pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); + pendingReq.setAuthUrl("http://test.com/"); + pendingReq.setTransactionId("avaasbav"); + pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10)); + + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "XX"); + executionContext.put(EaafConstants.PROCESS_ENGINE_REQUIRES_NO_POSTAUTH_REDIRECT, true); + + szrMock = soap.mock(SZR.class, "http://localhost:1234/demoszr"); + } + + @Test + public void successfulProcessWithDeInfos() throws Exception { + //initialize test + response = buildDummyAuthResponse(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); + + String vsz = RandomStringUtils.randomNumeric(10); + when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(vsz); + val signContentResp = new SignContentResponseType(); + final SignContentEntry signContentEntry = new SignContentEntry(); + signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10)); + signContentResp.getOut().add(signContentEntry); + when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp); + + String randomTestSp = RandomStringUtils.randomAlphabetic(10); + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); + + //perform test + task.execute(pendingReq, executionContext); + + //validate state + // check if pendingRequest was stored + IRequest storedPendingReq = requestStorage.getPendingRequest(pendingReq.getPendingRequestId()); + Assert.assertNotNull("pendingReq not stored", storedPendingReq); + + //check data in session + final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); + Assert.assertNotNull("AuthProcessData", authProcessData); + Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class)); + + String authBlock = authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class); + Assert.assertNotNull("AuthBlock", authBlock); + + Assert.assertTrue("EID process", authProcessData.isEidProcess()); + Assert.assertTrue("foreigner process", authProcessData.isForeigner()); + Assert.assertEquals("EID-ISSUING_NATION", "LU", + authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class)); + Assert.assertNotNull("LoA is null", authProcessData.getQaaLevel()); + Assert.assertEquals("LoA", response.getLevelOfAssurance(), + authProcessData.getQaaLevel()); + + + // check authblock signature + final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT, + BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()])); + Pair<KeyStore, Provider> keyStore = getKeyStore(); + X509Certificate[] trustedCerts = EaafKeyStoreUtils + .getPrivateKeyAndCertificates(keyStore.getFirst(), ALIAS, PW.toCharArray(), true, "junit").getSecond(); + JwsResult result = JoseUtils.validateSignature(authBlock, Arrays.asList(trustedCerts), constraints); + Assert.assertTrue("AuthBlock not valid", result.isValid()); + JsonNode authBlockJson = mapper.readTree(result.getPayLoad()); + Assert.assertNotNull("deserialized AuthBlock", authBlockJson); + + Assert.assertNotNull("no piiTransactionId in pendingRequesdt", + storedPendingReq.getUniquePiiTransactionIdentifier()); + Assert.assertEquals("piiTransactionId", storedPendingReq.getUniquePiiTransactionIdentifier(), + authBlockJson.get("piiTransactionId").asText()); + Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText()); + Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty()); + Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty()); + Assert.assertFalse("binding pubKey", authBlockJson.has("bindingPublicKey")); + + + // check vsz request + ArgumentCaptor<PersonInfoType> argument4 = ArgumentCaptor.forClass(PersonInfoType.class); + ArgumentCaptor<Boolean> argument5 = ArgumentCaptor.forClass(Boolean.class); + verify(szrMock, times(1)).getStammzahlEncrypted(argument4.capture(), argument5.capture()); + + Boolean param5 = argument5.getValue(); + Assert.assertTrue("insertERnP flag", param5); + PersonInfoType person = argument4.getValue(); + Assert.assertEquals("FamilyName", + response.getAttributes().getAttributeValuesByFriendlyName("FamilyName").getFirstValue( + response.getAttributes().getDefinitionsByFriendlyName("FamilyName").iterator().next()), + person.getPerson().getName().getFamilyName()); + Assert.assertEquals("GivenName", + response.getAttributes().getAttributeValuesByFriendlyName("FirstName").getFirstValue( + response.getAttributes().getDefinitionsByFriendlyName("FirstName").iterator().next()), + person.getPerson().getName().getGivenName()); + Assert.assertEquals("DateOfBirth", + response.getAttributes().getAttributeValuesByFriendlyName("DateOfBirth").getFirstValue( + response.getAttributes().getDefinitionsByFriendlyName("DateOfBirth").iterator().next()) + .toString().split("T")[0], + person.getPerson().getDateOfBirth()); + + Assert.assertEquals("PlaceOfBirth", + response.getAttributes().getAttributeValuesByFriendlyName("PlaceOfBirth").getFirstValue( + response.getAttributes().getDefinitionsByFriendlyName("PlaceOfBirth").iterator().next()), + person.getPerson().getPlaceOfBirth()); + Assert.assertEquals("BirthName", + response.getAttributes().getAttributeValuesByFriendlyName("BirthName").getFirstValue( + response.getAttributes().getDefinitionsByFriendlyName("BirthName").iterator().next()), + person.getPerson().getAlternativeName().getFamilyName()); + + Assert.assertEquals("CitizenCountry", "LU", person.getTravelDocument().getIssuingCountry()); + Assert.assertEquals("DocumentType", "ELEKTR_DOKUMENT", person.getTravelDocument().getDocumentType()); + + Assert.assertEquals("Identifier", + response.getAttributes().getAttributeValuesByFriendlyName("PersonIdentifier").getFirstValue( + response.getAttributes().getDefinitionsByFriendlyName("PersonIdentifier").iterator().next()) + .toString().split("/")[2], + person.getTravelDocument().getDocumentNumber()); + + // check bcBind singing request + ArgumentCaptor<Boolean> argument1 = ArgumentCaptor.forClass(Boolean.class); + ArgumentCaptor<List<JwsHeaderParam>> argument2 = ArgumentCaptor.forClass(List.class); + ArgumentCaptor<List<SignContentEntry>> argument3 = ArgumentCaptor.forClass(List.class); + verify(szrMock, times(1)).signContent(argument1.capture(), argument2.capture(), argument3.capture()); + Boolean param1 = argument1.getValue(); + Assert.assertFalse("addCert flag", param1); + + List<JwsHeaderParam> param2 = argument2.getValue(); + Assert.assertNotNull("JWS Headers", param2); + Assert.assertFalse("JWS Headers empty", param2.isEmpty()); + Assert.assertEquals("Wrong JWS header size", 1, param2.size()); + Assert.assertEquals("Missing JWS header key", "urn:at.gv.eid:bindtype", param2.get(0).getKey()); + Assert.assertEquals("Missing JWS header value", "urn:at.gv.eid:eidasBind", param2.get(0).getValue()); + + List<SignContentEntry> param3 = argument3.getValue(); + Assert.assertNotNull("sign Payload", param3); + Assert.assertEquals("wrong sign-payload size", 1, param3.size()); + Assert.assertNotNull("payload", param3.get(0).getValue().getBytes()); + JsonNode bcBind = mapper.readTree(param3.get(0).getValue().getBytes()); + Assert.assertNotNull("bcbind req", bcBind); + + Assert.assertEquals("vsz", vsz, bcBind.get("urn:eidgvat:attributes.vsz.value").asText()); + Assert.assertEquals("eid status", "urn:eidgvat:eid.status.eidas", + bcBind.get("urn:eidgvat:attributes.eid.status").asText()); + Assert.assertTrue("pubKeys", bcBind.has("urn:eidgvat:attributes.user.pubkeys")); + Assert.assertTrue("pubKeys", bcBind.get("urn:eidgvat:attributes.user.pubkeys").isArray()); + Iterator<JsonNode> pubKeys = bcBind.get("urn:eidgvat:attributes.user.pubkeys").elements(); + Assert.assertTrue("No PubKey", pubKeys.hasNext()); + Assert.assertEquals("Wrong pubKey", + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxcB5jnrAwGn7xjgVFv1UBUv1pluwDRFQx7x5O6rSn7pblYfwaWeKa8y" + + "jS5BDDaZ00mhhnSlm2XByNrkg5yBGetTgBGtQVAxV5apfuAWN8TS3uSXgdZol7Khd6kraUITtnulvLe8tNaboom5P0zN6UxbJN" + + "NVLishVp80HiRXiDbplCTUk8b5cYtmivdb0+5JBTa7L5N/anRVnHHoJCXgNPTouO8daUHZbG1mPk0HgqD8rhZ+OBzE+APKH9No" + + "agedSrGRDLdIgZxkrg0mxmfsZQIi2wdJSi3y0PAjEps/s4j0nmw9bPRgCMNLBqqjxtN5JKC8E1yyLm7YefXv/nPaMwIDAQAB", + pubKeys.next().asText()); + Assert.assertFalse("More than one PubKey", pubKeys.hasNext()); + + } + + @Test + public void successfulProcessWithStandardInfos() throws Exception { + //initialize test + String vsz = RandomStringUtils.randomNumeric(10); + when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(vsz); + val signContentResp = new SignContentResponseType(); + final SignContentEntry signContentEntry = new SignContentEntry(); + signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10)); + signContentResp.getOut().add(signContentEntry); + when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp); + + String randomTestSp = RandomStringUtils.randomAlphabetic(10); + String bindingPubKey = RandomStringUtils.randomAlphabetic(10); + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey); + + //perform test + task.execute(pendingReq, executionContext); + + //validate state + // check if pendingRequest was stored + IRequest storedPendingReq = requestStorage.getPendingRequest(pendingReq.getPendingRequestId()); + Assert.assertNotNull("pendingReq not stored", storedPendingReq); + + //check data in session + final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); + Assert.assertNotNull("AuthProcessData", authProcessData); + Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class)); + + // check authblock signature + String authBlock = authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class); + Assert.assertNotNull("AuthBlock", authBlock); + final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT, + BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()])); + Pair<KeyStore, Provider> keyStore = getKeyStore(); + X509Certificate[] trustedCerts = EaafKeyStoreUtils + .getPrivateKeyAndCertificates(keyStore.getFirst(), ALIAS, PW.toCharArray(), true, "junit").getSecond(); + JwsResult result = JoseUtils.validateSignature(authBlock, Arrays.asList(trustedCerts), constraints); + Assert.assertTrue("AuthBlock not valid", result.isValid()); + JsonNode authBlockJson = mapper.readTree(result.getPayLoad()); + Assert.assertNotNull("deserialized AuthBlock", authBlockJson); + + Assert.assertNotNull("no piiTransactionId in pendingRequesdt", + storedPendingReq.getUniquePiiTransactionIdentifier()); + Assert.assertEquals("piiTransactionId", storedPendingReq.getUniquePiiTransactionIdentifier(), + authBlockJson.get("piiTransactionId").asText()); + Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText()); + Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty()); + Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty()); + Assert.assertTrue("binding pubKey", authBlockJson.has("bindingPublicKey")); + Assert.assertEquals("binding PubKey", bindingPubKey, authBlockJson.get("bindingPublicKey").asText()); + + Assert.assertTrue("EID process", authProcessData.isEidProcess()); + Assert.assertTrue("foreigner process", authProcessData.isForeigner()); + Assert.assertEquals("EID-ISSUING_NATION", "LU", + authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class)); + Assert.assertNotNull("LoA is null", authProcessData.getQaaLevel()); + Assert.assertEquals("LoA", response.getLevelOfAssurance(), + authProcessData.getQaaLevel()); + + // check vsz request + ArgumentCaptor<PersonInfoType> argument4 = ArgumentCaptor.forClass(PersonInfoType.class); + ArgumentCaptor<Boolean> argument5 = ArgumentCaptor.forClass(Boolean.class); + verify(szrMock, times(1)).getStammzahlEncrypted(argument4.capture(), argument5.capture()); + + Boolean param5 = argument5.getValue(); + Assert.assertTrue("insertERnP flag", param5); + PersonInfoType person = argument4.getValue(); + Assert.assertEquals("FamilyName", + response.getAttributes().getAttributeValuesByFriendlyName("FamilyName").getFirstValue( + response.getAttributes().getDefinitionsByFriendlyName("FamilyName").iterator().next()), + person.getPerson().getName().getFamilyName()); + Assert.assertEquals("GivenName", + response.getAttributes().getAttributeValuesByFriendlyName("FirstName").getFirstValue( + response.getAttributes().getDefinitionsByFriendlyName("FirstName").iterator().next()), + person.getPerson().getName().getGivenName()); + Assert.assertEquals("DateOfBirth", + response.getAttributes().getAttributeValuesByFriendlyName("DateOfBirth").getFirstValue( + response.getAttributes().getDefinitionsByFriendlyName("DateOfBirth").iterator().next()) + .toString().split("T")[0], + person.getPerson().getDateOfBirth()); + + Assert.assertNull("PlaceOfBirth", person.getPerson().getPlaceOfBirth()); + Assert.assertNull("BirthName", person.getPerson().getAlternativeName()); + + Assert.assertEquals("CitizenCountry", "LU", person.getTravelDocument().getIssuingCountry()); + Assert.assertEquals("DocumentType", "ELEKTR_DOKUMENT", person.getTravelDocument().getDocumentType()); + + Assert.assertEquals("Identifier", + response.getAttributes().getAttributeValuesByFriendlyName("PersonIdentifier").getFirstValue( + response.getAttributes().getDefinitionsByFriendlyName("PersonIdentifier").iterator().next()) + .toString().split("/")[2], + person.getTravelDocument().getDocumentNumber()); + + + } + + @Test + public void getStammzahlEncryptedExceptionTest() throws Exception { + try { + when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(null); + task.execute(pendingReq, executionContext); + } catch (TaskExecutionException e) { + Assert.assertEquals("Incorrect exception thrown", e.getMessage(), + "IdentityLink generation for foreign person " + "FAILED."); + Assert.assertEquals("Incorrect exception thrown", ((SzrCommunicationException) e.getCause()).getErrorId(), + "ernb.01"); + Assert.assertTrue("Incorrect exception thrown", e.getCause().getMessage().contains("Stammzahl response empty")); + } + } + + @Test + public void signContentExceptionTest() throws Exception { + try { + when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10)); + when(szrMock, "signContent", any(), any(), any()).thenReturn(null); + task.execute(pendingReq, executionContext); + } catch (TaskExecutionException e) { + Assert.assertEquals("Incorrect exception thrown", e.getMessage(), + "IdentityLink generation for foreign person " + "FAILED."); + Assert.assertEquals("Incorrect exception thrown", ((SzrCommunicationException) e.getCause()).getErrorId(), + "ernb.01"); + Assert.assertTrue("Incorrect exception thrown", e.getCause().getMessage().contains("BcBind response empty")); + } + } + + private Pair<KeyStore, Provider> getKeyStore() throws EaafException { + // read Connector wide config data TODO connector wide! + String keyStoreName = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_NAME); + String keyStorePw = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_PASSWORD); + String keyStorePath = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_PATH); + String keyStoreType = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_TYPE); + + + //build new KeyStore configuration + KeyStoreConfiguration keyStoreConfiguration = new KeyStoreConfiguration(); + keyStoreConfiguration.setFriendlyName("jUnit test"); + + keyStoreConfiguration.setSoftKeyStoreFilePath(keyStorePath); + keyStoreConfiguration.setSoftKeyStorePassword(keyStorePw); + keyStoreConfiguration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.fromString(keyStoreType)); + keyStoreConfiguration.setKeyStoreName(keyStoreName); + + //build new KeyStore based on configuration + return keyStoreFactory.buildNewKeyStore(keyStoreConfiguration); + + } + + @Nonnull + private AuthenticationResponse buildDummyAuthResponse(boolean withAll) throws URISyntaxException { + final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); + final AttributeDefinition attributeDef2 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_CURRENTFAMILYNAME).first(); + final AttributeDefinition attributeDef3 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_CURRENTGIVENNAME).first(); + final AttributeDefinition attributeDef4 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_DATEOFBIRTH).first(); + final AttributeDefinition attributeDef5 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_PLACEOFBIRTH).first(); + final AttributeDefinition attributeDef6 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_BIRTHNAME).first(); + + final Builder attributeMap = ImmutableAttributeMap.builder(); + attributeMap.put(attributeDef, "LU/AT/" + RandomStringUtils.randomNumeric(64)); + attributeMap.put(attributeDef2, RandomStringUtils.randomAlphabetic(10)); + attributeMap.put(attributeDef3, RandomStringUtils.randomAlphabetic(10)); + attributeMap.put(attributeDef4, "2001-01-01"); + if (withAll) { + attributeMap.put(attributeDef5, RandomStringUtils.randomAlphabetic(10)); + attributeMap.put(attributeDef6, RandomStringUtils.randomAlphabetic(10)); + + } + + val b = new AuthenticationResponse.Builder(); + return b.id("_".concat(Random.nextHexRandom16())) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .subject(RandomStringUtils.randomAlphabetic(10)) + .statusCode(Constants.SUCCESS_URI) + .inResponseTo("_".concat(Random.nextHexRandom16())) + .subjectNameIdFormat("afaf") + .levelOfAssurance(EaafConstants.EIDAS_LOA_PREFIX + RandomStringUtils.randomAlphabetic(5)) + .attributes(attributeMap.build()) + .build(); + } +} diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java new file mode 100644 index 00000000..a9d2f332 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java @@ -0,0 +1,464 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import static at.asitplus.eidas.specific.core.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; +import static org.mockito.ArgumentMatchers.any; + +import java.net.URISyntaxException; +import java.util.HashMap; +import java.util.Map; + +import javax.annotation.Nonnull; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import com.github.skjolber.mockito.soap.SoapServiceRule; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse; +import lombok.val; +import szrservices.GetBPK; +import szrservices.GetBPKResponse; +import szrservices.GetIdentityLinkEidasResponse; +import szrservices.PersonInfoType; +import szrservices.SZR; +import szrservices.SZRException_Exception; + +@RunWith(SpringJUnit4ClassRunner.class) +@PrepareForTest(CreateIdentityLinkTask.class) +@DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml"}) +public class CreateIdentityLinkTaskTest { + + @Autowired(required = true) + private CreateIdentityLinkTask task; + + @Autowired(required = true) + private MsConnectorDummyConfigMap basicConfig; + @Autowired + protected EidasAttributeRegistry attrRegistry; + + @Autowired + EaafKeyStoreFactory keyStoreFactory; + + @Autowired + private IRequestStorage requestStorage; + + final ExecutionContext executionContext = new ExecutionContextImpl(); + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + private TestRequestImpl pendingReq; + private DummySpConfiguration oaParam; + private SZR szrMock; + + private AuthenticationResponse response; + private Map<String, String> spConfig; + + @Rule + public final SoapServiceRule soap = SoapServiceRule.newInstance(); + + /** + * jUnit test set-up. + */ + @Before + public void setUp() throws EaafStorageException, URISyntaxException { + + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false"); + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.revisionlog.eidmapping.active", "false"); + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation", "false"); + + spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); + spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); + spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "false"); + oaParam = new DummySpConfiguration(spConfig, basicConfig); + pendingReq = new TestRequestImpl(); + + response = buildDummyAuthResponse(); + + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); + pendingReq.setSpConfig(oaParam); + pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); + pendingReq.setAuthUrl("http://test.com/"); + pendingReq.setTransactionId("avaasbav"); + pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10)); + + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "XX"); + executionContext.put(EaafConstants.PROCESS_ENGINE_REQUIRES_NO_POSTAUTH_REDIRECT, true); + + szrMock = soap.mock(SZR.class, "http://localhost:1234/demoszr"); + } + + + @Test + public void buildIdentityLink() throws Exception { + //initialize test + setSzrResponseIdentityLink("/data/szr/szr_resp_valid_1.xml"); + + String randomTestSp = RandomStringUtils.randomAlphabetic(10); + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); + + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false"); + + + //perform test + task.execute(pendingReq, executionContext); + + + //validate state + // check if pendingRequest was stored + IRequest storedPendingReq = requestStorage.getPendingRequest(pendingReq.getPendingRequestId()); + Assert.assertNotNull("pendingReq not stored", storedPendingReq); + + //check data in session + final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); + Assert.assertNotNull("AuthProcessData", authProcessData); + Assert.assertNull("eidasBind", authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class)); + + String authBlock = authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class); + Assert.assertNull("AuthBlock", authBlock); + + Assert.assertFalse("EID process", authProcessData.isEidProcess()); + Assert.assertTrue("foreigner process", authProcessData.isForeigner()); + Assert.assertEquals("EID-ISSUING_NATION", "LU", + authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class)); + Assert.assertNotNull("LoA is null", authProcessData.getQaaLevel()); + Assert.assertEquals("LoA", response.getLevelOfAssurance(), + authProcessData.getQaaLevel()); + + Assert.assertNotNull("IDL", authProcessData.getIdentityLink()); + checkElement("Mustermann", authProcessData.getIdentityLink().getFamilyName()); + checkElement("Hans", authProcessData.getIdentityLink().getGivenName()); + checkElement("1989-05-05", authProcessData.getIdentityLink().getDateOfBirth()); + checkElement("urn:publicid:gv.at:baseid", authProcessData.getIdentityLink().getIdentificationType()); + checkElement("k+zDM1BVpN1WJO4x7ZQ3ng==", authProcessData.getIdentityLink().getIdentificationValue()); + Assert.assertNotNull(authProcessData.getIdentityLink().getSerializedSamlAssertion()); + Assert.assertNotNull(authProcessData.getIdentityLink().getSamlAssertion()); + + Assert.assertNotNull("no bPK", authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.BPK_NAME)); + Assert.assertEquals("wrong bPK", "XX:FkXtOaSSeR3elyL9KLLvijIYDMU=", + authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.BPK_NAME)); + + } + + @Test + public void buildIdentityLinkWithWbpk() throws Exception { + //initialize test + setSzrResponseIdentityLink("/data/szr/szr_resp_valid_1.xml"); + spConfig.put("target", EaafConstants.URN_PREFIX_WBPK + "FN+123456i"); + + String randomTestSp = RandomStringUtils.randomAlphabetic(10); + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); + + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false"); + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.revisionlog.eidmapping.active", "true"); + + //perform test + task.execute(pendingReq, executionContext); + + + //validate state + // check if pendingRequest was stored + IRequest storedPendingReq = requestStorage.getPendingRequest(pendingReq.getPendingRequestId()); + Assert.assertNotNull("pendingReq not stored", storedPendingReq); + + //check data in session + final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); + Assert.assertNotNull("AuthProcessData", authProcessData); + Assert.assertNull("eidasBind", authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class)); + + String authBlock = authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class); + Assert.assertNull("AuthBlock", authBlock); + + Assert.assertFalse("EID process", authProcessData.isEidProcess()); + Assert.assertTrue("foreigner process", authProcessData.isForeigner()); + Assert.assertEquals("EID-ISSUING_NATION", "LU", + authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class)); + Assert.assertNotNull("LoA is null", authProcessData.getQaaLevel()); + Assert.assertEquals("LoA", response.getLevelOfAssurance(), + authProcessData.getQaaLevel()); + + Assert.assertNotNull("no bPK", authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.BPK_NAME)); + Assert.assertEquals("wrong bPK", "FN+123456i:D26vJncPS2W790RH/LP04V+vNOQ=", + authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.BPK_NAME)); + + } + + @Test + public void buildIdentityLinkWithEidasBpk() throws Exception { + //initialize test + setSzrResponseIdentityLink("/data/szr/szr_resp_valid_2.xml"); + spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+EU"); + + String randomTestSp = RandomStringUtils.randomAlphabetic(10); + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); + + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false"); + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.revisionlog.eidmapping.active", "true"); + + //perform test + task.execute(pendingReq, executionContext); + + + //validate state + // check if pendingRequest was stored + IRequest storedPendingReq = requestStorage.getPendingRequest(pendingReq.getPendingRequestId()); + Assert.assertNotNull("pendingReq not stored", storedPendingReq); + + //check data in session + final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); + Assert.assertNotNull("AuthProcessData", authProcessData); + Assert.assertNull("eidasBind", authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class)); + + String authBlock = authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class); + Assert.assertNull("AuthBlock", authBlock); + + Assert.assertFalse("EID process", authProcessData.isEidProcess()); + Assert.assertTrue("foreigner process", authProcessData.isForeigner()); + Assert.assertEquals("EID-ISSUING_NATION", "LU", + authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class)); + Assert.assertNotNull("LoA is null", authProcessData.getQaaLevel()); + Assert.assertEquals("LoA", response.getLevelOfAssurance(), + authProcessData.getQaaLevel()); + + Assert.assertNotNull("IDL", authProcessData.getIdentityLink()); + checkElement("Musterfrau", authProcessData.getIdentityLink().getFamilyName()); + checkElement("Martina", authProcessData.getIdentityLink().getGivenName()); + checkElement("1991-04-15", authProcessData.getIdentityLink().getDateOfBirth()); + checkElement("urn:publicid:gv.at:baseid", authProcessData.getIdentityLink().getIdentificationType()); + checkElement("k+zDM1BV1312312332x7ZQ3ng==", authProcessData.getIdentityLink().getIdentificationValue()); + + Assert.assertNotNull("no bPK", authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.BPK_NAME)); + Assert.assertEquals("wrong bPK", "AT+EU:AT/EU/1+wqDl059/02Ptny0g+LyuLDJV0=", + authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.BPK_NAME)); + + } + + @Test + public void buildIdentityLinkWithUnknownBpk() throws Exception { + //initialize test + setSzrResponseIdentityLink("/data/szr/szr_resp_valid_1.xml"); + spConfig.put("target", "urn:notextis:1234"); + + String randomTestSp = RandomStringUtils.randomAlphabetic(10); + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); + + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false"); + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.revisionlog.eidmapping.active", "true"); + + try { + task.execute(pendingReq, executionContext); + Assert.fail("unknown bPKType not detected"); + + } catch (TaskExecutionException e) { + Assert.assertEquals("ErrorId", "builder.33", + ((EaafException) e.getOriginalException()).getErrorId()); + Assert.assertEquals("wrong parameter size", 1, ((EaafException) e.getOriginalException()) + .getParams().length); + + } + } + + @Test + public void noBpkResult() throws Exception { + //initialize test + setSzrResponseIdentityLink("/data/szr/szr_resp_valid_1.xml"); + GetBPKResponse getBpkResp = new GetBPKResponse(); + org.mockito.Mockito.when(szrMock.getBPK(any(GetBPK.class))).thenReturn(getBpkResp ); + + spConfig.put("target", "urn:notextis:1234"); + + String randomTestSp = RandomStringUtils.randomAlphabetic(10); + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); + + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false"); + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.revisionlog.eidmapping.active", "true"); + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation", "true"); + + try { + task.execute(pendingReq, executionContext); + Assert.fail("unknown bPKType not detected"); + + } catch (TaskExecutionException e) { + Assert.assertEquals("ErrorId", "ernb.01", + ((EaafException) e.getOriginalException()).getErrorId()); + + } + } + + @Test + public void bPKFromSzr() throws Exception { + //initialize test + setSzrResponseIdentityLink("/data/szr/szr_resp_valid_1.xml"); + String bpk = RandomStringUtils.randomAlphanumeric(10); + GetBPKResponse getBpkResp = new GetBPKResponse(); + getBpkResp.getGetBPKReturn().add(bpk); + org.mockito.Mockito.when(szrMock.getBPK(any(GetBPK.class))).thenReturn(getBpkResp ); + + spConfig.put("target", "urn:notextis:1234"); + + String randomTestSp = RandomStringUtils.randomAlphabetic(10); + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); + + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false"); + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.revisionlog.eidmapping.active", "true"); + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation", "true"); + + //execute test + task.execute(pendingReq, executionContext); + + + //validate state + // check if pendingRequest was stored + IRequest storedPendingReq = requestStorage.getPendingRequest(pendingReq.getPendingRequestId()); + Assert.assertNotNull("pendingReq not stored", storedPendingReq); + + //check data in session + final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); + Assert.assertNotNull("AuthProcessData", authProcessData); + Assert.assertNull("eidasBind", authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class)); + + String authBlock = authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class); + Assert.assertNull("AuthBlock", authBlock); + + Assert.assertFalse("EID process", authProcessData.isEidProcess()); + Assert.assertTrue("foreigner process", authProcessData.isForeigner()); + Assert.assertEquals("EID-ISSUING_NATION", "LU", + authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class)); + Assert.assertNotNull("LoA is null", authProcessData.getQaaLevel()); + Assert.assertEquals("LoA", response.getLevelOfAssurance(), + authProcessData.getQaaLevel()); + + Assert.assertNotNull("no bPK", authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.BPK_NAME)); + Assert.assertEquals("wrong bPK", bpk, + authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.BPK_NAME)); + } + + @Test + public void buildDummyIdl() throws Exception { + //initialize test + String randomTestSp = RandomStringUtils.randomAlphabetic(10); + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); + + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "true"); + + + //perform test + task.execute(pendingReq, executionContext); + + + //validate state + // check if pendingRequest was stored + IRequest storedPendingReq = requestStorage.getPendingRequest(pendingReq.getPendingRequestId()); + Assert.assertNotNull("pendingReq not stored", storedPendingReq); + + //check data in session + final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); + Assert.assertNotNull("AuthProcessData", authProcessData); + Assert.assertNull("eidasBind", authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class)); + + String authBlock = authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class); + Assert.assertNull("AuthBlock", authBlock); + + Assert.assertFalse("EID process", authProcessData.isEidProcess()); + Assert.assertTrue("foreigner process", authProcessData.isForeigner()); + Assert.assertEquals("EID-ISSUING_NATION", "LU", + authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class)); + Assert.assertNotNull("LoA is null", authProcessData.getQaaLevel()); + Assert.assertEquals("LoA", response.getLevelOfAssurance(), + authProcessData.getQaaLevel()); + + Assert.assertNotNull("IDL", authProcessData.getIdentityLink()); + + } + + private void setSzrResponseIdentityLink(String responseXmlPath) throws JAXBException, SZRException_Exception { + final JAXBContext jaxbContext = JAXBContext + .newInstance(szrservices.ObjectFactory.class, org.w3._2001._04.xmldsig_more.ObjectFactory.class, + org.w3._2000._09.xmldsig.ObjectFactory.class, + at.gv.e_government.reference.namespace.persondata._20020228.ObjectFactory.class); + final Unmarshaller jaxbUnmarshaller = jaxbContext.createUnmarshaller(); + final GetIdentityLinkEidasResponse szrResponse = (GetIdentityLinkEidasResponse) jaxbUnmarshaller + .unmarshal(this.getClass().getResourceAsStream(responseXmlPath)); + org.mockito.Mockito.when(szrMock.getIdentityLinkEidas(any(PersonInfoType.class))).thenReturn(szrResponse.getGetIdentityLinkReturn()); + + } + private void checkElement(String expected, String value) { + Assert.assertNotNull(value); + Assert.assertEquals(expected, value); + + } + + @Nonnull + private AuthenticationResponse buildDummyAuthResponse() throws URISyntaxException { + final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); + final AttributeDefinition attributeDef2 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_CURRENTFAMILYNAME).first(); + final AttributeDefinition attributeDef3 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_CURRENTGIVENNAME).first(); + final AttributeDefinition attributeDef4 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_DATEOFBIRTH).first(); + + final ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder() + .put(attributeDef, "LU/AT/" + RandomStringUtils.randomNumeric(64)) + .put(attributeDef2, RandomStringUtils.randomAlphabetic(10)) + .put(attributeDef3, RandomStringUtils.randomAlphabetic(10)).put(attributeDef4, "2001-01-01").build(); + + val b = new AuthenticationResponse.Builder(); + return b.id("_".concat(Random.nextHexRandom16())) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .subject(RandomStringUtils.randomAlphabetic(10)) + .statusCode("200") + .inResponseTo("_".concat(Random.nextHexRandom16())) + .subjectNameIdFormat("afaf") + .levelOfAssurance(EaafConstants.EIDAS_LOA_PREFIX + RandomStringUtils.randomAlphabetic(5)) + .attributes(attributeMap) + .build(); + } +} diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java new file mode 100644 index 00000000..763d7d39 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java @@ -0,0 +1,670 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import static org.junit.Assert.assertNull; + +import java.io.UnsupportedEncodingException; +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.exceptions.GuiBuildException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import eu.eidas.auth.commons.light.ILightRequest; +import eu.eidas.specificcommunication.exception.SpecificCommunicationException; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml"}) +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) +public class GenerateAuthnRequestTaskTest { + + @Autowired(required = true) + private GenerateAuthnRequestTask task; + @Autowired(required = true) + private DummySpecificCommunicationService commService; + @Autowired(required = true) + private MsConnectorDummyConfigMap basicConfig; + + final ExecutionContext executionContext = new ExecutionContextImpl(); + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + private TestRequestImpl pendingReq; + private DummySpConfiguration oaParam; + private Map<String, String> spConfig; + + + /** + * jUnit test set-up. + * + */ + @Before + public void setUp() { + + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); + spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); + oaParam = new DummySpConfiguration(spConfig, basicConfig); + + pendingReq = new TestRequestImpl(); + pendingReq.setSpConfig(oaParam); + pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); + pendingReq.setAuthUrl("http://test.com/"); + + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm", "true"); + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.entityId", + RandomStringUtils.randomAlphabetic(10)); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", + "http://test/" + RandomStringUtils.randomAlphabetic(5)); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat"); + basicConfig.removeConfigValue(Constants.CONIG_PROPS_EIDAS_WORKAROUND_STAGING_MS_CONNECTOR); + + } + + @Test + public void missingIssuer() { + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.entityId"); + + //execute test + try { + task.execute(pendingReq, executionContext); + Assert.fail("Missing Issuer not detected"); + + } catch (final TaskExecutionException e) { + // forward URL is not set in example config + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e.getOriginalException(), + "Wrong exception"); + Assert.assertEquals("wrong errorCode", "config.27", ((EaafException) e.getOriginalException()) + .getErrorId()); + Assert.assertEquals("wrong parameter size", 1, ((EaafException) e.getOriginalException()) + .getParams().length); + + } + } + + @Test + public void missingForwardUrl() { + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.forward.endpoint"); + + //execute test + try { + task.execute(pendingReq, executionContext); + Assert.fail("Missing Forward-URL not detected"); + + } catch (final TaskExecutionException e) { + // forward URL is not set in example config + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e.getOriginalException(), + "Wrong exception"); + Assert.assertEquals("wrong errorCode", "config.08", ((EaafException) e.getOriginalException()) + .getErrorId()); + Assert.assertEquals("wrong parameter size", 1, ((EaafException) e.getOriginalException()) + .getParams().length); + Assert.assertEquals("wrong errorMsg", Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL, ((EaafException) e + .getOriginalException()).getParams()[0]); + + } + } + + @Test + public void selectUnknownStage() { + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); + String stage = RandomStringUtils.randomAlphabetic(5); + executionContext.put("selectedEnvironment", stage); + + //execute test + try { + task.execute(pendingReq, executionContext); + Assert.fail("Missing Forward-URL not detected"); + + } catch (final TaskExecutionException e) { + // forward URL is not set in example config + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e.getOriginalException(), + "Wrong exception"); + Assert.assertEquals("wrong errorCode", "config.08", ((EaafException) e.getOriginalException()) + .getErrorId()); + Assert.assertEquals("wrong parameter size", 1, ((EaafException) e.getOriginalException()) + .getParams().length); + Assert.assertEquals("wrong errorMsg", Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + "." + stage, ((EaafException) e + .getOriginalException()).getParams()[0]); + + } + } + + @Test + public void selectQsEndpoint() throws TaskExecutionException, + SpecificCommunicationException, EaafStorageException { + //set-up test + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); + executionContext.put("selectedEnvironment", "qs"); + + String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.endpoint.qs", dynEndPoint); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); + + + //perform test + task.execute(pendingReq, executionContext); + + //validate state + Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); + Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); + Assert.assertTrue("Wrong redirect endpoint", + ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint)); + + } + + @Test + public void selectTestEndpoint() throws TaskExecutionException, + SpecificCommunicationException, EaafStorageException { + //set-up test + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); + executionContext.put("selectedEnvironment", "test"); + + String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.endpoint.test", dynEndPoint); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); + + + //perform test + task.execute(pendingReq, executionContext); + + //validate state + Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); + Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); + Assert.assertTrue("Wrong redirect endpoint", + ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint)); + + } + + @Test + public void selectDevEndpoint() throws TaskExecutionException, + SpecificCommunicationException, EaafStorageException { + //set-up test + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); + executionContext.put("selectedEnvironment", "dev"); + + String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.endpoint.dev", dynEndPoint); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); + + + //perform test + task.execute(pendingReq, executionContext); + + //validate state + Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); + Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); + Assert.assertTrue("Wrong redirect endpoint", + ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint)); + + } + + @Test + public void noCountryCode() { + try { + task.execute(pendingReq, executionContext); + Assert.fail("No countryCode not detected"); + + } catch (final TaskExecutionException e) { + Assert.assertEquals("wrong pendingReqId", pendingReq.getPendingRequestId(), e.getPendingRequestID()); + org.springframework.util.Assert.isInstanceOf(EidasSAuthenticationException.class, e + .getOriginalException(), "Wrong exception"); + Assert.assertEquals("wrong errorCode", "eidas.03", ((EaafException) e.getOriginalException()) + .getErrorId()); + + } + } + + @Test + public void withStaticProviderNameForPublicSPs() throws TaskExecutionException, + SpecificCommunicationException { + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); + + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.publicSectorTargets", ".*"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true"); + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs"); + + + //execute test + task.execute(pendingReq, executionContext); + + //validate state + final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); + + Assert.assertEquals("ProviderName is not Static", + Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, eidasReq.getProviderName()); + Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType()); + Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance()); + Assert.assertNull("msConnector Staging", + pendingReq.getRawData(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, String.class)); + + } + + @Test + public void withMsConnectorStaging() throws TaskExecutionException, + SpecificCommunicationException { + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); + + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.publicSectorTargets", ".*"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true"); + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs"); + + String msConnectorStage = RandomStringUtils.randomAlphanumeric(10); + basicConfig.putConfigValue(Constants.CONIG_PROPS_EIDAS_WORKAROUND_STAGING_MS_CONNECTOR, msConnectorStage); + + + //execute test + task.execute(pendingReq, executionContext); + + //validate state + Assert.assertEquals("msConnector Staging", msConnectorStage, + pendingReq.getRawData(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, String.class)); + + + + } + + @Test + public void withCustomStaticProviderNameForPublicSPs() throws TaskExecutionException, + SpecificCommunicationException { + String cc = RandomStringUtils.randomAlphabetic(2); + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, cc); + + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.publicSectorTargets", ".*"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderNames", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs", "myNode"); + + //execute test + task.execute(pendingReq, executionContext); + + //validate state + final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); + + Assert.assertEquals("wrong issuer", + basicConfig.getBasicConfiguration("eidas.ms.auth.eIDAS.node_v2.entityId"), eidasReq.getIssuer()); + Assert.assertEquals("ProviderName is not Static", "myNode", eidasReq.getProviderName()); + Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType()); + Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance()); + Assert.assertEquals("wrong CC", cc, eidasReq.getCitizenCountryCode()); + assertNull("NameIdPolicy not null", eidasReq.getNameIdFormat()); + + } + + @Test + public void withDynamicProviderNameForPublicSPs() throws TaskExecutionException, + SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException { + //set-up test + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); + executionContext.put("selectedEnvironment", "prod"); + + String providerName = RandomStringUtils.randomAlphanumeric(10); + pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName); + + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false"); + + String nameIdFormat = RandomStringUtils.randomAlphabetic(10); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat", nameIdFormat); + + String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); + + //execute test + task.execute(pendingReq, executionContext); + + //validate state + Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); + Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); + Assert.assertTrue("Wrong redirect endpoint", + ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint)); + + + final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); + + Assert.assertNotNull("ProviderName found", eidasReq.getProviderName()); + Assert.assertEquals("PrividerName", providerName, eidasReq.getProviderName()); + Assert.assertNull("RequesterId found", eidasReq.getRequesterId()); + Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType()); + Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH, + eidasReq.getLevelOfAssurance()); + + Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size()); + Assert.assertEquals("NameIdFormat", nameIdFormat, eidasReq.getNameIdFormat()); + + } + + @Test + public void publicSpWithCountryLu() throws TaskExecutionException, + SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException { + //set-up test + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU"); + executionContext.put("selectedEnvironment", "prod"); + + String providerName = RandomStringUtils.randomAlphanumeric(10); + pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName); + + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); + + String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); + + //execute test + task.execute(pendingReq, executionContext); + + //validate state + Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); + Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); + Assert.assertTrue("Wrong redirect endpoint", + ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint)); + + + final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); + + Assert.assertEquals("PrividerName", "myNode", eidasReq.getProviderName()); + Assert.assertEquals("RequesterId found", "myNode", eidasReq.getRequesterId()); + Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType()); + Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH, + eidasReq.getLevelOfAssurance()); + + Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size()); + + } + + @Test + public void privateSpWithCountryLu() throws TaskExecutionException, + SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException { + //set-up test + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU"); + executionContext.put("selectedEnvironment", "prod"); + + String providerName = RandomStringUtils.randomAlphanumeric(10); + String requesterId = RandomStringUtils.randomAlphanumeric(10); + pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName); + pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, requesterId); + + spConfig.put("target", + EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6)); + + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true"); + + String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); + + //execute test + task.execute(pendingReq, executionContext); + + //validate state + Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); + Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); + Assert.assertTrue("Wrong redirect endpoint", + ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint)); + + + final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); + + Assert.assertEquals("PrividerName", "Austria", eidasReq.getProviderName()); + Assert.assertEquals("RequesterId", "Austria", eidasReq.getRequesterId()); + Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType()); + Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH, + eidasReq.getLevelOfAssurance()); + + Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size()); + + } + + @Test + public void withEidasNodePostReqNotValidTemplate() throws TaskExecutionException, + SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException { + //set-up test + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); + String providerName = RandomStringUtils.randomAlphanumeric(10); + pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName); + + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false"); + + + String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.method", "POST"); + + //execute test + try { + task.execute(pendingReq, executionContext); + Assert.fail("Missing template not detected"); + + } catch (TaskExecutionException e) { + Assert.assertEquals("ErrorCode", "Could not resolve view with name 'eidas_node_forward.html' ", + ((GuiBuildException) e.getOriginalException()).getMessage()); + + } + } + + @Test + public void withDynamicProviderNameForPrivateSPs() throws TaskExecutionException, + SpecificCommunicationException, EaafStorageException { + //set-up test + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); + spConfig.put("target", + EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6)); + String providerName = RandomStringUtils.randomAlphanumeric(10); + pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName); + pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, "http://junit.sp"); + + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false"); + + String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); + + + //perform test + task.execute(pendingReq, executionContext); + + //validate state + Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); + Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); + Assert.assertTrue("Wrong redirect endpoint", + ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint)); + + + final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); + + Assert.assertEquals("PrividerName", providerName, eidasReq.getProviderName()); + Assert.assertEquals("RequesterId", "Wr8LrrVf5SYneblOlZdZNaLQQCCgzklfKQvyeZjBx10=", eidasReq.getRequesterId()); + Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType()); + Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance()); + + } + + @Test + public void privateSPWithoutRequestIdHashing() throws TaskExecutionException, + SpecificCommunicationException, EaafStorageException { + //set-up test + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); + spConfig.put("target", + EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6)); + String providerName = RandomStringUtils.randomAlphanumeric(10); + String requesterId = RandomStringUtils.randomAlphanumeric(10); + pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName); + pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, requesterId); + + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false"); + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm", "false"); + + String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); + + + //perform test + task.execute(pendingReq, executionContext); + + //validate state + Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); + Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); + Assert.assertTrue("Wrong redirect endpoint", + ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint)); + + + final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); + + Assert.assertEquals("PrividerName", providerName, eidasReq.getProviderName()); + Assert.assertEquals("RequesterId", requesterId, eidasReq.getRequesterId()); + Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType()); + Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance()); + + } + + @Test + public void withoutProviderNameForPublicSPs() throws TaskExecutionException, + SpecificCommunicationException, EaafStorageException { + //set-up test + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); + String providerName = RandomStringUtils.randomAlphanumeric(10); + pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName); + + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "false"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "false"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false"); + + + String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); + + + //execute test + task.execute(pendingReq, executionContext); + + //validate state + Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); + + final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); + + Assert.assertNull("ProviderName found", eidasReq.getProviderName()); + Assert.assertNull("RequesterId found", eidasReq.getRequesterId()); + Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType()); + Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance()); + + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java new file mode 100644 index 00000000..ba77610a --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java @@ -0,0 +1,253 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import static at.asitplus.eidas.specific.core.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; + +import java.net.URISyntaxException; +import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; + +import javax.annotation.Nonnull; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummySpConfiguration; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAuthnResponseTask; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse; +import lombok.val; + +@RunWith(SpringJUnit4ClassRunner.class) +@PrepareForTest(CreateIdentityLinkTask.class) +@DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml"}) +public class ReceiveEidasResponseTaskTest { + + @Autowired(required = true) + private ReceiveAuthnResponseTask task; + + @Autowired(required = true) + private MsConnectorDummyConfigMap basicConfig; + @Autowired + protected EidasAttributeRegistry attrRegistry; + + @Autowired private IRequestStorage storage; + + final ExecutionContext executionContext = new ExecutionContextImpl(); + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + private TestRequestImpl pendingReq; + private MsConnectorDummySpConfiguration oaParam; + + /** + * jUnit test set-up. + */ + @Before + public void setUp() throws EaafStorageException, URISyntaxException { + + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false"); + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.eid.testidentity.default", "false"); + + final Map<String, String> spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); + spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); + spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true"); + oaParam = new MsConnectorDummySpConfiguration(spConfig, basicConfig); + oaParam.setLoa(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH)); + pendingReq = new TestRequestImpl(); + + pendingReq.setSpConfig(oaParam); + pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); + pendingReq.setAuthUrl("http://test.com/"); + pendingReq.setTransactionId("avaasbav"); + pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10)); + + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU"); + executionContext.put(EaafConstants.PROCESS_ENGINE_REQUIRES_NO_POSTAUTH_REDIRECT, true); + + } + + @Test + public void missingEidasResponse() { + try { + task.execute(pendingReq, executionContext); + Assert.fail("No eIDAS response not detected"); + + } catch (TaskExecutionException e) { + Assert.assertEquals("ErrorId", "eidas.01", + ((EaafException) e.getOriginalException()).getErrorId()); + + } + } + + @Test + public void notSuccessEidasResponse() throws URISyntaxException { + String statusCode = RandomStringUtils.randomAlphabetic(10); + httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, + buildDummyAuthResponse(statusCode)); + + + try { + task.execute(pendingReq, executionContext); + Assert.fail("No eIDAS response not detected"); + + } catch (TaskExecutionException e) { + Assert.assertEquals("ErrorId", "eidas.02", + ((EaafException) e.getOriginalException()).getErrorId()); + Assert.assertEquals("wrong parameter size", 2, ((EaafException) e.getOriginalException()) + .getParams().length); + Assert.assertEquals("wrong errorMsg", statusCode, ((EaafException) e + .getOriginalException()).getParams()[0]); + + } + } + + @Test + public void successAndForward() throws URISyntaxException, TaskExecutionException, + PendingReqIdValidationException, EaafStorageException { + + AuthenticationResponse eidasResponse = buildDummyAuthResponse(Constants.SUCCESS_URI); + httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse); + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU"); + + String alternativReturnEndpoint = "http://ms-connector.alternative/" + RandomStringUtils.randomAlphabetic(10); + pendingReq.setRawDataToTransaction( + MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, alternativReturnEndpoint); + + //execute test + task.execute(pendingReq, executionContext); + + //validate state + Assert.assertEquals("msConnectorStage", true, + (Boolean) executionContext.get(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING)); + + //validate state + Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); + Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); + Assert.assertTrue("Wrong redirect endpoint", + ((String) httpResp.getHeaderValue("Location")).startsWith(alternativReturnEndpoint)); + + + } + + @Test + public void success() throws URISyntaxException, TaskExecutionException, PendingReqIdValidationException { + @Nonnull + AuthenticationResponse eidasResponse = buildDummyAuthResponse(Constants.SUCCESS_URI); + httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse); + + //execute test + task.execute(pendingReq, executionContext); + + //validate state + IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + Assert.assertNotNull("pendingReq not stored", storedReq); + + final EidAuthProcessDataWrapper authProcessData = storedReq.getSessionData(EidAuthProcessDataWrapper.class); + Assert.assertEquals("LoA", eidasResponse.getLevelOfAssurance(), authProcessData.getQaaLevel()); + Assert.assertNotNull("eIDAS response", + authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE)); + Assert.assertEquals("eIDAS response", eidasResponse, + authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE)); + Assert.assertFalse("testIdentity flag", authProcessData.isTestIdentity()); + + Assert.assertEquals("msConnectorStage", false, + (Boolean) executionContext.get(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING)); + } + + @Test + public void successWithTestIdentity() throws URISyntaxException, TaskExecutionException, PendingReqIdValidationException { + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.eid.testidentity.default", "true"); + + @Nonnull + AuthenticationResponse eidasResponse = buildDummyAuthResponse(Constants.SUCCESS_URI); + httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse); + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU"); + + //execute test + task.execute(pendingReq, executionContext); + + //validate state + IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + Assert.assertNotNull("pendingReq not stored", storedReq); + + final EidAuthProcessDataWrapper authProcessData = storedReq.getSessionData(EidAuthProcessDataWrapper.class); + Assert.assertEquals("LoA", eidasResponse.getLevelOfAssurance(), authProcessData.getQaaLevel()); + Assert.assertNotNull("eIDAS response", + authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE)); + Assert.assertEquals("eIDAS response", eidasResponse, + authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE)); + Assert.assertTrue("testIdentity flag", authProcessData.isTestIdentity()); + + } + + + + @Nonnull + private AuthenticationResponse buildDummyAuthResponse(String statusCode) throws URISyntaxException { + final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); + final AttributeDefinition attributeDef2 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_CURRENTFAMILYNAME).first(); + final AttributeDefinition attributeDef3 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_CURRENTGIVENNAME).first(); + final AttributeDefinition attributeDef4 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_DATEOFBIRTH).first(); + + final ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder() + .put(attributeDef, "LU/AT/" + RandomStringUtils.randomNumeric(64)) + .put(attributeDef2, RandomStringUtils.randomAlphabetic(10)) + .put(attributeDef3, RandomStringUtils.randomAlphabetic(10)).put(attributeDef4, "2001-01-01").build(); + + val b = new AuthenticationResponse.Builder(); + return b.id("_".concat(Random.nextHexRandom16())) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .subject(RandomStringUtils.randomAlphabetic(10)) + .statusCode(statusCode) + .inResponseTo("_".concat(Random.nextHexRandom16())) + .subjectNameIdFormat("afaf") + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .attributes(attributeMap) + .build(); + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/utils/JoseUtilsTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/utils/JoseUtilsTest.java new file mode 100644 index 00000000..ad38e371 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/utils/JoseUtilsTest.java @@ -0,0 +1,139 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.utils; + +import java.io.IOException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.Provider; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; + +import org.apache.commons.lang3.RandomStringUtils; +import org.jose4j.jwa.AlgorithmConstraints; +import org.jose4j.jwa.AlgorithmConstraints.ConstraintType; +import org.jose4j.jws.AlgorithmIdentifiers; +import org.jose4j.lang.JoseException; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils.JwsResult; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; + +@RunWith(SpringJUnit4ClassRunner.class) +@PrepareForTest(CreateIdentityLinkTask.class) +@DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml"}) +public class JoseUtilsTest { + + @Autowired private EaafKeyStoreFactory keyStoreFactory; + + private static final List<String> AUTH_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList( + Arrays.asList( + AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256, + AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512, + AlgorithmIdentifiers.RSA_PSS_USING_SHA256, + AlgorithmIdentifiers.RSA_PSS_USING_SHA512)); + + + @Test + public void missingKey() throws EaafException, JoseException, KeyStoreException, IOException { + + KeyStoreConfiguration config = new KeyStoreConfiguration(); + config.setFriendlyName("jUnittest"); + config.setKeyStoreType(KeyStoreType.JKS); + config.setSoftKeyStoreFilePath("../data/junit.jks"); + config.setSoftKeyStorePassword("password"); + + Pair<KeyStore, Provider> keyStore = keyStoreFactory.buildNewKeyStore(config); + String payLoad = RandomStringUtils.randomAlphanumeric(100); + + //check signing + try { + JoseUtils.createSignature(keyStore, "notExist", "password".toCharArray(), payLoad , true, "jUnitTest"); + Assert.fail("missing Key not detected"); + + } catch (EaafException e) { + Assert.assertEquals("ErrorId", "internal.keystore.09", e.getErrorId()); + + } + } + + @Test + public void createRsaSignature() throws EaafException, JoseException, KeyStoreException, IOException { + + KeyStoreConfiguration config = new KeyStoreConfiguration(); + config.setFriendlyName("jUnittest"); + config.setKeyStoreType(KeyStoreType.JKS); + config.setSoftKeyStoreFilePath("../data/junit.jks"); + config.setSoftKeyStorePassword("password"); + + Pair<KeyStore, Provider> keyStore = keyStoreFactory.buildNewKeyStore(config); + String payLoad = RandomStringUtils.randomAlphanumeric(100); + + //check signing + String result = JoseUtils.createSignature(keyStore, "meta", "password".toCharArray(), payLoad , true, "jUnitTest"); + + Assert.assertNotNull("signed message", result); + Assert.assertFalse("signed msg empty", result.isEmpty()); + + + //validate + List<X509Certificate> trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore.getFirst()); + final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT, + AUTH_ALGORITHM_WHITELIST_SIGNING + .toArray(new String[AUTH_ALGORITHM_WHITELIST_SIGNING.size()])); + JwsResult verify = JoseUtils.validateSignature(result, trustedCerts, constraints); + + Assert.assertTrue("sig. verify", verify.isValid()); + Assert.assertEquals("payload", payLoad, verify.getPayLoad()); + + } + + @Test + public void createEccSignature() throws EaafException, JoseException, KeyStoreException, IOException { + + KeyStoreConfiguration config = new KeyStoreConfiguration(); + config.setFriendlyName("jUnittest"); + config.setKeyStoreType(KeyStoreType.JKS); + config.setSoftKeyStoreFilePath("../data/junit.jks"); + config.setSoftKeyStorePassword("password"); + + Pair<KeyStore, Provider> keyStore = keyStoreFactory.buildNewKeyStore(config); + String payLoad = RandomStringUtils.randomAlphanumeric(100); + + //check signing + String result = JoseUtils.createSignature(keyStore, "sig", "password".toCharArray(), payLoad , true, "jUnitTest"); + + Assert.assertNotNull("signed message", result); + Assert.assertFalse("signed msg empty", result.isEmpty()); + + + //validate + List<X509Certificate> trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore.getFirst()); + final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT, + AUTH_ALGORITHM_WHITELIST_SIGNING + .toArray(new String[AUTH_ALGORITHM_WHITELIST_SIGNING.size()])); + JwsResult verify = JoseUtils.validateSignature(result, trustedCerts, constraints); + + Assert.assertTrue("sig. verify", verify.isValid()); + Assert.assertEquals("payload", payLoad, verify.getPayLoad()); + + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasAttributePostProcessingTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasAttributePostProcessingTest.java new file mode 100644 index 00000000..9bb51cd9 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasAttributePostProcessingTest.java @@ -0,0 +1,460 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.validation; + +import static org.junit.Assert.fail; + +import java.io.IOException; +import java.text.SimpleDateFormat; +import java.util.HashMap; +import java.util.Map; + +import org.joda.time.DateTime; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml"}) +@DirtiesContext(classMode = ClassMode.AFTER_CLASS) +public class EidasAttributePostProcessingTest { + + @Autowired + private CcSpecificEidProcessingService postProcessor; + + // lower case + private static final String P1_eIDASID = + "DE/AT/532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25"; + private static final String P1_GIVENNAME = "Max"; + private static final String P1_FAMILYNAME = "Mustermann"; + private static final DateTime P1_DATEOFBIRTH = DateTime.now(); + private static final String P1_PLACEOFBIRTH = "Nirgendwo"; + private static final String P1_BIRTHNAME = "Musterkind"; + + // mixed + private static final String P3_eIDASID = + "DE/AT/532eaabd9574880dbf76b9b8cc00832c20A6ec113d682299550d7a6e0f345e25"; + private static final String P3_GIVENNAME = "Max"; + private static final String P3_FAMILYNAME = "Mustermann"; + private static final DateTime P3_DATEOFBIRTH = DateTime.now(); + private static final String P3_PLACEOFBIRTH = "Nirgendwo"; + private static final String P3_BIRTHNAME = "Musterkind"; + + // upper case + private static final String P4_eIDASID = + "DE/AT/532EAABD9574880DBF76B9B8CC00832C20A6EC113D682299550D7A6E0F345E25"; + private static final String P4_GIVENNAME = "Max"; + private static final String P4_FAMILYNAME = "Mustermann"; + private static final DateTime P4_DATEOFBIRTH = DateTime.now(); + private static final String P4_PLACEOFBIRTH = "Nirgendwo"; + private static final String P4_BIRTHNAME = "Musterkind"; + + // To long identifier + private static final String P5_eIDASID = + "DE/AT/532EAABD9574880DBF76B9B8CC00832C20A6EC113D682299550D7A6E0F345E251"; + private static final String P5_GIVENNAME = "Max"; + private static final String P5_FAMILYNAME = "Mustermann"; + private static final DateTime P5_DATEOFBIRTH = DateTime.now(); + private static final String P5_PLACEOFBIRTH = "Nirgendwo"; + private static final String P5_BIRTHNAME = "Musterkind"; + + // to short identifier + private static final String P6_eIDASID = "DE/AT/532EAABD9574880DBF76B9B8CC00832C20A6EC113D682299550D7A6E0F"; + private static final String P6_GIVENNAME = "Max"; + private static final String P6_FAMILYNAME = "Mustermann"; + private static final DateTime P6_DATEOFBIRTH = DateTime.now(); + private static final String P6_PLACEOFBIRTH = "Nirgendwo"; + private static final String P6_BIRTHNAME = "Musterkind"; + + // no hex encoded identifier + private static final String P7_eIDASID = "DE/AT/532EAABD9574880DBF76B9B8CC00832C20A6EC113D682299550D7A6E0F"; + private static final String P7_GIVENNAME = "Max"; + private static final String P7_FAMILYNAME = "Mustermann"; + private static final DateTime P7_DATEOFBIRTH = DateTime.now(); + private static final String P7_PLACEOFBIRTH = "Nirgendwo"; + private static final String P7_BIRTHNAME = "Musterkind"; + + private static final String P2_eIDASID = + "EE/AT/asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd"; + private static final String P2_GIVENNAME = "Max"; + private static final String P2_FAMILYNAME = "Mustermann"; + private static final DateTime P2_DATEOFBIRTH = DateTime.now(); + private static final String P2_PLACEOFBIRTH = "Nirgendwo"; + private static final String P2_BIRTHNAME = "Musterkind"; + + /** + * jUnit class initializer. + * + * @throws IOException In case of an error + */ + @BeforeClass + public static void classInitializer() throws IOException { + final String current = new java.io.File(".").toURI().toString(); + System.setProperty("eidas.ms.configuration", current + "../../basicConfig/default_config.properties"); + + } + + @Test + public void deWithHexLowerCase() throws Exception { + try { + final ErnbEidData result = postProcessor.postProcess( + generateInputData( + P1_eIDASID, + P1_FAMILYNAME, + P1_GIVENNAME, + P1_DATEOFBIRTH, + P1_PLACEOFBIRTH, + P1_BIRTHNAME)); + + validate(result, + "Uy6qvZV0iA2/drm4zACDLCCm7BE9aCKZVQ16bg80XiU=", + P1_FAMILYNAME, + P1_GIVENNAME, + P1_DATEOFBIRTH, + P1_PLACEOFBIRTH, + P1_BIRTHNAME); + + } catch (final Exception e) { + e.printStackTrace(); + fail(e.getMessage()); + + } + } + + @Test + public void deWithHexMixedCase() throws Exception { + try { + final ErnbEidData result = postProcessor.postProcess( + generateInputData( + P3_eIDASID, + P3_FAMILYNAME, + P3_GIVENNAME, + P3_DATEOFBIRTH, + P3_PLACEOFBIRTH, + P3_BIRTHNAME)); + + validate(result, + "Uy6qvZV0iA2/drm4zACDLCCm7BE9aCKZVQ16bg80XiU=", + P3_FAMILYNAME, + P3_GIVENNAME, + P3_DATEOFBIRTH, + P3_PLACEOFBIRTH, + P3_BIRTHNAME); + + } catch (final Exception e) { + e.printStackTrace(); + fail(e.getMessage()); + + } + } + + @Test + public void deWithHexUpperCase() throws Exception { + try { + final ErnbEidData result = postProcessor.postProcess( + generateInputData( + P4_eIDASID, + P4_FAMILYNAME, + P4_GIVENNAME, + P4_DATEOFBIRTH, + P4_PLACEOFBIRTH, + P4_BIRTHNAME)); + + validate(result, + "Uy6qvZV0iA2/drm4zACDLCCm7BE9aCKZVQ16bg80XiU=", + P4_FAMILYNAME, + P4_GIVENNAME, + P4_DATEOFBIRTH, + P4_PLACEOFBIRTH, + P4_BIRTHNAME); + + } catch (final Exception e) { + e.printStackTrace(); + fail(e.getMessage()); + + } + } + + @Test + public void deWithHexTooLongCase() throws Exception { + try { + postProcessor.postProcess( + generateInputData( + P5_eIDASID, + P5_FAMILYNAME, + P5_GIVENNAME, + P5_DATEOFBIRTH, + P5_PLACEOFBIRTH, + P5_BIRTHNAME)); + + } catch (final Exception e) { + return; + + } + + fail("Too long input accepted"); + } + + @Test + public void deWithHexTooShortCase() throws Exception { + try { + postProcessor.postProcess( + generateInputData( + P6_eIDASID, + P6_FAMILYNAME, + P6_GIVENNAME, + P6_DATEOFBIRTH, + P6_PLACEOFBIRTH, + P6_BIRTHNAME)); + + } catch (final Exception e) { + return; + + } + + fail("Too short input accepted"); + } + + @Test + public void deWithNoHexCase() throws Exception { + try { + postProcessor.postProcess( + generateInputData( + P7_eIDASID, + P7_FAMILYNAME, + P7_GIVENNAME, + P7_DATEOFBIRTH, + P7_PLACEOFBIRTH, + P7_BIRTHNAME)); + + } catch (final Exception e) { + return; + + } + + fail("Not hex encoded input accepted"); + } + + @Test + public void eeTestCase() throws Exception { + try { + final ErnbEidData result = postProcessor.postProcess( + generateInputData( + P2_eIDASID, + P2_FAMILYNAME, + P2_GIVENNAME, + P2_DATEOFBIRTH, + P2_PLACEOFBIRTH, + P2_BIRTHNAME)); + + validate(result, + "asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd", + P2_FAMILYNAME, + P2_GIVENNAME, + P2_DATEOFBIRTH, + P2_PLACEOFBIRTH, + P2_BIRTHNAME); + + } catch (final Exception e) { + e.printStackTrace(); + fail(e.getMessage()); + + } + } + + @Test + public void eeTestFamilyNameMissingCase() throws Exception { + try { + final ErnbEidData result = postProcessor.postProcess( + generateInputData( + P2_eIDASID, + null, + P2_GIVENNAME, + P2_DATEOFBIRTH, + P2_PLACEOFBIRTH, + P2_BIRTHNAME)); + + validate(result, + "asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd", + P2_FAMILYNAME, + P2_GIVENNAME, + P2_DATEOFBIRTH, + P2_PLACEOFBIRTH, + P2_BIRTHNAME); + + } catch (final Exception e) { + return; + + } + + fail("FamilyName missing input accepted"); + + } + + @Test + public void eeTestGivenNameMissingCase() throws Exception { + try { + final ErnbEidData result = postProcessor.postProcess( + generateInputData( + P2_eIDASID, + P2_FAMILYNAME, + null, + P2_DATEOFBIRTH, + P2_PLACEOFBIRTH, + P2_BIRTHNAME)); + + validate(result, + "asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd", + P2_FAMILYNAME, + P2_GIVENNAME, + P2_DATEOFBIRTH, + P2_PLACEOFBIRTH, + P2_BIRTHNAME); + + } catch (final Exception e) { + return; + + } + + fail("GivenName missing input accepted"); + + } + + @Test + public void eeTestDateOfBirthMissingCase() throws Exception { + try { + final ErnbEidData result = postProcessor.postProcess( + generateInputData( + P2_eIDASID, + P2_FAMILYNAME, + P2_GIVENNAME, + null, + P2_PLACEOFBIRTH, + P2_BIRTHNAME)); + + validate(result, + "asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd", + P2_FAMILYNAME, + P2_GIVENNAME, + P2_DATEOFBIRTH, + P2_PLACEOFBIRTH, + P2_BIRTHNAME); + + } catch (final Exception e) { + return; + + } + + fail("DateOfBirth missing input accepted"); + + } + + @Test + public void eeTestIdMissingCase() throws Exception { + try { + final ErnbEidData result = postProcessor.postProcess( + generateInputData( + null, + P2_FAMILYNAME, + P2_GIVENNAME, + P2_DATEOFBIRTH, + P2_PLACEOFBIRTH, + P2_BIRTHNAME)); + + validate(result, + "asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd", + P2_FAMILYNAME, + P2_GIVENNAME, + P2_DATEOFBIRTH, + P2_PLACEOFBIRTH, + P2_BIRTHNAME); + + } catch (final Exception e) { + return; + + } + + fail("eIDAS-Id missing input accepted"); + + } + + private Map<String, Object> generateInputData(String id, String familyName, String givenName, + DateTime dateOfBirth, String placeOfBirth, String birthName) { + final Map<String, Object> result = new HashMap<>(); + result.put(Constants.eIDAS_ATTR_PERSONALIDENTIFIER, id); + result.put(Constants.eIDAS_ATTR_CURRENTGIVENNAME, givenName); + result.put(Constants.eIDAS_ATTR_CURRENTFAMILYNAME, familyName); + result.put(Constants.eIDAS_ATTR_DATEOFBIRTH, dateOfBirth); + result.put(Constants.eIDAS_ATTR_PLACEOFBIRTH, placeOfBirth); + result.put(Constants.eIDAS_ATTR_BIRTHNAME, birthName); + return result; + + } + + private void validate(ErnbEidData result, String id, String familyName, String givenName, + DateTime dateOfBirth, String placeOfBirth, String birthName) { + if (!result.getPseudonym().equals(id)) { + fail(result.getPseudonym() + "is not equal to " + id); + } + + if (!result.getFamilyName().equals(familyName)) { + fail(result.getFamilyName() + "is not equal to " + familyName); + } + + if (!result.getGivenName().equals(givenName)) { + fail(result.getGivenName() + "is not equal to " + givenName); + } + + if (!result.getDateOfBirth().equals(dateOfBirth)) { + fail(result.getDateOfBirth() + "is not equal to " + dateOfBirth); + } + + if (!result.getFormatedDateOfBirth().equals(new SimpleDateFormat("yyyy-MM-dd").format(dateOfBirth + .toDate()))) { + fail(result.getDateOfBirth() + "is not equal to " + new SimpleDateFormat("yyyy-MM-dd").format( + dateOfBirth.toDate())); + } + + if (!result.getPlaceOfBirth().equals(placeOfBirth)) { + fail(result.getPlaceOfBirth() + "is not equal to " + placeOfBirth); + } + + if (!result.getBirthName().equals(birthName)) { + fail(result.getBirthName() + "is not equal to " + birthName); + } + + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java new file mode 100644 index 00000000..7ac41500 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java @@ -0,0 +1,155 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.validation; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; +import java.util.UUID; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import eu.eidas.auth.commons.light.impl.LightRequest; +import eu.eidas.auth.commons.light.impl.LightRequest.Builder; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_realConfig.xml"}) +@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties"}) +@DirtiesContext(classMode = ClassMode.AFTER_CLASS) +public class EidasRequestPreProcessingFirstTest { + + @Autowired + private IConfigurationWithSP basicConfig; + @Autowired + private CcSpecificEidProcessingService preProcessor; + + private TestRequestImpl pendingReq; + private DummySpConfiguration oaParam; + private Builder authnRequestBuilder; + + /** + * jUnit class initializer. + * + * @throws IOException In case of an error + */ + @BeforeClass + public static void classInitializer() throws IOException { +// final String current = new java.io.File(".").toURI().toString(); +// System.setProperty("eidas.ms.configuration", +// current + "src/test/resources/config/junit_config_de_attributes.properties"); + + } + + /** + * jUnit test set-up. + * + */ + @Before + public void setUp() { + + final Map<String, String> spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); + spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); + oaParam = new DummySpConfiguration(spConfig, basicConfig); + + pendingReq = new TestRequestImpl(); + pendingReq.setSpConfig(oaParam); + pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); + pendingReq.setAuthUrl("http://test.com/"); + + authnRequestBuilder = LightRequest.builder(); + authnRequestBuilder.id(UUID.randomUUID().toString()); + authnRequestBuilder.issuer("Test"); + authnRequestBuilder.levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH); + + } + + @Test + public void prePreProcessGeneric() throws EidPostProcessingException { + final String testCountry = "XX"; + authnRequestBuilder.citizenCountryCode(testCountry); + preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder); + + final LightRequest lightReq = authnRequestBuilder.build(); + + Assert.assertEquals("ProviderName is not Static", + Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, lightReq.getProviderName()); + Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); + Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size()); + + } + + @Test + public void prePreProcessGenericNoCountryCode() throws EidPostProcessingException { + final String testCountry = "XX"; + authnRequestBuilder.citizenCountryCode(testCountry); + preProcessor.preProcess(null, pendingReq, authnRequestBuilder); + + final LightRequest lightReq = authnRequestBuilder.build(); + + Assert.assertEquals("ProviderName is not Static", + Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, lightReq.getProviderName()); + Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); + Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size()); + + } + + @Test + public void prePreProcessDE() throws EidPostProcessingException { + + final String testCountry = "DE"; + authnRequestBuilder.citizenCountryCode(testCountry); + preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder); + + final LightRequest lightReq = authnRequestBuilder.build(); + + Assert.assertEquals("ProviderName is not Static", + Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, lightReq.getProviderName()); + Assert.assertNotSame("RequesterId was set", lightReq.getRequesterId()); + Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); + Assert.assertEquals("Requested attribute size not match", 8, lightReq.getRequestedAttributes().size()); + + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java new file mode 100644 index 00000000..9ee38296 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java @@ -0,0 +1,157 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.validation; + +import java.util.HashMap; +import java.util.Map; +import java.util.UUID; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import eu.eidas.auth.commons.light.impl.LightRequest; +import eu.eidas.auth.commons.light.impl.LightRequest.Builder; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml"}) +@DirtiesContext(classMode = ClassMode.AFTER_CLASS) +public class EidasRequestPreProcessingSecondTest { + + @Autowired + private MsConnectorDummyConfigMap basicConfig; + @Autowired + private CcSpecificEidProcessingService preProcessor; + + private TestRequestImpl pendingReq; + private DummySpConfiguration oaParam; + private Builder authnRequestBuilder; + + + /** + * jUnit test set-up. + * + */ + @Before + public void setUp() { + + final Map<String, String> spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); + spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); + oaParam = new DummySpConfiguration(spConfig, basicConfig); + + pendingReq = new TestRequestImpl(); + pendingReq.setSpConfig(oaParam); + pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); + pendingReq.setAuthUrl("http://test.com/"); + + authnRequestBuilder = LightRequest.builder(); + authnRequestBuilder.id(UUID.randomUUID().toString()); + authnRequestBuilder.issuer("Test"); + authnRequestBuilder.levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH); + + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "true"); + + } + + @Test + public void prePreProcessDeUnknownAttribute() throws EidPostProcessingException { + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs", "myNode"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true"); + + final String testCountry = "DE"; + authnRequestBuilder.citizenCountryCode(testCountry); + preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder); + + final LightRequest lightReq = authnRequestBuilder.build(); + + Assert.assertEquals("ProviderName is not Static", "myNode", lightReq.getProviderName()); + Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); + Assert.assertEquals("Requested attribute size not match", 8, lightReq.getRequestedAttributes().size()); + + } + + + /* + * Set ProviderName according to general configuration + */ + @Test + public void prePreProcessLuPublicSpWithoutRequestId() throws EidPostProcessingException { + + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "false"); + + final String testCountry = "LU"; + authnRequestBuilder.citizenCountryCode(testCountry); + preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder); + + final LightRequest lightReq = authnRequestBuilder.build(); + + Assert.assertEquals("ProviderName is not Static", "myNode", lightReq.getProviderName()); + Assert.assertNull("RequesterId", lightReq.getRequesterId()); + Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); + Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size()); + + } + + /* + * Always set requesterId and providername in case of country LU + */ + @Test + public void prePreProcessLuPublicSpWithStaticRequesterId() throws EidPostProcessingException { + + + final String testCountry = "LU"; + authnRequestBuilder.citizenCountryCode(testCountry); + preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder); + + final LightRequest lightReq = authnRequestBuilder.build(); + + Assert.assertEquals("ProviderName is not Static", + "myNode", lightReq.getProviderName()); + Assert.assertEquals("RequesterId is not Static", + "myNode", lightReq.getRequesterId()); + Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); + Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size()); + + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasResponseValidatorTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasResponseValidatorTest.java new file mode 100644 index 00000000..b1f1b164 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasResponseValidatorTest.java @@ -0,0 +1,333 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.validation; + +import static at.asitplus.eidas.specific.core.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; + +import java.net.URISyntaxException; +import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import com.google.common.collect.ImmutableSet; + +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummySpConfiguration; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasValidationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.validator.EidasResponseValidator; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.Builder; +import eu.eidas.auth.commons.attribute.impl.StringAttributeValue; +import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse; +import lombok.val; + +@RunWith(SpringJUnit4ClassRunner.class) +@PrepareForTest(CreateIdentityLinkTask.class) +@DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml"}) +public class EidasResponseValidatorTest { + + @Autowired private MsConnectorDummyConfigMap basicConfig; + @Autowired protected EidasAttributeRegistry attrRegistry; + + private TestRequestImpl pendingReq; + private MsConnectorDummySpConfiguration oaParam; + + + /** + * jUnit test set-up. + */ + @Before + public void setUp() throws EaafStorageException, URISyntaxException { + + final Map<String, String> spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); + spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); + spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true"); + oaParam = new MsConnectorDummySpConfiguration(spConfig, basicConfig); + oaParam.setLoa(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH)); + pendingReq = new TestRequestImpl(); + + pendingReq.setSpConfig(oaParam); + pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); + pendingReq.setAuthUrl("http://test.com/"); + pendingReq.setTransactionId("avaasbav"); + pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10)); + + } + + + @Test + public void loaFromResponseToLow() throws URISyntaxException { + //set-up + ILightResponse eidasResponse = buildDummyAuthResponse( + "LU/AT/" + RandomStringUtils.randomNumeric(10), + EaafConstants.EIDAS_LOA_LOW, + false); + String spCountry = "AT"; + String citizenCountryCode = "XX"; + + //execute test + try { + EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, attrRegistry); + Assert.fail("Wrong eIDAS response not detected"); + + } catch (EidasValidationException e) { + Assert.assertEquals("ErrorId", "eidas.06", e.getErrorId()); + Assert.assertEquals("wrong parameter size", 1, e.getParams().length); + Assert.assertEquals("wrong errorMsg", "http://eidas.europa.eu/LoA/low", + e.getParams()[0]); + + } + } + + @Test + public void noEidasSpCountry() throws URISyntaxException { + //set-up + ILightResponse eidasResponse = buildDummyAuthResponse( + "LU/AT/" + RandomStringUtils.randomNumeric(10), + EaafConstants.EIDAS_LOA_SUBSTANTIAL, + false); + String spCountry = null; + String citizenCountryCode = "LU"; + + oaParam.setLoa(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH, EaafConstants.EIDAS_LOA_SUBSTANTIAL)); + + + //execute test + try { + EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, attrRegistry); + Assert.fail("Wrong eIDAS response not detected"); + + } catch (EidasValidationException e) { + Assert.assertEquals("ErrorId", "eidas.07", e.getErrorId()); + Assert.assertEquals("wrong parameter size", 2, e.getParams().length); + Assert.assertEquals("wrong errorMsg", "PersonIdentifier", + e.getParams()[0]); + Assert.assertEquals("wrong errorMsg", + "Destination country does not match to SP country", + e.getParams()[1]); + + } + } + + @Test + public void noEidasResponseCountry() throws URISyntaxException { + //set-up + ILightResponse eidasResponse = buildDummyAuthResponse( + "LU/AT/" + RandomStringUtils.randomNumeric(10), + EaafConstants.EIDAS_LOA_SUBSTANTIAL, + false); + String spCountry = "AT"; + String citizenCountryCode = null; + + oaParam.setLoa(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH, EaafConstants.EIDAS_LOA_SUBSTANTIAL)); + + + //execute test + try { + EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, attrRegistry); + Assert.fail("Wrong eIDAS response not detected"); + + } catch (EidasValidationException e) { + Assert.assertEquals("ErrorId", "eidas.07", e.getErrorId()); + Assert.assertEquals("wrong parameter size", 2, e.getParams().length); + Assert.assertEquals("wrong errorMsg", "PersonIdentifier", + e.getParams()[0]); + Assert.assertEquals("wrong errorMsg", + "Citizen country does not match to eIDAS-node country that generates the response", + e.getParams()[1]); + + } + } + + @Test + public void wrongEidasResponseCountry() throws URISyntaxException { + //set-up + ILightResponse eidasResponse = buildDummyAuthResponse( + "LU/AT/" + RandomStringUtils.randomNumeric(10), + EaafConstants.EIDAS_LOA_SUBSTANTIAL, + false); + String spCountry = "AT"; + String citizenCountryCode = "XX"; + + oaParam.setLoa(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH, EaafConstants.EIDAS_LOA_SUBSTANTIAL)); + + + //execute test + try { + EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, attrRegistry); + Assert.fail("Wrong eIDAS response not detected"); + + } catch (EidasValidationException e) { + Assert.assertEquals("ErrorId", "eidas.07", e.getErrorId()); + Assert.assertEquals("wrong parameter size", 2, e.getParams().length); + Assert.assertEquals("wrong errorMsg", "PersonIdentifier", + e.getParams()[0]); + Assert.assertEquals("wrong errorMsg", + "Citizen country does not match to eIDAS-node country that generates the response", + e.getParams()[1]); + + } + } + + @Test + public void missingPersonalIdentifier() throws URISyntaxException { + //set-up + ILightResponse eidasResponse = buildDummyAuthResponse( + null, + EaafConstants.EIDAS_LOA_SUBSTANTIAL, + false); + String spCountry = "AT"; + String citizenCountryCode = "LU"; + + oaParam.setLoa(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH, EaafConstants.EIDAS_LOA_SUBSTANTIAL)); + + + //execute test + try { + EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, attrRegistry); + Assert.fail("Wrong eIDAS response not detected"); + + } catch (EidasValidationException e) { + Assert.assertEquals("ErrorId", "eidas.05", e.getErrorId()); + Assert.assertEquals("wrong parameter size", 1, e.getParams().length); + Assert.assertEquals("wrong errorMsg", "NO 'PersonalIdentifier' attriubte", + e.getParams()[0]); + + } + } + + @Test + public void moreThanOnePersonalIdentifier() throws URISyntaxException { + //set-up + ILightResponse eidasResponse = buildDummyAuthResponse( + null, + EaafConstants.EIDAS_LOA_SUBSTANTIAL, + true); + String spCountry = "AT"; + String citizenCountryCode = "LU"; + + oaParam.setLoa(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH, EaafConstants.EIDAS_LOA_SUBSTANTIAL)); + + + //execute test + try { + EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, attrRegistry); + Assert.fail("Wrong eIDAS response not detected"); + + } catch (EidasValidationException e) { + Assert.assertEquals("ErrorId", "eidas.05", e.getErrorId()); + Assert.assertEquals("wrong parameter size", 1, e.getParams().length); + Assert.assertEquals("wrong errorMsg", "NO 'PersonalIdentifier' attriubte", + e.getParams()[0]); + + } + } + + @Test + public void emptyPersonalIdentifier() throws URISyntaxException { + //set-up + ILightResponse eidasResponse = buildDummyAuthResponse( + "", + EaafConstants.EIDAS_LOA_SUBSTANTIAL, + false); + String spCountry = "AT"; + String citizenCountryCode = "LU"; + + oaParam.setLoa(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH, EaafConstants.EIDAS_LOA_SUBSTANTIAL)); + + + //execute test + try { + EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, attrRegistry); + Assert.fail("Wrong eIDAS response not detected"); + + } catch (EidasValidationException e) { + Assert.assertEquals("ErrorId", "eidas.07", e.getErrorId()); + Assert.assertEquals("wrong parameter size", 2, e.getParams().length); + Assert.assertEquals("wrong errorMsg", "PersonIdentifier", + e.getParams()[0]); + Assert.assertEquals("wrong errorMsg", + "Wrong identifier format", + e.getParams()[1]); + + } + } + + @Test + public void validResponse() throws URISyntaxException, EidasValidationException { + //set-up + + String spCountry = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + String cCountry = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + + ILightResponse eidasResponse = buildDummyAuthResponse( + cCountry + "/" + spCountry + "/" + RandomStringUtils.randomAlphanumeric(20), + EaafConstants.EIDAS_LOA_SUBSTANTIAL, + false); + + oaParam.setLoa(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH, EaafConstants.EIDAS_LOA_SUBSTANTIAL)); + + + //execute test + + EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, cCountry, attrRegistry); + + } + + + private AuthenticationResponse buildDummyAuthResponse(String personalId, String loa, boolean moreThanOnePersonalId) + throws URISyntaxException { + + + final AttributeDefinition personIdattributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); + + final Builder attributeMap = ImmutableAttributeMap.builder(); + if (personalId != null) { + if (moreThanOnePersonalId) { + ImmutableSet values = ImmutableSet.of(new StringAttributeValue(personalId), + new StringAttributeValue("XX/YY/" + RandomStringUtils.randomAlphanumeric(10))); + attributeMap.put(personIdattributeDef, values); + + } else { + attributeMap.put(personIdattributeDef, personalId); + + } + } + + val b = new AuthenticationResponse.Builder(); + return b.id("_".concat(Random.nextHexRandom16())) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .subject(RandomStringUtils.randomAlphabetic(10)) + .statusCode(Constants.SUCCESS_URI) + .inResponseTo("_".concat(Random.nextHexRandom16())) + .subjectNameIdFormat("afaf") + .levelOfAssurance(loa) + .attributes(attributeMap.build()) + .build(); + } +} + diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_mapConfig.xml b/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_mapConfig.xml new file mode 100644 index 00000000..fe9ff441 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_mapConfig.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <context:annotation-config /> + + <bean id="dummyMapBasedConfiguration" + class="at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap"> + <constructor-arg value="/config/junit_config_1.properties" /> + <property name="configRootDirSufix" value="src/test/resources/config" /> + </bean> + +</beans>
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_realConfig.xml b/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_realConfig.xml new file mode 100644 index 00000000..79695f69 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_realConfig.xml @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <context:annotation-config /> + + <!-- + <bean id="BasicMSSpecificNodeConfig" + class="at.asitplus.eidas.specific.connector.config.BasicConfigurationProvider"> + <constructor-arg + value="#{systemProperties['eidas.ms.configuration']}" /> + </bean> + --> + + <bean id="springBootBasicConfingProvider" + class="at.asitplus.eidas.specific.core.config.SpringBootBasicConfigurationProvider" /> + +</beans>
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml b/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml new file mode 100644 index 00000000..cd2888c1 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml @@ -0,0 +1,68 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <context:annotation-config /> + + + + <bean id="SZRClientForeIDAS" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient" /> + + <!-- <bean id="eIDASDataStore" class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.eIDASDataStore" + /> --> + + <bean id="springManagedSpecificConnectorCommunicationService" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService" /> + + <bean id="specificConnectorAttributesFileWithPath" + class="java.lang.String"> + <constructor-arg + value="src/test/resources/config/eidas-attributes.xml" /> + </bean> + + <bean id="specificConnectorAdditionalAttributesFileWithPath" + class="java.lang.String"> + <constructor-arg + value="src/test/resources/config/additional-attributes.xml" /> + </bean> + + <bean id="attributeRegistry" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry"> + <property name="eidasAttributesFile" + ref="specificConnectorAttributesFileWithPath" /> + <property name="additionalAttributesFile" + ref="specificConnectorAdditionalAttributesFileWithPath" /> + </bean> + + <bean id="EIDPostProcessingService" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService" /> + + <bean id="DE-PostProcessor" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeEidProcessor"> + <property name="priority" value="1" /> + </bean> + + <bean id="LU-PostProcessor" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.LuEidProcessor"> + <property name="priority" value="1" /> + </bean> + + <bean id="eIDASAuthModule" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasAuthenticationModulImpl"> + <property name="priority" value="2" /> + </bean> + + <bean id="Default-PostProcessor" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.GenericEidProcessor"> + <property name="priority" value="0" /> + </bean> + +</beans>
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml b/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml new file mode 100644 index 00000000..6d6bb51e --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml @@ -0,0 +1,67 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xmlns:mvc="http://www.springframework.org/schema/mvc" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd + http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> + + <context:annotation-config /> + <mvc:annotation-driven /> + <mvc:default-servlet-handler /> + + + <import resource="SpringTest-context_authManager.xml" /> + <import resource="SpringTest-context_basic_test.xml" /> + + <bean id="mvcGUIBuilderImpl" + class="at.gv.egiz.eaaf.core.impl.gui.builder.SpringMvcGuiFormBuilderImpl" /> + + <bean id="springManagedSpecificConnectorCommunicationService" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService" /> + + <bean id="specificConnectorAttributesFileWithPath" + class="java.lang.String"> + <constructor-arg + value="src/test/resources/config/eidas-attributes.xml" /> + </bean> + + <bean id="specificConnectorAdditionalAttributesFileWithPath" + class="java.lang.String"> + <constructor-arg + value="src/test/resources/config/additional-attributes.xml" /> + </bean> + + <bean id="attributeRegistry" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry"> + <property name="eidasAttributesFile" + ref="specificConnectorAttributesFileWithPath" /> + <property name="additionalAttributesFile" + ref="specificConnectorAdditionalAttributesFileWithPath" /> + </bean> + + <bean id="authBlockSigningService" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.AuthBlockSigningService" /> + + <bean id="EidasSignalServlet" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet" /> + + <!-- Authentication Process Tasks --> + <bean id="ConnecteIDASNodeTask" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask" + scope="prototype" /> + + <bean id="ReceiveResponseFromeIDASNodeTask" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAuthnResponseTask" + scope="prototype" /> + + <bean id="CreateIdentityLinkTask" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask" + scope="prototype" /> + +</beans>
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/config/additional-attributes.xml b/modules/authmodule-eIDAS-v2/src/test/resources/config/additional-attributes.xml new file mode 100644 index 00000000..6510546e --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/resources/config/additional-attributes.xml @@ -0,0 +1,39 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +# Copyright (c) 2017 European Commission +# Licensed under the EUPL, Version 1.2 or – as soon they will be +# approved by the European Commission - subsequent versions of the +# EUPL (the "Licence"); +# You may not use this work except in compliance with the Licence. +# You may obtain a copy of the Licence at: +# * https://joinup.ec.europa.eu/page/eupl-text-11-12 +# * +# Unless required by applicable law or agreed to in writing, software +# distributed under the Licence is distributed on an "AS IS" basis, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the Licence for the specific language governing permissions and limitations under the Licence. + --> + +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> +<properties> + <comment>Dynamic attributes</comment> + + <entry key="1.NameUri">http://eidas.europa.eu/attributes/naturalperson/AdditionalAttribute</entry> + <entry key="1.FriendlyName">AdditionalAttribute</entry> + <entry key="1.PersonType">NaturalPerson</entry> + <entry key="1.Required">false</entry> + <entry key="1.XmlType.NamespaceUri">http://www.w3.org/2001/XMLSchema</entry> + <entry key="1.XmlType.LocalPart">string</entry> + <entry key="1.XmlType.NamespacePrefix">xs</entry> + <entry key="1.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="2.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalAdditionalAttribute</entry> + <entry key="2.FriendlyName">LegalAdditionalAttribute</entry> + <entry key="2.PersonType">LegalPerson</entry> + <entry key="2.Required">false</entry> + <entry key="2.XmlType.NamespaceUri">http://www.w3.org/2001/XMLSchema</entry> + <entry key="2.XmlType.LocalPart">string</entry> + <entry key="2.XmlType.NamespacePrefix">xs</entry> + <entry key="2.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + +</properties> diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/config/eidas-attributes.xml b/modules/authmodule-eIDAS-v2/src/test/resources/config/eidas-attributes.xml new file mode 100644 index 00000000..cbae35db --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/resources/config/eidas-attributes.xml @@ -0,0 +1,376 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +# Copyright (c) 2017 European Commission +# Licensed under the EUPL, Version 1.2 or – as soon they will be +# approved by the European Commission - subsequent versions of the +# EUPL (the "Licence"); +# You may not use this work except in compliance with the Licence. +# You may obtain a copy of the Licence at: +# * https://joinup.ec.europa.eu/page/eupl-text-11-12 +# * +# Unless required by applicable law or agreed to in writing, software +# distributed under the Licence is distributed on an "AS IS" basis, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the Licence for the specific language governing permissions and limitations under the Licence. + --> + +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> +<properties> + <comment>eIDAS attributes</comment> + + <entry key="1.NameUri">http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier</entry> + <entry key="1.FriendlyName">PersonIdentifier</entry> + <entry key="1.PersonType">NaturalPerson</entry> + <entry key="1.Required">true</entry> + <entry key="1.UniqueIdentifier">true</entry> + <entry key="1.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="1.XmlType.LocalPart">PersonIdentifierType</entry> + <entry key="1.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="1.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="2.NameUri">http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName</entry> + <entry key="2.FriendlyName">FamilyName</entry> + <entry key="2.PersonType">NaturalPerson</entry> + <entry key="2.Required">true</entry> + <entry key="2.TransliterationMandatory">true</entry> + <entry key="2.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="2.XmlType.LocalPart">CurrentFamilyNameType</entry> + <entry key="2.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="2.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="3.NameUri">http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName</entry> + <entry key="3.FriendlyName">FirstName</entry> + <entry key="3.PersonType">NaturalPerson</entry> + <entry key="3.Required">true</entry> + <entry key="3.TransliterationMandatory">true</entry> + <entry key="3.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="3.XmlType.LocalPart">CurrentGivenNameType</entry> + <entry key="3.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="3.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="4.NameUri">http://eidas.europa.eu/attributes/naturalperson/DateOfBirth</entry> + <entry key="4.FriendlyName">DateOfBirth</entry> + <entry key="4.PersonType">NaturalPerson</entry> + <entry key="4.Required">true</entry> + <entry key="4.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="4.XmlType.LocalPart">DateOfBirthType</entry> + <entry key="4.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="4.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller</entry> + + <entry key="5.NameUri">http://eidas.europa.eu/attributes/naturalperson/BirthName</entry> + <entry key="5.FriendlyName">BirthName</entry> + <entry key="5.PersonType">NaturalPerson</entry> + <entry key="5.Required">false</entry> + <entry key="5.TransliterationMandatory">true</entry> + <entry key="5.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="5.XmlType.LocalPart">BirthNameType</entry> + <entry key="5.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="5.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="6.NameUri">http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth</entry> + <entry key="6.FriendlyName">PlaceOfBirth</entry> + <entry key="6.PersonType">NaturalPerson</entry> + <entry key="6.Required">false</entry> + <entry key="6.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="6.XmlType.LocalPart">PlaceOfBirthType</entry> + <entry key="6.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="6.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="7.NameUri">http://eidas.europa.eu/attributes/naturalperson/CurrentAddress</entry> + <entry key="7.FriendlyName">CurrentAddress</entry> + <entry key="7.PersonType">NaturalPerson</entry> + <entry key="7.Required">false</entry> + <entry key="7.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="7.XmlType.LocalPart">CurrentAddressType</entry> + <entry key="7.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="7.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller</entry> + + <entry key="8.NameUri">http://eidas.europa.eu/attributes/naturalperson/Gender</entry> + <entry key="8.FriendlyName">Gender</entry> + <entry key="8.PersonType">NaturalPerson</entry> + <entry key="8.Required">false</entry> + <entry key="8.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="8.XmlType.LocalPart">GenderType</entry> + <entry key="8.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="8.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.GenderAttributeValueMarshaller</entry> + + <entry key="9.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier</entry> + <entry key="9.FriendlyName">LegalPersonIdentifier</entry> + <entry key="9.PersonType">LegalPerson</entry> + <entry key="9.Required">true</entry> + <entry key="9.UniqueIdentifier">true</entry> + <entry key="9.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="9.XmlType.LocalPart">LegalPersonIdentifierType</entry> + <entry key="9.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="9.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="10.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalName</entry> + <entry key="10.FriendlyName">LegalName</entry> + <entry key="10.PersonType">LegalPerson</entry> + <entry key="10.Required">true</entry> + <entry key="10.TransliterationMandatory">true</entry> + <entry key="10.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="10.XmlType.LocalPart">LegalNameType</entry> + <entry key="10.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="10.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="11.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalPersonAddress</entry> + <entry key="11.FriendlyName">LegalAddress</entry> + <entry key="11.PersonType">LegalPerson</entry> + <entry key="11.Required">false</entry> + <entry key="11.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="11.XmlType.LocalPart">LegalPersonAddressType</entry> + <entry key="11.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="11.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.LegalAddressAttributeValueMarshaller</entry> + + <entry key="12.NameUri">http://eidas.europa.eu/attributes/legalperson/VATRegistrationNumber</entry> + <entry key="12.FriendlyName">VATRegistration</entry> + <entry key="12.PersonType">LegalPerson</entry> + <entry key="12.Required">false</entry> + <entry key="12.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="12.XmlType.LocalPart">VATRegistrationNumberType</entry> + <entry key="12.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="12.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="13.NameUri">http://eidas.europa.eu/attributes/legalperson/TaxReference</entry> + <entry key="13.FriendlyName">TaxReference</entry> + <entry key="13.PersonType">LegalPerson</entry> + <entry key="13.Required">false</entry> + <entry key="13.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="13.XmlType.LocalPart">TaxReferenceType</entry> + <entry key="13.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="13.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="14.NameUri">http://eidas.europa.eu/attributes/legalperson/D-2012-17-EUIdentifier</entry> + <entry key="14.FriendlyName">D-2012-17-EUIdentifier</entry> + <entry key="14.PersonType">LegalPerson</entry> + <entry key="14.Required">false</entry> + <entry key="14.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="14.XmlType.LocalPart">D-2012-17-EUIdentifierType</entry> + <entry key="14.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="14.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="15.NameUri">http://eidas.europa.eu/attributes/legalperson/LEI</entry> + <entry key="15.FriendlyName">LEI</entry> + <entry key="15.PersonType">LegalPerson</entry> + <entry key="15.Required">false</entry> + <entry key="15.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="15.XmlType.LocalPart">LEIType</entry> + <entry key="15.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="15.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="16.NameUri">http://eidas.europa.eu/attributes/legalperson/EORI</entry> + <entry key="16.FriendlyName">EORI</entry> + <entry key="16.PersonType">LegalPerson</entry> + <entry key="16.Required">false</entry> + <entry key="16.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="16.XmlType.LocalPart">EORIType</entry> + <entry key="16.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="16.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="17.NameUri">http://eidas.europa.eu/attributes/legalperson/SEED</entry> + <entry key="17.FriendlyName">SEED</entry> + <entry key="17.PersonType">LegalPerson</entry> + <entry key="17.Required">false</entry> + <entry key="17.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="17.XmlType.LocalPart">SEEDType</entry> + <entry key="17.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="17.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="18.NameUri">http://eidas.europa.eu/attributes/legalperson/SIC</entry> + <entry key="18.FriendlyName">SIC</entry> + <entry key="18.PersonType">LegalPerson</entry> + <entry key="18.Required">false</entry> + <entry key="18.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="18.XmlType.LocalPart">SICType</entry> + <entry key="18.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="18.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="19.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/PersonIdentifier</entry> + <entry key="19.FriendlyName">RepresentativePersonIdentifier</entry> + <entry key="19.PersonType">RepresentativeNaturalPerson</entry> + <entry key="19.Required">false</entry> + <entry key="19.UniqueIdentifier">true</entry> + <entry key="19.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="19.XmlType.LocalPart">PersonIdentifierType</entry> + <entry key="19.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="19.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="20.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/CurrentFamilyName</entry> + <entry key="20.FriendlyName">RepresentativeFamilyName</entry> + <entry key="20.PersonType">RepresentativeNaturalPerson</entry> + <entry key="20.Required">false</entry> + <entry key="20.TransliterationMandatory">true</entry> + <entry key="20.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="20.XmlType.LocalPart">CurrentFamilyNameType</entry> + <entry key="20.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="20.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="21.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/CurrentGivenName</entry> + <entry key="21.FriendlyName">RepresentativeFirstName</entry> + <entry key="21.PersonType">RepresentativeNaturalPerson</entry> + <entry key="21.Required">false</entry> + <entry key="21.TransliterationMandatory">true</entry> + <entry key="21.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="21.XmlType.LocalPart">CurrentGivenNameType</entry> + <entry key="21.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="21.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="22.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/DateOfBirth</entry> + <entry key="22.FriendlyName">RepresentativeDateOfBirth</entry> + <entry key="22.PersonType">RepresentativeNaturalPerson</entry> + <entry key="22.Required">false</entry> + <entry key="22.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="22.XmlType.LocalPart">DateOfBirthType</entry> + <entry key="22.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="22.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller</entry> + + <entry key="23.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/BirthName</entry> + <entry key="23.FriendlyName">RepresentativeBirthName</entry> + <entry key="23.PersonType">RepresentativeNaturalPerson</entry> + <entry key="23.Required">false</entry> + <entry key="23.TransliterationMandatory">true</entry> + <entry key="23.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="23.XmlType.LocalPart">BirthNameType</entry> + <entry key="23.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="23.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="24.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/PlaceOfBirth</entry> + <entry key="24.FriendlyName">RepresentativePlaceOfBirth</entry> + <entry key="24.PersonType">RepresentativeNaturalPerson</entry> + <entry key="24.Required">false</entry> + <entry key="24.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="24.XmlType.LocalPart">PlaceOfBirthType</entry> + <entry key="24.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="24.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="25.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/CurrentAddress</entry> + <entry key="25.FriendlyName">RepresentativeCurrentAddress</entry> + <entry key="25.PersonType">RepresentativeNaturalPerson</entry> + <entry key="25.Required">false</entry> + <entry key="25.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="25.XmlType.LocalPart">CurrentAddressType</entry> + <entry key="25.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="25.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.RepvCurrentAddressAttributeValueMarshaller</entry> + + <entry key="26.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/Gender</entry> + <entry key="26.FriendlyName">RepresentativeGender</entry> + <entry key="26.PersonType">RepresentativeNaturalPerson</entry> + <entry key="26.Required">false</entry> + <entry key="26.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="26.XmlType.LocalPart">GenderType</entry> + <entry key="26.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="26.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.GenderAttributeValueMarshaller</entry> + + <entry key="27.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonIdentifier</entry> + <entry key="27.FriendlyName">RepresentativeLegalPersonIdentifier</entry> + <entry key="27.PersonType">RepresentativeLegalPerson</entry> + <entry key="27.Required">false</entry> + <entry key="27.UniqueIdentifier">true</entry> + <entry key="27.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="27.XmlType.LocalPart">LegalPersonIdentifierType</entry> + <entry key="27.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="27.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="28.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalName</entry> + <entry key="28.FriendlyName">RepresentativeLegalName</entry> + <entry key="28.PersonType">RepresentativeLegalPerson</entry> + <entry key="28.Required">false</entry> + <entry key="28.TransliterationMandatory">true</entry> + <entry key="28.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="28.XmlType.LocalPart">LegalNameType</entry> + <entry key="28.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="28.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="29.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonAddress</entry> + <entry key="29.FriendlyName">RepresentativeLegalAddress</entry> + <entry key="29.PersonType">RepresentativeLegalPerson</entry> + <entry key="29.Required">false</entry> + <entry key="29.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="29.XmlType.LocalPart">LegalPersonAddressType</entry> + <entry key="29.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="29.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.RepvLegalAddressAttributeValueMarshaller</entry> + + <entry key="30.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/VATRegistrationNumber</entry> + <entry key="30.FriendlyName">RepresentativeVATRegistration</entry> + <entry key="30.PersonType">RepresentativeLegalPerson</entry> + <entry key="30.Required">false</entry> + <entry key="30.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="30.XmlType.LocalPart">VATRegistrationNumberType</entry> + <entry key="30.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="30.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="31.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/TaxReference</entry> + <entry key="31.FriendlyName">RepresentativeTaxReference</entry> + <entry key="31.PersonType">RepresentativeLegalPerson</entry> + <entry key="31.Required">false</entry> + <entry key="31.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="31.XmlType.LocalPart">TaxReferenceType</entry> + <entry key="31.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="31.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="32.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/D-2012-17-EUIdentifier</entry> + <entry key="32.FriendlyName">RepresentativeD-2012-17-EUIdentifier</entry> + <entry key="32.PersonType">RepresentativeLegalPerson</entry> + <entry key="32.Required">false</entry> + <entry key="32.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="32.XmlType.LocalPart">D-2012-17-EUIdentifierType</entry> + <entry key="32.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="32.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="33.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LEI</entry> + <entry key="33.FriendlyName">RepresentativeLEI</entry> + <entry key="33.PersonType">RepresentativeLegalPerson</entry> + <entry key="33.Required">false</entry> + <entry key="33.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="33.XmlType.LocalPart">LEIType</entry> + <entry key="33.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="33.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="34.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/EORI</entry> + <entry key="34.FriendlyName">RepresentativeEORI</entry> + <entry key="34.PersonType">RepresentativeLegalPerson</entry> + <entry key="34.Required">false</entry> + <entry key="34.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="34.XmlType.LocalPart">EORIType</entry> + <entry key="34.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="34.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="35.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/SEED</entry> + <entry key="35.FriendlyName">RepresentativeSEED</entry> + <entry key="35.PersonType">RepresentativeLegalPerson</entry> + <entry key="35.Required">false</entry> + <entry key="35.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="35.XmlType.LocalPart">SEEDType</entry> + <entry key="35.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="35.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="36.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/SIC</entry> + <entry key="36.FriendlyName">RepresentativeSIC</entry> + <entry key="36.PersonType">RepresentativeLegalPerson</entry> + <entry key="36.Required">false</entry> + <entry key="36.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="36.XmlType.LocalPart">SICType</entry> + <entry key="36.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="36.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="39.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonAddress</entry> + <entry key="39.FriendlyName">RepresentativeLegalAddress</entry> + <entry key="39.PersonType">RepresentativeLegalPerson</entry> + <entry key="39.Required">false</entry> + <entry key="39.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="39.XmlType.LocalPart">LegalPersonAddressType</entry> + <entry key="39.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="39.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.RepvLegalAddressAttributeValueMarshaller</entry> + + <entry key="40.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/VATRegistrationNumber</entry> + <entry key="40.FriendlyName">RepresentativeVATRegistration</entry> + <entry key="40.PersonType">RepresentativeLegalPerson</entry> + <entry key="40.Required">false</entry> + <entry key="40.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="40.XmlType.LocalPart">VATRegistrationNumberType</entry> + <entry key="40.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="40.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + +</properties> diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties b/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties new file mode 100644 index 00000000..a662379c --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties @@ -0,0 +1,117 @@ +## Basic service configuration +eidas.ms.context.url.prefix= +eidas.ms.context.url.request.validation=false + +eidas.ms.context.use.clustermode=true + +##Monitoring +eidas.ms.monitoring.eIDASNode.metadata.url= + + +##Specific logger configuration +eidas.ms.technicallog.write.MDS.into.techlog=true +eidas.ms.revisionlog.write.MDS.into.revisionlog=true +eidas.ms.revisionlog.logIPAddressOfUser=true + +##Directory for static Web content +eidas.ms.webcontent.static.directory=webcontent/ +eidas.ms.webcontent.templates=templates/ +eidas.ms.webcontent.properties=properties/messages + +## extended validation of pending-request Id's +eidas.ms.core.pendingrequestid.maxlifetime=300 +eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256 +eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret + +## eIDAS Ref. Implementation connector ### +eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector +eidas.ms.auth.eIDAS.node_v2.forward.endpoint= +eidas.ms.auth.eIDAS.node_v2.forward.method=POST +eidas.ms.auth.eIDAS.node_v2.countrycode=AT +eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.* +eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true +eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true +eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true +eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs=myNode + +eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high + +eidas.ms.auth.eIDAS.szrclient.useTestService=true +eidas.ms.auth.eIDAS.szrclient.endpoint.prod= +eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/..... +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password= +eidas.ms.auth.eIDAS.szrclient.timeout.connection=15 +eidas.ms.auth.eIDAS.szrclient.timeout.response=30 +eidas.ms.auth.eIDAS.szrclient.params.vkz= + +eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false + + +eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s +eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair +eidas.ms.auth.eIDAS.authblock.keystore.path=./../keystore/teststore.jks +eidas.ms.auth.eIDAS.authblock.keystore.type=jks +eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair +eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s + + +#Raw eIDAS Id data storage +eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true + +eidas.ms.auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true +eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true + +eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true +eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=true + +##without mandates +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.3=DateOfBirth,true + +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.4=PlaceOfBirth,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.5=BirthName,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.6=Gender,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.7=CurrentAddress,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.8=testtest,false + +##with mandates ---- NOT FULLY SUPPORTED AT THE MOMENT ----- +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.3=DateOfBirth,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true + + +## PVP2 S-Profile end-point configuration +eidas.ms.pvp2.keystore.path=keys/..... +eidas.ms.pvp2.keystore.password= +eidas.ms.pvp2.key.metadata.alias= +eidas.ms.pvp2.key.metadata.password= +eidas.ms.pvp2.key.signing.alias= +eidas.ms.pvp2.key.signing.password= +eidas.ms.pvp2.metadata.validity=24 + +## Service Provider configuration +eidas.ms.sp.0.uniqueID= +eidas.ms.sp.0.pvp2.metadata.truststore= +eidas.ms.sp.0.pvp2.metadata.truststore.password= +eidas.ms.sp.0.newEidMode=true + +#eidas.ms.sp.0.friendlyName= +#eidas.ms.sp.0.pvp2.metadata.url= +#eidas.ms.sp.0.policy.allowed.requested.targets=.* +#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false + + +##only for advanced config +eidas.ms.configuration.sp.disableRegistrationRequirement= +eidas.ms.configuration.restrictions.baseID.spTransmission= +eidas.ms.configuration.auth.default.countrycode= +eidas.ms.configuration.pvp.scheme.validation= +eidas.ms.configuration.pvp.enable.entitycategories=
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_2.properties b/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_2.properties new file mode 100644 index 00000000..7c5e5a40 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_2.properties @@ -0,0 +1,114 @@ +## Basic service configuration +eidas.ms.context.url.prefix= +eidas.ms.context.url.request.validation=false + +eidas.ms.context.use.clustermode=true + +##Monitoring +eidas.ms.monitoring.eIDASNode.metadata.url= + + +##Specific logger configuration +eidas.ms.technicallog.write.MDS.into.techlog=true +eidas.ms.revisionlog.write.MDS.into.revisionlog=true +eidas.ms.revisionlog.logIPAddressOfUser=true + +##Directory for static Web content +eidas.ms.webcontent.static.directory=webcontent/ +eidas.ms.webcontent.templates=templates/ +eidas.ms.webcontent.properties=properties/messages + +## extended validation of pending-request Id's +eidas.ms.core.pendingrequestid.maxlifetime=300 +eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256 +eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret + +## eIDAS Ref. Implementation connector ### +eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector +eidas.ms.auth.eIDAS.node_v2.forward.endpoint=http://test +eidas.ms.auth.eIDAS.node_v2.forward.method=GET +eidas.ms.auth.eIDAS.node_v2.countrycode=AT +#eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.* +eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true +eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true +eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=false + +eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high + +eidas.ms.auth.eIDAS.szrclient.useTestService=true +eidas.ms.auth.eIDAS.szrclient.endpoint.prod= +eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/..... +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password= +eidas.ms.auth.eIDAS.szrclient.timeout.connection=15 +eidas.ms.auth.eIDAS.szrclient.timeout.response=30 +eidas.ms.auth.eIDAS.szrclient.params.vkz= + +eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false + + +eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s +eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair +eidas.ms.auth.eIDAS.authblock.keystore.path=./../keystore/teststore.jks +eidas.ms.auth.eIDAS.authblock.keystore.type=jks +eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair +eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s + + +#Raw eIDAS Id data storage +eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true + +eidas.ms.auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true +eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true + +eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true +eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=true + +##without mandates +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.3=DateOfBirth,true + +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.4=PlaceOfBirth,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.5=BirthName,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.6=Gender,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.7=CurrentAddress,false + +##with mandates ---- NOT FULLY SUPPORTED AT THE MOMENT ----- +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.3=DateOfBirth,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true + + +## PVP2 S-Profile end-point configuration +eidas.ms.pvp2.keystore.path=keys/..... +eidas.ms.pvp2.keystore.password= +eidas.ms.pvp2.key.metadata.alias= +eidas.ms.pvp2.key.metadata.password= +eidas.ms.pvp2.key.signing.alias= +eidas.ms.pvp2.key.signing.password= +eidas.ms.pvp2.metadata.validity=24 + +## Service Provider configuration +eidas.ms.sp.0.uniqueID= +eidas.ms.sp.0.pvp2.metadata.truststore= +eidas.ms.sp.0.pvp2.metadata.truststore.password= + +#eidas.ms.sp.0.friendlyName= +#eidas.ms.sp.0.pvp2.metadata.url= +#eidas.ms.sp.0.policy.allowed.requested.targets=.* +#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false + + +##only for advanced config +eidas.ms.configuration.sp.disableRegistrationRequirement= +eidas.ms.configuration.restrictions.baseID.spTransmission= +eidas.ms.configuration.auth.default.countrycode= +eidas.ms.configuration.pvp.scheme.validation= +eidas.ms.configuration.pvp.enable.entitycategories=
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties b/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties new file mode 100644 index 00000000..c830d447 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties @@ -0,0 +1,118 @@ +## Basic service configuration +eidas.ms.context.url.prefix= +eidas.ms.context.url.request.validation=false + +eidas.ms.context.use.clustermode=true + +##Monitoring +eidas.ms.monitoring.eIDASNode.metadata.url= + + +##Specific logger configuration +eidas.ms.technicallog.write.MDS.into.techlog=true +eidas.ms.revisionlog.write.MDS.into.revisionlog=true +eidas.ms.revisionlog.logIPAddressOfUser=true + +##Directory for static Web content +eidas.ms.webcontent.static.directory=webcontent/ +eidas.ms.webcontent.templates=templates/ +eidas.ms.webcontent.properties=properties/messages + +## extended validation of pending-request Id's +eidas.ms.core.pendingrequestid.maxlifetime=300 +eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256 +eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret + +## eIDAS Ref. Implementation connector ### +eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector +eidas.ms.auth.eIDAS.node_v2.forward.endpoint=http://test.com/ +eidas.ms.auth.eIDAS.node_v2.forward.method=POST +eidas.ms.auth.eIDAS.node_v2.countrycode=AT +eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.* +eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true +eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true +eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true +eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs=myNode + +eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high + +eidas.ms.auth.eIDAS.szrclient.useTestService=true +eidas.ms.auth.eIDAS.szrclient.endpoint.prod= +eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/..... +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password= +eidas.ms.auth.eIDAS.szrclient.timeout.connection=15 +eidas.ms.auth.eIDAS.szrclient.timeout.response=30 +eidas.ms.auth.eIDAS.szrclient.params.vkz= + +eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s +eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair +eidas.ms.auth.eIDAS.authblock.keystore.path=./../keystore/teststore.jks +eidas.ms.auth.eIDAS.authblock.keystore.type=jks +eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair +eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s + + +eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false + + +#Raw eIDAS Id data storage +eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true + +eidas.ms.auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true +eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true + +eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true +eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false + +##without mandates +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.3=DateOfBirth,true + +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.4=PlaceOfBirth,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.5=BirthName,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.6=Gender,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.7=CurrentAddress,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.8=testtest,false + +##with mandates ---- NOT FULLY SUPPORTED AT THE MOMENT ----- +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.3=DateOfBirth,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true + + +## PVP2 S-Profile end-point configuration +eidas.ms.pvp2.keystore.path=keys/..... +eidas.ms.pvp2.keystore.password= +eidas.ms.pvp2.key.metadata.alias= +eidas.ms.pvp2.key.metadata.password= +eidas.ms.pvp2.key.signing.alias= +eidas.ms.pvp2.key.signing.password= +eidas.ms.pvp2.metadata.validity=24 + +## Service Provider configuration +eidas.ms.sp.0.uniqueID= +eidas.ms.sp.0.pvp2.metadata.truststore= +eidas.ms.sp.0.pvp2.metadata.truststore.password= +eidas.ms.sp.0.newEidMode=true + + +#eidas.ms.sp.0.friendlyName= +#eidas.ms.sp.0.pvp2.metadata.url= +#eidas.ms.sp.0.policy.allowed.requested.targets=.* +#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false + + +##only for advanced config +eidas.ms.configuration.sp.disableRegistrationRequirement= +eidas.ms.configuration.restrictions.baseID.spTransmission= +eidas.ms.configuration.auth.default.countrycode= +eidas.ms.configuration.pvp.scheme.validation= +eidas.ms.configuration.pvp.enable.entitycategories=
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_4.properties b/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_4.properties new file mode 100644 index 00000000..01e72069 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_4.properties @@ -0,0 +1,114 @@ +## Basic service configuration +eidas.ms.context.url.prefix= +eidas.ms.context.url.request.validation=false + +eidas.ms.context.use.clustermode=true + +##Monitoring +eidas.ms.monitoring.eIDASNode.metadata.url= + + +##Specific logger configuration +eidas.ms.technicallog.write.MDS.into.techlog=true +eidas.ms.revisionlog.write.MDS.into.revisionlog=true +eidas.ms.revisionlog.logIPAddressOfUser=true + +##Directory for static Web content +eidas.ms.webcontent.static.directory=webcontent/ +eidas.ms.webcontent.templates=templates/ +eidas.ms.webcontent.properties=properties/messages + +## extended validation of pending-request Id's +eidas.ms.core.pendingrequestid.maxlifetime=300 +eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256 +eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret + +## eIDAS Ref. Implementation connector ### +eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector +eidas.ms.auth.eIDAS.node_v2.forward.endpoint=http://test +eidas.ms.auth.eIDAS.node_v2.forward.method=GET +eidas.ms.auth.eIDAS.node_v2.countrycode=AT +#eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.* +eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=false +eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true +eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=false + +eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high + +eidas.ms.auth.eIDAS.szrclient.useTestService=true +eidas.ms.auth.eIDAS.szrclient.endpoint.prod= +eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/..... +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password= +eidas.ms.auth.eIDAS.szrclient.timeout.connection=15 +eidas.ms.auth.eIDAS.szrclient.timeout.response=30 +eidas.ms.auth.eIDAS.szrclient.params.vkz= + +eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false + + +eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s +eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair +eidas.ms.auth.eIDAS.authblock.keystore.path=./../keystore/teststore.jks +eidas.ms.auth.eIDAS.authblock.keystore.type=jks +eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair +eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s + + +#Raw eIDAS Id data storage +eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true + +eidas.ms.auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true +eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true + +eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true +eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=true + +##without mandates +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.3=DateOfBirth,true + +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.4=PlaceOfBirth,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.5=BirthName,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.6=Gender,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.7=CurrentAddress,false + +##with mandates ---- NOT FULLY SUPPORTED AT THE MOMENT ----- +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.3=DateOfBirth,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true + + +## PVP2 S-Profile end-point configuration +eidas.ms.pvp2.keystore.path=keys/..... +eidas.ms.pvp2.keystore.password= +eidas.ms.pvp2.key.metadata.alias= +eidas.ms.pvp2.key.metadata.password= +eidas.ms.pvp2.key.signing.alias= +eidas.ms.pvp2.key.signing.password= +eidas.ms.pvp2.metadata.validity=24 + +## Service Provider configuration +eidas.ms.sp.0.uniqueID= +eidas.ms.sp.0.pvp2.metadata.truststore= +eidas.ms.sp.0.pvp2.metadata.truststore.password= + +#eidas.ms.sp.0.friendlyName= +#eidas.ms.sp.0.pvp2.metadata.url= +#eidas.ms.sp.0.policy.allowed.requested.targets=.* +#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false + + +##only for advanced config +eidas.ms.configuration.sp.disableRegistrationRequirement= +eidas.ms.configuration.restrictions.baseID.spTransmission= +eidas.ms.configuration.auth.default.countrycode= +eidas.ms.configuration.pvp.scheme.validation= +eidas.ms.configuration.pvp.enable.entitycategories=
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_de_attributes.properties b/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_de_attributes.properties new file mode 100644 index 00000000..6b235667 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_de_attributes.properties @@ -0,0 +1,116 @@ +## Basic service configuration +eidas.ms.context.url.prefix= +eidas.ms.context.url.request.validation=false +eidas.ms.core.configRootDir=file:./src/test/resources/config/ + + +eidas.ms.context.use.clustermode=true + +##Monitoring +eidas.ms.monitoring.eIDASNode.metadata.url= + + +##Specific logger configuration +eidas.ms.technicallog.write.MDS.into.techlog=true +eidas.ms.revisionlog.write.MDS.into.revisionlog=true +eidas.ms.revisionlog.logIPAddressOfUser=true + +##Directory for static Web content +eidas.ms.webcontent.static.directory=webcontent/ +eidas.ms.webcontent.templates=templates/ +eidas.ms.webcontent.properties=properties/messages + +## extended validation of pending-request Id's +eidas.ms.core.pendingrequestid.maxlifetime=300 +eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256 +eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret + +## eIDAS Ref. Implementation connector ### +eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector +eidas.ms.auth.eIDAS.node_v2.forward.endpoint=http://test +eidas.ms.auth.eIDAS.node_v2.forward.method=GET +eidas.ms.auth.eIDAS.node_v2.countrycode=AT +#eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.* +eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true +eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true +eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true + +eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high + +eidas.ms.auth.eIDAS.szrclient.useTestService=true +eidas.ms.auth.eIDAS.szrclient.endpoint.prod= +eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/..... +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password= +eidas.ms.auth.eIDAS.szrclient.timeout.connection=15 +eidas.ms.auth.eIDAS.szrclient.timeout.response=30 +eidas.ms.auth.eIDAS.szrclient.params.vkz= + +eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false + + +eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s +eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair +eidas.ms.auth.eIDAS.authblock.keystore.path=./../keystore/teststore.jks +eidas.ms.auth.eIDAS.authblock.keystore.type=jks +eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair +eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s + + +#Raw eIDAS Id data storage +eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true + +eidas.ms.auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true +eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true + +eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true +eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=true + +##without mandates +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.3=DateOfBirth,true + +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.4=PlaceOfBirth,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.5=BirthName,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.6=Gender,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.7=CurrentAddress,false + +##with mandates ---- NOT FULLY SUPPORTED AT THE MOMENT ----- +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.3=DateOfBirth,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true + + +## PVP2 S-Profile end-point configuration +eidas.ms.pvp2.keystore.path=keys/..... +eidas.ms.pvp2.keystore.password= +eidas.ms.pvp2.key.metadata.alias= +eidas.ms.pvp2.key.metadata.password= +eidas.ms.pvp2.key.signing.alias= +eidas.ms.pvp2.key.signing.password= +eidas.ms.pvp2.metadata.validity=24 + +## Service Provider configuration +eidas.ms.sp.0.uniqueID= +eidas.ms.sp.0.pvp2.metadata.truststore= +eidas.ms.sp.0.pvp2.metadata.truststore.password= + +#eidas.ms.sp.0.friendlyName= +#eidas.ms.sp.0.pvp2.metadata.url= +#eidas.ms.sp.0.policy.allowed.requested.targets=.* +#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false + + +##only for advanced config +eidas.ms.configuration.sp.disableRegistrationRequirement= +eidas.ms.configuration.restrictions.baseID.spTransmission= +eidas.ms.configuration.auth.default.countrycode= +eidas.ms.configuration.pvp.scheme.validation= +eidas.ms.configuration.pvp.enable.entitycategories=
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/data/junit.jks b/modules/authmodule-eIDAS-v2/src/test/resources/data/junit.jks Binary files differnew file mode 100644 index 00000000..a18df332 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/resources/data/junit.jks diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/data/szr/signed_eidasBind.jws b/modules/authmodule-eIDAS-v2/src/test/resources/data/szr/signed_eidasBind.jws new file mode 100644 index 00000000..f7c9a1c7 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/resources/data/szr/signed_eidasBind.jws @@ -0,0 +1 @@ +eyJ1cm46YXQuZ3YuZWlkOmJpbmR0eXBlIjoidXJuOmF0Lmd2LmVpZDplaWRhc0JpbmQiLCJhbGciOiJSUzUxMiIsIng1dCNTMjU2IjoiY3FtcXBHdWlnS0NRelVWX1doWURHU1EyNEx6Zkxtd0ZtUlNYQlNYR3o3byJ9.eyJ1cm46ZWlkZ3ZhdDphdHRyaWJ1dGVzLnZzei52YWx1ZSI6IjhEYWNBTUxVSFEiLCJ1cm46ZWlkZ3ZhdDphdHRyaWJ1dGVzLnVzZXIucHVia2V5cyI6WyI1NDZ5OEtXZ3R1V3F1dXVNdC9DUWhKem1pWXZ3bzR1QzhLZWxxdUtMc2VLbG1mQ2dtcnpscGFQd3A1K3Q2NjI4Il0sInVybjplaWRndmF0OmF0dHJpYnV0ZXMuZWlkLnN0YXR1cyI6InVybjplaWRndmF0OmVpZC5zdGF0dXMuZWlkYXMifQ.WiECS-E5RB-zQV3JW6-3B7op093QErqq3yS2S4YVFQq9XmYzTD8UKo63yaHa-2U2WFUbiwNI3OOkwNZIAedMZHHblZ0jzjGTb58zL4Yvm6sPSlq3TP5u0emiQdjIJNQmILE5ZYVOgSA-4MWLXAgRQEl2A1w8lHxptE6ya83GdhA0gP51-rY_536qvVuaZHrQ2Lpahl-lTIY1Zi6Knqj1yFdH-auqkLxB44l-XvMv9QryBZMAkkmiu8J598rzIJ2ifGyw4UqHDJZ53GKUpBbU_X23ZjsZ8B5ZapRTO9JGoEEW3rMDEO5_9cjWYOCn87-CA3bMNVbo1KN146UZGuZbyXuevLPznRkbCtXS--IE0SuuLBaowcktX2ggeeSzaq6UZW7hSmQnErVgxxfP16ijBu8yylo-PFbqgYFNT-Ca2rS8i1Cs0KdPTahYIRm4xLARahYLQbqA15medm7JSoz4tA468c_hcNzyG9aGoXYuw1F5kUrJkHl0IWdHkvSR8RWw
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/data/szr/szr_resp_error_travelerdocexists.xml b/modules/authmodule-eIDAS-v2/src/test/resources/data/szr/szr_resp_error_travelerdocexists.xml new file mode 100644 index 00000000..d627ded2 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/resources/data/szr/szr_resp_error_travelerdocexists.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="UTF-8"?> +<SOAP-ENV:Fault xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> + <faultcode xmlns:p344="urn:SZRServices" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">p344:F455</faultcode> + <faultstring>The travel document you sent to insert a person already exists for another person. Either check the document or have the person altered accordingly</faultstring> + <faultactor>urn:SZRServices</faultactor> +</SOAP-ENV:Fault> diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/data/szr/szr_resp_valid_1.xml b/modules/authmodule-eIDAS-v2/src/test/resources/data/szr/szr_resp_valid_1.xml new file mode 100644 index 00000000..c376caef --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/resources/data/szr/szr_resp_valid_1.xml @@ -0,0 +1,50 @@ +<ns6:GetIdentityLinkEidasResponse xmlns="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:ns2="http://egov.gv.at/pvp1.xsd" xmlns:ns3="http://www.w3.org/2000/09/xmldsig#" xmlns:ns4="http://www.w3.org/2001/04/xmldsig-more#" xmlns:ns5="http://schemas.xmlsoap.org/ws/2002/04/secext" xmlns:ns6="urn:SZRServices"><ns6:GetIdentityLinkReturn><ns6:PersonInfo><ns6:Person><Identification><Value>k+zDM1BVpN1WJO4x7ZQ3ng==</Value><Type>urn:publicid:gv.at:baseid</Type></Identification><Name><GivenName>Franz</GivenName><FamilyName>Mustermann</FamilyName></Name><Sex>unknown</Sex><DateOfBirth>1989-05-05</DateOfBirth></ns6:Person></ns6:PersonInfo><ns6:Assertion><saml:Assertion xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:si="http://www.w3.org/2001/XMLSchema-instance" AssertionID="szr.bmi.gv.at-AssertionID15650069652921" IssueInstant="2019-08-05T14:09:25+01:00" Issuer="http://portal.bmi.gv.at/ref/szr/issuer" MajorVersion="1" MinorVersion="0"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person si:type="pr:PhysicalPersonType"><pr:Identification><pr:Value>k+zDM1BVpN1WJO4x7ZQ3ng==</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type></pr:Identification><pr:Name><pr:GivenName>Hans</pr:GivenName><pr:FamilyName primary="undefined">Mustermann</pr:FamilyName></pr:Name><pr:DateOfBirth>1989-05-05</pr:DateOfBirth></pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + </saml:AttributeStatement> + <dsig:Signature> + <dsig:SignedInfo> + <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> + <dsig:Reference URI=""> + <dsig:Transforms> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> + <dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath> + </dsig:Transform> + <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + </dsig:Transforms> + <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <dsig:DigestValue>GZjlsEXIhUPBSbOR1R8P4dzRJHE=</dsig:DigestValue> + </dsig:Reference> + <dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest"> + <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <dsig:DigestValue>lCnWsFICFg0ogj0Ha7++Y9gyOQg=</dsig:DigestValue> + </dsig:Reference> + </dsig:SignedInfo> + <dsig:SignatureValue> + a6tPfkdriEzAyQh2jU3/4j48baaPnY/i510OHx0vwHRvXLz80UyZzffdmtaRuk3iHVxgUMd9 + Ld0DLsRt6tFJiPLyBCo0QCuqaOwgTcuUI3Ku/oySpqMjqug3AMdrhxW2j41yQlzvkjiZTT4j + zQ9GHFnZnnob0+bBflqIjZOl4xc= + </dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIICTzCCAbigAwIBAgIBADANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhTWlJQRVJTQjAeFw0wNTA3MDEwMDAwMDBaFw00MDEyMzEyMzU5NTlaMBMxETAPBgNVBAMTCFNaUlBFUlNCMIIBHzANBgkqhkiG9w0BAQEFAAOCAQwAMIIBBwKBgQDGNmo9LOohefioGreKU6j6R05jUwHuddziSOQPolmMSXQG6NnnlLQaITv7BEmFj+EBqaOc+891wgZCRvNA2h+fHdJ69QXi/xjCovJI5SHh9jA+ssqhZ68iXOZHPq4WeegtYiYyJaRxWF+iPLqSm+bknS/KuBUcZol9SM3r6CMf0wKBgHytGrIelzc9ZN97VYXLkOJxi4TNSSj3Q/1TIC0s+HSzjbD694Y6ufINpR+IQm5epLTdXx9Dxv19bYnsLEIt0niMd2Cnm1DxXe8iNaDzpWec7fbRT6vDBwtTnyQkGfu2GGF3nSvVZ5AUDbLdAfZLOlbwsZmPnWU1zktSkLgKnT2XozIwMDAuBglghkgBhvhCAQ0EIRMfQ3JlYXRlZCBieSB6L09TIElDU0YgLSBIQ1I3NzgwIDANBgkqhkiG9w0BAQUFAAOBgQBwPc3l/Qf4myH8rsAAM5HqdCR68bMegWgNVxlPNl5DNJEE2hbPhIJ/K6TF6cjROYKDVuQ/+drtsZcrEOaqhqD3qw7MXAiT9GurV99YM/qTBsMy13yjU3LqeFX25Om8JlccGF5G+iHrVjfNQEUocGnGxCAPMlBvGwia4JjJcIPx7Q==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo> + <dsig:Object> + <dsig:Manifest Id="manifest"> + <dsig:Reference URI=""> + <dsig:Transforms> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> + <dsig:XPath>not(ancestor-or-self::dsig:Signature)</dsig:XPath> + </dsig:Transform> + </dsig:Transforms> + <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <dsig:DigestValue>SbpaaSlLolEX5D9P7HyTPnImvns=</dsig:DigestValue> + </dsig:Reference> + </dsig:Manifest> + </dsig:Object> + </dsig:Signature> +</saml:Assertion></ns6:Assertion><ns6:AdditionalInfo>ERN</ns6:AdditionalInfo></ns6:GetIdentityLinkReturn></ns6:GetIdentityLinkEidasResponse>
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/data/szr/szr_resp_valid_2.xml b/modules/authmodule-eIDAS-v2/src/test/resources/data/szr/szr_resp_valid_2.xml new file mode 100644 index 00000000..f07c67d6 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/resources/data/szr/szr_resp_valid_2.xml @@ -0,0 +1,50 @@ +<ns6:GetIdentityLinkEidasResponse xmlns="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:ns2="http://egov.gv.at/pvp1.xsd" xmlns:ns3="http://www.w3.org/2000/09/xmldsig#" xmlns:ns4="http://www.w3.org/2001/04/xmldsig-more#" xmlns:ns5="http://schemas.xmlsoap.org/ws/2002/04/secext" xmlns:ns6="urn:SZRServices"><ns6:GetIdentityLinkReturn><ns6:PersonInfo><ns6:Person><Identification><Value>k+zDM1BVpN1WJO4x7ZQ3ng==</Value><Type>urn:publicid:gv.at:baseid</Type></Identification><Name><GivenName>Franz</GivenName><FamilyName>Mustermann</FamilyName></Name><Sex>unknown</Sex><DateOfBirth>1989-05-05</DateOfBirth></ns6:Person></ns6:PersonInfo><ns6:Assertion><saml:Assertion xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:si="http://www.w3.org/2001/XMLSchema-instance" AssertionID="szr.bmi.gv.at-AssertionID15650069652921" IssueInstant="2019-08-05T14:09:25+01:00" Issuer="http://portal.bmi.gv.at/ref/szr/issuer" MajorVersion="1" MinorVersion="0"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person si:type="pr:PhysicalPersonType"><pr:Identification><pr:Value>k+zDM1BV1312312332x7ZQ3ng==</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type></pr:Identification><pr:Name><pr:GivenName>Martina</pr:GivenName><pr:FamilyName primary="undefined">Musterfrau</pr:FamilyName></pr:Name><pr:DateOfBirth>1991-04-15</pr:DateOfBirth></pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + </saml:AttributeStatement> + <dsig:Signature> + <dsig:SignedInfo> + <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> + <dsig:Reference URI=""> + <dsig:Transforms> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> + <dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath> + </dsig:Transform> + <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + </dsig:Transforms> + <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <dsig:DigestValue>GZjlsEXIhUPBSbOR1R8P4dzRJHE=</dsig:DigestValue> + </dsig:Reference> + <dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest"> + <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <dsig:DigestValue>lCnWsFICFg0ogj0Ha7++Y9gyOQg=</dsig:DigestValue> + </dsig:Reference> + </dsig:SignedInfo> + <dsig:SignatureValue> + a6tPfkdriEzAyQh2jU3/4j48baaPnY/i510OHx0vwHRvXLz80UyZzffdmtaRuk3iHVxgUMd9 + Ld0DLsRt6tFJiPLyBCo0QCuqaOwgTcuUI3Ku/oySpqMjqug3AMdrhxW2j41yQlzvkjiZTT4j + zQ9GHFnZnnob0+bBflqIjZOl4xc= + </dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIICTzCCAbigAwIBAgIBADANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhTWlJQRVJTQjAeFw0wNTA3MDEwMDAwMDBaFw00MDEyMzEyMzU5NTlaMBMxETAPBgNVBAMTCFNaUlBFUlNCMIIBHzANBgkqhkiG9w0BAQEFAAOCAQwAMIIBBwKBgQDGNmo9LOohefioGreKU6j6R05jUwHuddziSOQPolmMSXQG6NnnlLQaITv7BEmFj+EBqaOc+891wgZCRvNA2h+fHdJ69QXi/xjCovJI5SHh9jA+ssqhZ68iXOZHPq4WeegtYiYyJaRxWF+iPLqSm+bknS/KuBUcZol9SM3r6CMf0wKBgHytGrIelzc9ZN97VYXLkOJxi4TNSSj3Q/1TIC0s+HSzjbD694Y6ufINpR+IQm5epLTdXx9Dxv19bYnsLEIt0niMd2Cnm1DxXe8iNaDzpWec7fbRT6vDBwtTnyQkGfu2GGF3nSvVZ5AUDbLdAfZLOlbwsZmPnWU1zktSkLgKnT2XozIwMDAuBglghkgBhvhCAQ0EIRMfQ3JlYXRlZCBieSB6L09TIElDU0YgLSBIQ1I3NzgwIDANBgkqhkiG9w0BAQUFAAOBgQBwPc3l/Qf4myH8rsAAM5HqdCR68bMegWgNVxlPNl5DNJEE2hbPhIJ/K6TF6cjROYKDVuQ/+drtsZcrEOaqhqD3qw7MXAiT9GurV99YM/qTBsMy13yjU3LqeFX25Om8JlccGF5G+iHrVjfNQEUocGnGxCAPMlBvGwia4JjJcIPx7Q==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo> + <dsig:Object> + <dsig:Manifest Id="manifest"> + <dsig:Reference URI=""> + <dsig:Transforms> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> + <dsig:XPath>not(ancestor-or-self::dsig:Signature)</dsig:XPath> + </dsig:Transform> + </dsig:Transforms> + <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <dsig:DigestValue>SbpaaSlLolEX5D9P7HyTPnImvns=</dsig:DigestValue> + </dsig:Reference> + </dsig:Manifest> + </dsig:Object> + </dsig:Signature> +</saml:Assertion></ns6:Assertion><ns6:AdditionalInfo>ERN</ns6:AdditionalInfo></ns6:GetIdentityLinkReturn></ns6:GetIdentityLinkEidasResponse>
\ No newline at end of file diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/keystore/teststore.jks b/modules/authmodule-eIDAS-v2/src/test/resources/keystore/teststore.jks Binary files differnew file mode 100644 index 00000000..fcc6400c --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/test/resources/keystore/teststore.jks |