From 7f0a925a72dc9841280e66fcba1515af62b9efdf Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Fri, 3 Jun 2022 15:24:01 +0200 Subject: test(core): add smoke test with full eIDAS OutGoing login and error-handling --- .../src/main/resources/application.properties | 3 - .../eidas_v2_auth_ref_impl_config.beans.xml | 39 -- .../eidas_v2_auth_ref_impl_config.beans.xml | 39 ++ .../MsProxyServiceSpringResourceProvider.java | 5 +- .../resources/spring/eidas_proxy-service.beans.xml | 7 + .../spring/SpringTest-context_basic_test.xml | 8 - .../proxy/pvp/PvpEndPointConfiguration.java | 154 +++++++ .../src/main/resources/application.properties | 1 + .../main/resources/specific_eIDAS_proxy.beans.xml | 4 +- .../proxy/test/FullStartUpAndProcessTest.java | 480 +++++++++++++++++++++ .../config/eIDAS/additional-attributes.xml | 39 ++ .../resources/config/eIDAS/eidas-attributes.xml | 376 ++++++++++++++++ .../config/eIDAS/igniteSpecificCommunication.xml | 109 +++++ .../specificCommunicationDefinitionConnector.xml | 37 ++ ...specificCommunicationDefinitionProxyservice.xml | 37 ++ .../config/junit_config_1_springboot.properties | 116 +++++ .../src/test/resources/config/keys/Metadata.pem | 18 + .../src/test/resources/config/keys/junit.jks | Bin 0 -> 3980 bytes .../src/test/resources/config/keys/junit_test.jks | Bin 0 -> 8410 bytes .../src/test/resources/config/keys/teststore.jks | Bin 0 -> 2028 bytes .../src/test/resources/config/logback_config.xml | 102 +++++ .../config/properties/messages.properties | 0 .../config/properties/messages_de.properties | 0 .../config/properties/messages_en.properties | 0 .../config/templates/eidas_node_forward.html | 36 ++ .../src/test/resources/config/templates/error.html | 53 +++ .../resources/config/templates/error_message.html | 37 ++ .../config/templates/pvp2_post_binding.html | 36 ++ .../test/resources/config/webcontent/autocommit.js | 5 + .../resources/config/webcontent/css/css_error.css | 26 ++ .../config/webcontent/img/ajax-loader.gif | Bin 0 -> 673 bytes .../src/test/resources/data/Response_with_EID.xml | 49 +++ .../data/idp_metadata_classpath_entity.xml | 146 +++++++ 33 files changed, 1910 insertions(+), 52 deletions(-) delete mode 100644 modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml create mode 100644 modules/core_commons_eidas/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml create mode 100644 ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/pvp/PvpEndPointConfiguration.java create mode 100644 ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java create mode 100644 ms_specific_proxyservice/src/test/resources/config/eIDAS/additional-attributes.xml create mode 100644 ms_specific_proxyservice/src/test/resources/config/eIDAS/eidas-attributes.xml create mode 100644 ms_specific_proxyservice/src/test/resources/config/eIDAS/igniteSpecificCommunication.xml create mode 100644 ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionConnector.xml create mode 100644 ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionProxyservice.xml create mode 100644 ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties create mode 100644 ms_specific_proxyservice/src/test/resources/config/keys/Metadata.pem create mode 100644 ms_specific_proxyservice/src/test/resources/config/keys/junit.jks create mode 100644 ms_specific_proxyservice/src/test/resources/config/keys/junit_test.jks create mode 100644 ms_specific_proxyservice/src/test/resources/config/keys/teststore.jks create mode 100644 ms_specific_proxyservice/src/test/resources/config/logback_config.xml create mode 100644 ms_specific_proxyservice/src/test/resources/config/properties/messages.properties create mode 100644 ms_specific_proxyservice/src/test/resources/config/properties/messages_de.properties create mode 100644 ms_specific_proxyservice/src/test/resources/config/properties/messages_en.properties create mode 100644 ms_specific_proxyservice/src/test/resources/config/templates/eidas_node_forward.html create mode 100644 ms_specific_proxyservice/src/test/resources/config/templates/error.html create mode 100644 ms_specific_proxyservice/src/test/resources/config/templates/error_message.html create mode 100644 ms_specific_proxyservice/src/test/resources/config/templates/pvp2_post_binding.html create mode 100644 ms_specific_proxyservice/src/test/resources/config/webcontent/autocommit.js create mode 100644 ms_specific_proxyservice/src/test/resources/config/webcontent/css/css_error.css create mode 100644 ms_specific_proxyservice/src/test/resources/config/webcontent/img/ajax-loader.gif create mode 100644 ms_specific_proxyservice/src/test/resources/data/Response_with_EID.xml create mode 100644 ms_specific_proxyservice/src/test/resources/data/idp_metadata_classpath_entity.xml diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index e062c32b..700f4d74 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -159,9 +159,6 @@ eidas.ms.auth.eIDAS.zmrclient.debug.logfullmessages=false #eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.password=password #eidas.ms.auth.eIDAS.ernpclient.ssl.key.alias=meta #eidas.ms.auth.eIDAS.ernpclient.ssl.key.password=password -eidas.ms.client.http.connection.timeout.request=15 -eidas.ms.client.http.connection.timeout.socket=30 - # SAML2 ID Austria client for matching #eidas.ms.modules.idaustriaclient.keystore.type=jks diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml b/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml deleted file mode 100644 index cde9687e..00000000 --- a/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml +++ /dev/null @@ -1,39 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/modules/core_commons_eidas/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml b/modules/core_commons_eidas/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml new file mode 100644 index 00000000..cde9687e --- /dev/null +++ b/modules/core_commons_eidas/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml @@ -0,0 +1,39 @@ + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceSpringResourceProvider.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceSpringResourceProvider.java index d36e4712..571ad8ab 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceSpringResourceProvider.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceSpringResourceProvider.java @@ -45,8 +45,11 @@ public class MsProxyServiceSpringResourceProvider implements SpringResourceProvi public Resource[] getResourcesToLoad() { final ClassPathResource eidasProxyServiceConfig = new ClassPathResource("/spring/eidas_proxy-service.beans.xml", MsProxyServiceSpringResourceProvider.class); + final ClassPathResource eidasRefImplConfig = new ClassPathResource("/eidas_v2_auth_ref_impl_config.beans.xml", + MsProxyServiceSpringResourceProvider.class); + - return new Resource[] { eidasProxyServiceConfig }; + return new Resource[] { eidasProxyServiceConfig, eidasRefImplConfig }; } } diff --git a/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml b/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml index 2055b5a9..1eb33e93 100644 --- a/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml +++ b/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml @@ -24,5 +24,12 @@ + + + + \ No newline at end of file diff --git a/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_test.xml b/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_test.xml index 08b25f0f..0b7540f5 100644 --- a/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_test.xml +++ b/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_test.xml @@ -31,12 +31,4 @@ value="src/test/resources/config/additional-attributes.xml" /> - - - - - \ No newline at end of file diff --git a/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/pvp/PvpEndPointConfiguration.java b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/pvp/PvpEndPointConfiguration.java new file mode 100644 index 00000000..20caf7e5 --- /dev/null +++ b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/pvp/PvpEndPointConfiguration.java @@ -0,0 +1,154 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.proxy.pvp; + +import java.util.Arrays; +import java.util.List; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml.saml2.metadata.ContactPerson; +import org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration; +import org.opensaml.saml.saml2.metadata.EmailAddress; +import org.opensaml.saml.saml2.metadata.GivenName; +import org.opensaml.saml.saml2.metadata.Organization; +import org.opensaml.saml.saml2.metadata.OrganizationDisplayName; +import org.opensaml.saml.saml2.metadata.OrganizationName; +import org.opensaml.saml.saml2.metadata.OrganizationURL; +import org.opensaml.saml.saml2.metadata.SurName; +import org.springframework.beans.factory.annotation.Autowired; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class PvpEndPointConfiguration implements IPvp2BasicConfiguration { + private static final String DEFAULT_XML_LANG = "en"; + + @Autowired(required = true) + IConfiguration basicConfiguration; + + @Override + public String getIdpEntityId(String authUrl) throws EaafException { + return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_METADATA; + + } + + @Override + public String getIdpSsoPostService(String authUrl) throws EaafException { + return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_POST; + + } + + @Override + public String getIdpSsoRedirectService(String authUrl) throws EaafException { + return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_REDIRECT; + + } + + @Override + public String getIdpSsoSoapService(String extractAuthUrlFromRequest) throws EaafException { + log.warn("PVP S-Profile End-Point does NOT support SOAP Binding"); + return null; + + } + + @Override + public List getIdpContacts() throws EaafException { + final ContactPerson contactPerson = Saml2Utils.createSamlObject(ContactPerson.class); + final GivenName givenName = Saml2Utils.createSamlObject(GivenName.class); + final SurName surname = Saml2Utils.createSamlObject(SurName.class); + final EmailAddress emailAddress = Saml2Utils.createSamlObject(EmailAddress.class); + + givenName.setValue(getAndVerifyFromConfiguration( + MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_GIVENNAME)); + surname.setValue(getAndVerifyFromConfiguration( + MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_SURNAME)); + emailAddress.setURI(getAndVerifyFromConfiguration( + MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_EMAIL)); + + contactPerson.setType(ContactPersonTypeEnumeration.TECHNICAL); + contactPerson.setGivenName(givenName); + contactPerson.setSurName(surname); + contactPerson.getEmailAddresses().add(emailAddress); + + return Arrays.asList(contactPerson); + + } + + @Override + public Organization getIdpOrganisation() throws EaafException { + final Organization organisation = Saml2Utils.createSamlObject(Organization.class); + final OrganizationName orgName = Saml2Utils.createSamlObject(OrganizationName.class); + final OrganizationDisplayName orgDisplayName = Saml2Utils.createSamlObject(OrganizationDisplayName.class); + final OrganizationURL orgUrl = Saml2Utils.createSamlObject(OrganizationURL.class); + + orgName.setXMLLang(DEFAULT_XML_LANG); + orgName.setValue(getAndVerifyFromConfiguration( + MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_NAME)); + + orgDisplayName.setXMLLang(DEFAULT_XML_LANG); + orgDisplayName.setValue(getAndVerifyFromConfiguration( + MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME)); + + orgUrl.setXMLLang(DEFAULT_XML_LANG); + orgUrl.setURI(getAndVerifyFromConfiguration( + MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_URL)); + + + organisation.getOrganizationNames().add(orgName); + organisation.getDisplayNames().add(orgDisplayName); + organisation.getURLs().add(orgUrl); + + return organisation; + } + + @Override + public IConfiguration getBasicConfiguration() { + return basicConfiguration; + } + + private String removePostFix(String url) { + if (url != null && url.endsWith("/")) { + return url.substring(0, url.length() - 1); + } else { + return url; + } + } + + private String getAndVerifyFromConfiguration(String configKey) throws EaafConfigurationException { + final String value = basicConfiguration.getBasicConfiguration(configKey); + if (StringUtils.isEmpty(value)) { + throw new EaafConfigurationException("config.08", + new Object[] {configKey}); + + } + + return value; + } +} diff --git a/ms_specific_proxyservice/src/main/resources/application.properties b/ms_specific_proxyservice/src/main/resources/application.properties index 9f1b68e2..7d8c199f 100644 --- a/ms_specific_proxyservice/src/main/resources/application.properties +++ b/ms_specific_proxyservice/src/main/resources/application.properties @@ -73,6 +73,7 @@ eidas.ms.configuration.pvp.enable.entitycategories=false #### eIDAS ms-specific Proxy-Service configuration eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy #eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint= +eidas.ms.auth.eIDAS.node_v2.forward.method=POST # Mandate configuration eidas.ms.auth.eIDAS.proxy.mandates.enabled=false diff --git a/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml b/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml index c5312751..5633cb0e 100644 --- a/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml +++ b/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml @@ -12,6 +12,8 @@ http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> - + + \ No newline at end of file diff --git a/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java new file mode 100644 index 00000000..bc6f5317 --- /dev/null +++ b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java @@ -0,0 +1,480 @@ +package at.asitplus.eidas.specific.proxy.test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.lang.reflect.Field; +import java.text.SimpleDateFormat; +import java.time.Instant; +import java.util.Base64; +import java.util.Map; +import java.util.TimeZone; +import java.util.Timer; +import java.util.UUID; + +import org.apache.commons.lang3.RandomStringUtils; +import org.apache.ignite.Ignition; +import org.joda.time.DateTime; +import org.joda.time.DateTimeZone; +import org.junit.AfterClass; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.config.InitializationException; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.UnmarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.metadata.resolver.impl.ResourceBackedMetadataResolver; +import org.opensaml.saml.saml2.core.Issuer; +import org.opensaml.saml.saml2.core.RequestAbstractType; +import org.opensaml.saml.saml2.core.Response; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.core.io.ResourceLoader; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ActiveProfiles; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.web.servlet.setup.DefaultMockMvcBuilder; +import org.springframework.test.web.servlet.setup.MockMvcBuilders; +import org.springframework.util.Base64Utils; +import org.springframework.web.context.WebApplicationContext; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import com.google.common.collect.ImmutableSet; + +import at.asitplus.eidas.specific.modules.auth.idaustria.controller.IdAustriaAuthSignalController; +import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider; +import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; +import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.msproxyservice.protocol.EidasProxyServiceController; +import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer; +import at.gv.egiz.eaaf.core.api.IStatusMessenger; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController; +import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication; +import eu.eidas.auth.commons.EidasParameterKeys; +import eu.eidas.auth.commons.attribute.AttributeValue; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.auth.commons.light.impl.LightRequest; +import eu.eidas.auth.commons.tx.BinaryLightToken; +import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; +import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; +import lombok.SneakyThrows; +import net.shibboleth.utilities.java.support.component.ComponentInitializationException; +import net.shibboleth.utilities.java.support.xml.XMLParserException; + +@RunWith(SpringJUnit4ClassRunner.class) +@SpringBootTest +@ContextConfiguration(initializers = { + org.springframework.boot.context.config.DelegatingApplicationContextInitializer.class, + SpringBootApplicationContextInitializer.class + }) +@TestPropertySource(locations = { "file:src/test/resources/config/junit_config_1_springboot.properties" }) +@DirtiesContext(classMode = ClassMode.AFTER_CLASS) +@ActiveProfiles(profiles = {"JUNIT", "jUnitTestMode"}) +public class FullStartUpAndProcessTest { + + private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml"; + private static final String FINAL_REDIRECT = "https://localhost/ms_proxy/public/secure/finalizeAuthProtocol?pendingid="; + private static final String ERROR_REDIRECT = "https://localhost/ms_proxy/public/secure/errorHandling?errorid="; + + + @Autowired private WebApplicationContext wac; + + @Autowired private ResourceLoader resourceLoader; + @Autowired private EidasAttributeRegistry attrRegistry; + + @Autowired private IdAustriaAuthSignalController idAustriaEndpoint; + @Autowired private IdAustriaAuthMetadataProvider idAustriaMetadata; + @Autowired private IdAustriaAuthCredentialProvider credentialProvider; + + @Autowired private EidasProxyServiceController eidasProxyEndpoint; + @Autowired private ProtocolFinalizationController finalize; + + @Autowired private IStatusMessenger messager; + + /** + * jUnit class initializer. + * @throws InterruptedException In case of an error + * @throws ComponentInitializationException In case of an error + * @throws InitializationException In case of an error + * + */ + @BeforeClass + @SneakyThrows + public static void classInitializer() { + final String current = new java.io.File(".").toURI().toString(); + System.clearProperty("eidas.ms.configuration"); + + //eIDAS Ref. Impl. properties + System.setProperty("EIDAS_CONFIG_REPOSITORY", current.substring("file:".length()) + + "../basicConfig/eIDAS/"); + System.setProperty("SPECIFIC_CONNECTOR_CONFIG_REPOSITORY", current.substring("file:".length()) + + "../basicConfig/eIDAS/"); + System.setProperty("SPECIFIC_PROXY_SERVICE_CONFIG_REPOSITORY", current.substring("file:".length()) + + "../basicConfig/eIDAS/"); + + EaafOpenSaml3xInitializer.eaafInitialize(); + + } + + /** + * Test shut-down. + * + * @throws Exception In case of an error + */ + @AfterClass + @SneakyThrows + public static void closeIgniteNode() { + System.out.println("Closiong Ignite Node ... "); + Ignition.stopAll(true); + + //set Ignite-node holder to 'null' because static holders are shared between different tests + final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance"); + field.setAccessible(true); + field.set(null, null); + + } + + /** + * jUnit test set-up. + * + * + */ + @Before + public void setup() throws IOException { + DefaultMockMvcBuilder builder = MockMvcBuilders.webAppContextSetup(this.wac); + @SuppressWarnings("rawtypes") + Map filters = wac.getBeansOfType(FilterRegistrationBean.class); + for (FilterRegistrationBean filter : filters.values()) { + if (filter.isEnabled()) { + builder.addFilter(filter.getFilter(), "/*"); + + } + } + + LogMessageProviderFactory.setStatusMessager(messager); + + } + + @Test + @SneakyThrows + public void simpleError() { + MockHttpServletRequest proxyHttpReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy"); + String spCountryCode = injectEidas2AuthnReq(proxyHttpReq); + MockHttpServletResponse proxyHttpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(proxyHttpReq, proxyHttpResp)); + + injectIdAustriaSaml2Metadata(); + + + // send eIDAS Proxy-Service process hand-over + eidasProxyEndpoint.receiveEidasAuthnRequest(proxyHttpReq, proxyHttpResp); + + + // extract SAML2 AuthnRequest to IDA system + assertEquals("forward to finalization", 200, proxyHttpResp.getStatus()); + assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", proxyHttpResp.getContentType()); + String saml2ReqPage = proxyHttpResp.getContentAsString(); + assertNotNull("selectionPage is null", saml2ReqPage); + assertFalse("selectionPage is empty", saml2ReqPage.isEmpty()); + + String saml2ReqB64 = extractRequestToken(saml2ReqPage, "> attr = attributes.getAttributeValuesByNameUri(attrName); + assertNotNull("Attribute: " + attrName, attr); + assertFalse("Empty AttributeValue: " + attrName, attr.isEmpty()); + assertNotNull("AttributeValue: " + attrName, attr.asList().get(0)); + assertEquals("Wrong AttributeValue: " + attrName, expected, attr.asList().get(0).getValue()); + + } + + @SneakyThrows + private String validateSaml2Request(String saml2ReqB64, String spCountryCode) { + final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + new ByteArrayInputStream(Base64Utils.decodeFromString(saml2ReqB64))); + + // check requested attributes + assertEquals("wrong number of extension elements", + 1, authnReq.getExtensions().getOrderedChildren().size()); + assertEquals("wrong number of requested attributes", + 4, authnReq.getExtensions().getOrderedChildren().get(0).getOrderedChildren().size()); + + return authnReq.getID(); + } + + @SneakyThrows + private String buildSaml2Response(String saml2ReqId) { + final Response response = initializeResponse( + "classpath:/data/idp_metadata_classpath_entity.xml", + "/data/Response_with_EID.xml", + credentialProvider.getMessageSigningCredential(), + true, saml2ReqId); + return Base64.getEncoder().encodeToString( + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8")); + + } + + private Response initializeResponse(String idpEntityId, String responsePath, EaafX509Credential credential, + boolean validConditions, String saml2ReqId) throws SamlSigningException, XMLParserException, UnmarshallingException, + Pvp2MetadataException { + + final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + FullStartUpAndProcessTest.class.getResourceAsStream(responsePath)); + response.setIssueInstant(Instant.now()); + final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class); + issuer.setValue(idpEntityId); + response.setIssuer(issuer); + response.setInResponseTo(saml2ReqId); + + if (validConditions) { + response.getAssertions().get(0).getConditions().setNotOnOrAfter(Instant.now().plusSeconds(5*60)); + + } + + return Saml2Utils.signSamlObject(response, credential, true); + } + + @SneakyThrows + private void injectIdAustriaSaml2Metadata() { + final org.springframework.core.io.Resource resource = resourceLoader.getResource(METADATA_PATH); + Timer timer = new Timer("PVP metadata-resolver refresh"); + ResourceBackedMetadataResolver fileSystemResolver = + new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource)); + fileSystemResolver.setId("test"); + fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool()); + fileSystemResolver.initialize(); + idAustriaMetadata.addMetadataResolverIntoChain(fileSystemResolver); + + + } + + private String extractRequestToken(String selectionPage, String selector) { + int start = selectionPage.indexOf(selector); + assertTrue("find no starting element of selector", start > 0); + int end = selectionPage.indexOf("\"", start + selector.length()); + assertTrue("find no end tag", end > 0); + return selectionPage.substring(start + selector.length(), end); + + } + + @SneakyThrows + private String injectEidas2AuthnReq(MockHttpServletRequest proxyHttpReq) { + String spCountryCode = "XX"; + LightRequest.Builder authnReqBuilder = LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .spCountryCode(spCountryCode) + .spType("public") + .requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first()) + .build()); + + final SpecificCommunicationService springManagedSpecificConnectorCommunicationService = + (SpecificCommunicationService) wac.getBean( + SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE.toString()); + BinaryLightToken token = springManagedSpecificConnectorCommunicationService.putRequest(authnReqBuilder.build()); + proxyHttpReq.addParameter(EidasParameterKeys.TOKEN.toString(), Base64Utils.encodeToString(token.getTokenBytes())); + + return spCountryCode; + + } + +} diff --git a/ms_specific_proxyservice/src/test/resources/config/eIDAS/additional-attributes.xml b/ms_specific_proxyservice/src/test/resources/config/eIDAS/additional-attributes.xml new file mode 100644 index 00000000..6510546e --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/eIDAS/additional-attributes.xml @@ -0,0 +1,39 @@ + + + + + + Dynamic attributes + + http://eidas.europa.eu/attributes/naturalperson/AdditionalAttribute + AdditionalAttribute + NaturalPerson + false + http://www.w3.org/2001/XMLSchema + string + xs + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/LegalAdditionalAttribute + LegalAdditionalAttribute + LegalPerson + false + http://www.w3.org/2001/XMLSchema + string + xs + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + diff --git a/ms_specific_proxyservice/src/test/resources/config/eIDAS/eidas-attributes.xml b/ms_specific_proxyservice/src/test/resources/config/eIDAS/eidas-attributes.xml new file mode 100644 index 00000000..cbae35db --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/eIDAS/eidas-attributes.xml @@ -0,0 +1,376 @@ + + + + + + eIDAS attributes + + http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier + PersonIdentifier + NaturalPerson + true + true + http://eidas.europa.eu/attributes/naturalperson + PersonIdentifierType + eidas-natural + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName + FamilyName + NaturalPerson + true + true + http://eidas.europa.eu/attributes/naturalperson + CurrentFamilyNameType + eidas-natural + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName + FirstName + NaturalPerson + true + true + http://eidas.europa.eu/attributes/naturalperson + CurrentGivenNameType + eidas-natural + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/DateOfBirth + DateOfBirth + NaturalPerson + true + http://eidas.europa.eu/attributes/naturalperson + DateOfBirthType + eidas-natural + eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/BirthName + BirthName + NaturalPerson + false + true + http://eidas.europa.eu/attributes/naturalperson + BirthNameType + eidas-natural + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth + PlaceOfBirth + NaturalPerson + false + http://eidas.europa.eu/attributes/naturalperson + PlaceOfBirthType + eidas-natural + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/CurrentAddress + CurrentAddress + NaturalPerson + false + http://eidas.europa.eu/attributes/naturalperson + CurrentAddressType + eidas-natural + eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/Gender + Gender + NaturalPerson + false + http://eidas.europa.eu/attributes/naturalperson + GenderType + eidas-natural + eu.eidas.auth.commons.protocol.eidas.impl.GenderAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier + LegalPersonIdentifier + LegalPerson + true + true + http://eidas.europa.eu/attributes/legalperson + LegalPersonIdentifierType + eidas-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/LegalName + LegalName + LegalPerson + true + true + http://eidas.europa.eu/attributes/legalperson + LegalNameType + eidas-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/LegalPersonAddress + LegalAddress + LegalPerson + false + http://eidas.europa.eu/attributes/legalperson + LegalPersonAddressType + eidas-legal + eu.eidas.auth.commons.protocol.eidas.impl.LegalAddressAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/VATRegistrationNumber + VATRegistration + LegalPerson + false + http://eidas.europa.eu/attributes/legalperson + VATRegistrationNumberType + eidas-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/TaxReference + TaxReference + LegalPerson + false + http://eidas.europa.eu/attributes/legalperson + TaxReferenceType + eidas-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/D-2012-17-EUIdentifier + D-2012-17-EUIdentifier + LegalPerson + false + http://eidas.europa.eu/attributes/legalperson + D-2012-17-EUIdentifierType + eidas-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/LEI + LEI + LegalPerson + false + http://eidas.europa.eu/attributes/legalperson + LEIType + eidas-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/EORI + EORI + LegalPerson + false + http://eidas.europa.eu/attributes/legalperson + EORIType + eidas-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/SEED + SEED + LegalPerson + false + http://eidas.europa.eu/attributes/legalperson + SEEDType + eidas-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/SIC + SIC + LegalPerson + false + http://eidas.europa.eu/attributes/legalperson + SICType + eidas-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/representative/PersonIdentifier + RepresentativePersonIdentifier + RepresentativeNaturalPerson + false + true + http://eidas.europa.eu/attributes/naturalperson/representative + PersonIdentifierType + eidas-natural + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/representative/CurrentFamilyName + RepresentativeFamilyName + RepresentativeNaturalPerson + false + true + http://eidas.europa.eu/attributes/naturalperson/representative + CurrentFamilyNameType + eidas-reprentative-natural + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/representative/CurrentGivenName + RepresentativeFirstName + RepresentativeNaturalPerson + false + true + http://eidas.europa.eu/attributes/naturalperson/representative + CurrentGivenNameType + eidas-reprentative-natural + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/representative/DateOfBirth + RepresentativeDateOfBirth + RepresentativeNaturalPerson + false + http://eidas.europa.eu/attributes/naturalperson/representative + DateOfBirthType + eidas-reprentative-natural + eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/representative/BirthName + RepresentativeBirthName + RepresentativeNaturalPerson + false + true + http://eidas.europa.eu/attributes/naturalperson/representative + BirthNameType + eidas-reprentative-natural + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/representative/PlaceOfBirth + RepresentativePlaceOfBirth + RepresentativeNaturalPerson + false + http://eidas.europa.eu/attributes/naturalperson/representative + PlaceOfBirthType + eidas-reprentative-natural + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/representative/CurrentAddress + RepresentativeCurrentAddress + RepresentativeNaturalPerson + false + http://eidas.europa.eu/attributes/naturalperson/representative + CurrentAddressType + eidas-reprentative-natural + eu.eidas.auth.commons.protocol.eidas.impl.RepvCurrentAddressAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/representative/Gender + RepresentativeGender + RepresentativeNaturalPerson + false + http://eidas.europa.eu/attributes/naturalperson/representative + GenderType + eidas-reprentative-natural + eu.eidas.auth.commons.protocol.eidas.impl.GenderAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonIdentifier + RepresentativeLegalPersonIdentifier + RepresentativeLegalPerson + false + true + http://eidas.europa.eu/attributes/legalperson/representative + LegalPersonIdentifierType + eidas-reprentative-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/LegalName + RepresentativeLegalName + RepresentativeLegalPerson + false + true + http://eidas.europa.eu/attributes/legalperson/representative + LegalNameType + eidas-reprentative-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonAddress + RepresentativeLegalAddress + RepresentativeLegalPerson + false + http://eidas.europa.eu/attributes/legalperson/representative + LegalPersonAddressType + eidas-reprentative-legal + eu.eidas.auth.commons.protocol.eidas.impl.RepvLegalAddressAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/VATRegistrationNumber + RepresentativeVATRegistration + RepresentativeLegalPerson + false + http://eidas.europa.eu/attributes/legalperson/representative + VATRegistrationNumberType + eidas-reprentative-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/TaxReference + RepresentativeTaxReference + RepresentativeLegalPerson + false + http://eidas.europa.eu/attributes/legalperson/representative + TaxReferenceType + eidas-reprentative-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/D-2012-17-EUIdentifier + RepresentativeD-2012-17-EUIdentifier + RepresentativeLegalPerson + false + http://eidas.europa.eu/attributes/legalperson/representative + D-2012-17-EUIdentifierType + eidas-reprentative-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/LEI + RepresentativeLEI + RepresentativeLegalPerson + false + http://eidas.europa.eu/attributes/legalperson/representative + LEIType + eidas-reprentative-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/EORI + RepresentativeEORI + RepresentativeLegalPerson + false + http://eidas.europa.eu/attributes/legalperson/representative + EORIType + eidas-reprentative-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/SEED + RepresentativeSEED + RepresentativeLegalPerson + false + http://eidas.europa.eu/attributes/legalperson/representative + SEEDType + eidas-reprentative-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/SIC + RepresentativeSIC + RepresentativeLegalPerson + false + http://eidas.europa.eu/attributes/legalperson/representative + SICType + eidas-reprentative-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonAddress + RepresentativeLegalAddress + RepresentativeLegalPerson + false + http://eidas.europa.eu/attributes/legalperson/representative + LegalPersonAddressType + eidas-reprentative-legal + eu.eidas.auth.commons.protocol.eidas.impl.RepvLegalAddressAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/VATRegistrationNumber + RepresentativeVATRegistration + RepresentativeLegalPerson + false + http://eidas.europa.eu/attributes/legalperson/representative + VATRegistrationNumberType + eidas-reprentative-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + + diff --git a/ms_specific_proxyservice/src/test/resources/config/eIDAS/igniteSpecificCommunication.xml b/ms_specific_proxyservice/src/test/resources/config/eIDAS/igniteSpecificCommunication.xml new file mode 100644 index 00000000..f817f5a4 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/eIDAS/igniteSpecificCommunication.xml @@ -0,0 +1,109 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionConnector.xml b/ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionConnector.xml new file mode 100644 index 00000000..d1fc042d --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionConnector.xml @@ -0,0 +1,37 @@ + + + + + + + specificCommunicationDefinitionConnectorRequest + specificConnector + + + mySecretConnectorRequest + SHA-256 + + + specificCommunicationDefinitionConnectorResponse + specificConnector + + + mySecretConnectorResponse + SHA-256 + + + 65535 + diff --git a/ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionProxyservice.xml b/ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionProxyservice.xml new file mode 100644 index 00000000..c8caf16b --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionProxyservice.xml @@ -0,0 +1,37 @@ + + + + + + true + + + specificCommunicationDefinitionProxyserviceRequest + specificProxyService + + mySecretProxyserviceRequest + SHA-256 + + + specificCommunicationDefinitionProxyserviceResponse + specificProxyService + + mySecretProxyserviceResponse + SHA-256 + + + 65535 + diff --git a/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties b/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties new file mode 100644 index 00000000..8cd77046 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties @@ -0,0 +1,116 @@ +## Set Spring-Boot profile-configuration to 2.3 style +spring.config.use-legacy-processing=true + +## ApplicationServer configuration +server.servlet.contextPath=/ms_proxyservice +#server.port=7080 + +app.build.artifactId=ms_proxyservice + + + +############################################################################# +## SpringBoot Admin client +spring.boot.admin.client.enabled=false + +############################################################################# +## SpringBoot Actuator +management.endpoints.web.exposure.include=health,info + +############################################################################# +## Common parts of MS-speccific eIDAS application configuration + +eidas.ms.context.url.prefix=https://localhost/ms_proxy/ +eidas.ms.context.url.request.validation=false +eidas.ms.core.configRootDir=file:./src/test/resources/config/ +eidas.ms.context.use.clustermode=true +eidas.ms.core.logging.level.info.errorcodes=auth.21 + +##Monitoring +eidas.ms.monitoring.eIDASNode.metadata.url= + + +##Specific logger configuration +eidas.ms.technicallog.write.MDS.into.techlog=true +eidas.ms.revisionlog.write.MDS.into.revisionlog=true +eidas.ms.revisionlog.logIPAddressOfUser=true + + +##Directory for static Web content +eidas.ms.webcontent.static.directory=webcontent/ +eidas.ms.webcontent.templates=templates/ +eidas.ms.webcontent.properties=properties/messages + + +## extended validation of pending-request Id's +eidas.ms.core.pendingrequestid.maxlifetime=300 +eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256 +eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret + + +## HTTP-client defaults +eidas.ms.client.http.connection.timeout.socket=15 +eidas.ms.client.http.connection.timeout.connection=15 +eidas.ms.client.http.connection.timeout.request=15 + + +## Common PVP2 S-Profile (SAML2) configuration +eidas.ms.pvp2.metadata.organisation.name=JUnit +eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.pvp2.metadata.organisation.url=http://junit.test +eidas.ms.pvp2.metadata.contact.givenname=Max +eidas.ms.pvp2.metadata.contact.surname=Mustermann +eidas.ms.pvp2.metadata.contact.email=max@junit.test + +##only for advanced config +eidas.ms.configuration.pvp.scheme.validation=true +eidas.ms.configuration.pvp.enable.entitycategories=false + + +############################################################################# +## MS-speccific eIDAS-Proxy-Service configuration + + +#### eIDAS ms-specific Proxy-Service configuration +eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy +eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://localhost/EidasNode +eidas.ms.auth.eIDAS.node_v2.forward.method=POST + +# Mandate configuration +eidas.ms.auth.eIDAS.proxy.mandates.enabled=false +#eidas.ms.auth.eIDAS.proxy.mandates.profiles.natural.default= +#eidas.ms.auth.eIDAS.proxy.mandates.profiles.legal.default= + + +## special foreign eIDAS-Connector configuration +#eidas.ms.connector.0.uniqueID=https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata +#eidas.ms.connector.0.countryCode=CC +#eidas.ms.connector.0.mandates.enabled=false +#eidas.ms.connector.0.mandates.natural= +#eidas.ms.connector.0.mandates.legal= +#eidas.ms.connector.0.auth.idaustria.entityId= + + +## PVP2 S-Profile communication with ID Austria System +# EntityId and optional metadata of ID Austria System +eidas.ms.modules.idaustriaauth.idp.entityId=classpath:/data/idp_metadata_classpath_entity.xml +#eidas.ms.modules.idaustriaauth.idp.metadataUrl= + +# SAML2 client configuration +eidas.ms.modules.idaustriaauth.keystore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaauth.keystore.password=password +eidas.ms.modules.idaustriaauth.keystore.type=jks + +eidas.ms.modules.idaustriaauth.metadata.sign.alias=meta +eidas.ms.modules.idaustriaauth.metadata.sign.password=password +eidas.ms.modules.idaustriaauth.request.sign.alias=sig +eidas.ms.modules.idaustriaauth.request.sign.password=password +eidas.ms.modules.idaustriaauth.response.encryption.alias=enc +eidas.ms.modules.idaustriaauth.response.encryption.password=password + +eidas.ms.modules.idaustriaauth.truststore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaauth.truststore.password=password +eidas.ms.modules.idaustriaauth.truststore.type=jks + + + diff --git a/ms_specific_proxyservice/src/test/resources/config/keys/Metadata.pem b/ms_specific_proxyservice/src/test/resources/config/keys/Metadata.pem new file mode 100644 index 00000000..b544c194 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/keys/Metadata.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC+jCCAeKgAwIBAgIEXjF+fTANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJB +VDENMAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxETAPBgNVBAMMCE1ldGFk +YXRhMB4XDTIwMDEyOTEyNDU0OVoXDTI2MDEyODEyNDU0OVowPzELMAkGA1UEBhMC +QVQxDTALBgNVBAcMBEVHSVoxDjAMBgNVBAoMBWpVbml0MREwDwYDVQQDDAhNZXRh +ZGF0YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK230G3dxNbNlSYA +O5Kx/Js0aBAgxMt7q9m+dA35fK/dOvF/GjrqjWsMCnax+no9gLnq6x0gXiJclz6H +rp/YDOfLrJjMpNL/r0FWT947vbnEj7eT8TdY5d6Yi8AZulZmjiCI5nbZh2zwrP4+ +WqRroLoPhXQj8mDyp26M4xHBBUhLMRc2HV4S+XH4uNZ/vTmb8vBg31XGHCY33gl7 +/KA54JNGxJdN8Dxv6yHYsm91ZfVrX39W0iYLUNhUCkolwuQmjDVfrExM8BTLIONb +f+erJoCm3A9ghZyDYRQ/e69/UEUqDa6XOzykr88INkQscEiAXCDS+EBPMpKo+t3l +PIA9r7kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAh/2mg4S03bdZy1OVtEAudBT9 +YZb9OF34hxPtNbkB/V04wSIg1d4TBr5KDhV7CdiUOxPZzHpS8LUCgfGX306FB6NX +zh/b67uTOPaE72AB4VIT/Np0fsM7k5WhG9k9NoprIGiqCz2lXcfpZiT+LtSO1vWS +YI87wR9KOSWjcw/5i5qZIAJuwvLCQj5JtUsmrhHK75222J3TJf4dS/gfN4xfY2rW +9vcXtH6//8WdWp/zx9V7Z1ZsDb8TDKtBCEGuFDgVeU5ScKtVq8qRoUKD3Ve76cZi +purO3KrRrVAuZP2EfLkZdHEHqe8GPigNnZ5kTn8V2VJ3iRAQ73hpJRR98tFd0A== +-----END CERTIFICATE----- diff --git a/ms_specific_proxyservice/src/test/resources/config/keys/junit.jks b/ms_specific_proxyservice/src/test/resources/config/keys/junit.jks new file mode 100644 index 00000000..59e6ad13 Binary files /dev/null and b/ms_specific_proxyservice/src/test/resources/config/keys/junit.jks differ diff --git a/ms_specific_proxyservice/src/test/resources/config/keys/junit_test.jks b/ms_specific_proxyservice/src/test/resources/config/keys/junit_test.jks new file mode 100644 index 00000000..ee6254a9 Binary files /dev/null and b/ms_specific_proxyservice/src/test/resources/config/keys/junit_test.jks differ diff --git a/ms_specific_proxyservice/src/test/resources/config/keys/teststore.jks b/ms_specific_proxyservice/src/test/resources/config/keys/teststore.jks new file mode 100644 index 00000000..fcc6400c Binary files /dev/null and b/ms_specific_proxyservice/src/test/resources/config/keys/teststore.jks differ diff --git a/ms_specific_proxyservice/src/test/resources/config/logback_config.xml b/ms_specific_proxyservice/src/test/resources/config/logback_config.xml new file mode 100644 index 00000000..bb3de3e8 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/logback_config.xml @@ -0,0 +1,102 @@ + + + + + + + + + + + + + ${catalina.base}/logs/eIDAS_node.log + + %5p | %d{dd HH:mm:ss,SSS} | %t | %m%n + + + 9999 + ${catalina.base}/logs/eIDAS_node.log.%i + + + 10000KB + + + + + ${catalina.base}/logs/eidas-ms-reversion.log + + %5p | %d{dd HH:mm:ss,SSS} | %t | %m%n + + + 9999 + ${catalina.base}/logs/eidas-ms-reversion.log.%i + + + 10000KB + + + + + ${catalina.base}/logs/eidas-ms-reversion.log + + %5p | %d{dd HH:mm:ss,SSS} | %t | %m%n + + + 9999 + ${catalina.base}/logs/eidas-ms-reversion.log.%i + + + 10000KB + + + + + ${catalina.base}/logs/eidas-ms-statistic.log + + %5p | %d{dd HH:mm:ss,SSS} | %t | %m%n + + + 9999 + ${catalina.base}/logs/eidas-ms-statistic.log.%i + + + 10000KB + + + + + ${catalina.base}/logs/console.log + + %5p | %d{dd HH:mm:ss,SSS} | %t | %m%n + + + 9999 + ${catalina.base}/logs/console.log.%i + + + 10000KB + + + + + %5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n + + + + + + + + + + + + + + + + + + + diff --git a/ms_specific_proxyservice/src/test/resources/config/properties/messages.properties b/ms_specific_proxyservice/src/test/resources/config/properties/messages.properties new file mode 100644 index 00000000..e69de29b diff --git a/ms_specific_proxyservice/src/test/resources/config/properties/messages_de.properties b/ms_specific_proxyservice/src/test/resources/config/properties/messages_de.properties new file mode 100644 index 00000000..e69de29b diff --git a/ms_specific_proxyservice/src/test/resources/config/properties/messages_en.properties b/ms_specific_proxyservice/src/test/resources/config/properties/messages_en.properties new file mode 100644 index 00000000..e69de29b diff --git a/ms_specific_proxyservice/src/test/resources/config/templates/eidas_node_forward.html b/ms_specific_proxyservice/src/test/resources/config/templates/eidas_node_forward.html new file mode 100644 index 00000000..6dffa34b --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/templates/eidas_node_forward.html @@ -0,0 +1,36 @@ + + + + + + + + +
Your login is being processed. Thank you for + waiting.
+ +
+
+ +
+ +
+ + + \ No newline at end of file diff --git a/ms_specific_proxyservice/src/test/resources/config/templates/error.html b/ms_specific_proxyservice/src/test/resources/config/templates/error.html new file mode 100644 index 00000000..21f589cd --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/templates/error.html @@ -0,0 +1,53 @@ + + + + + + +An error arise ... + + + +
+
+
+

Error Header

+ +
+

Error Information

+
+

Code :

+

Msg :

+
+
+ +
+

Timestamp:

+
+
+

Error:

+
+
+

Status:

+
+
+

Message:

+
+
+

Exception:

+
+
+

Trace:

+
+
+

Stacktrace:

+
+ +
+
+ + \ No newline at end of file diff --git a/ms_specific_proxyservice/src/test/resources/config/templates/error_message.html b/ms_specific_proxyservice/src/test/resources/config/templates/error_message.html new file mode 100644 index 00000000..caaf7136 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/templates/error_message.html @@ -0,0 +1,37 @@ + + + + + + + An error arise ... + + + +
+
+

Authentication error arise

+ +
+

Error Header

+ +
+

Error Information

+
+

Code :

+

Msg :

+
+ +
+ +
+

fullError

+
+ +
+
+ + \ No newline at end of file diff --git a/ms_specific_proxyservice/src/test/resources/config/templates/pvp2_post_binding.html b/ms_specific_proxyservice/src/test/resources/config/templates/pvp2_post_binding.html new file mode 100644 index 00000000..06b9b494 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/templates/pvp2_post_binding.html @@ -0,0 +1,36 @@ +## ## Velocity Template for SAML 2 HTTP-POST binding ## ## Velocity +##context may contain the following properties ## action - String - the +##action URL for the form ## RelayState - String - the relay state for the +##message ## SAMLRequest - String - the Base64 encoded SAML Request ## +##SAMLResponse - String - the Base64 encoded SAML Response + + + + + + + + +
Your login is being processed. Thank you for + waiting.
+ +
+
+ #if($RelayState) #end + #if($SAMLRequest) #end + #if($SAMLResponse) #end +
+ +
+ + + \ No newline at end of file diff --git a/ms_specific_proxyservice/src/test/resources/config/webcontent/autocommit.js b/ms_specific_proxyservice/src/test/resources/config/webcontent/autocommit.js new file mode 100644 index 00000000..d21a5651 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/webcontent/autocommit.js @@ -0,0 +1,5 @@ +function autoCommmit() { + document.forms[0].submit(); +} + +document.addEventListener('DOMContentLoaded', autoCommmit); \ No newline at end of file diff --git a/ms_specific_proxyservice/src/test/resources/config/webcontent/css/css_error.css b/ms_specific_proxyservice/src/test/resources/config/webcontent/css/css_error.css new file mode 100644 index 00000000..d772df43 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/config/webcontent/css/css_error.css @@ -0,0 +1,26 @@ +@charset "utf-8"; + body { + padding-left: 5%; + background-color: #F9F9F9; + } + #page { + padding-top: 2%; + padding-right: 10%; + padding-left: 5%; + } + + .OA_header { + font-size: 2.1em; + padding-top:1%; + margin-bottom: 1%; + margin-top: 1%; + + } + + #alert_area { + float:left; + width: 100%; + } + + + diff --git a/ms_specific_proxyservice/src/test/resources/config/webcontent/img/ajax-loader.gif b/ms_specific_proxyservice/src/test/resources/config/webcontent/img/ajax-loader.gif new file mode 100644 index 00000000..f2a1bc0c Binary files /dev/null and b/ms_specific_proxyservice/src/test/resources/config/webcontent/img/ajax-loader.gif differ diff --git a/ms_specific_proxyservice/src/test/resources/data/Response_with_EID.xml b/ms_specific_proxyservice/src/test/resources/data/Response_with_EID.xml new file mode 100644 index 00000000..cf37a235 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/data/Response_with_EID.xml @@ -0,0 +1,49 @@ + + + classpath:/data/idp_metadata_classpath_entity.xml + + + + + https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata + + QVGm48cqcM4UcyhDTNGYmVdrIoY= + + + + + + + https://localhost/ms_proxy/sp/idaustria/eidas/metadata + + + + + http://eidas.europa.eu/LoA/high + + + + + 2.2 + + + http://eidas.europa.eu/LoA/high + + + AT + + + Mustermann + + + Max + + + 1940-01-01 + + + AT+XX:QVGm48cqcM4UcyhDTNGYmVdrIoY= + + + + diff --git a/ms_specific_proxyservice/src/test/resources/data/idp_metadata_classpath_entity.xml b/ms_specific_proxyservice/src/test/resources/data/idp_metadata_classpath_entity.xml new file mode 100644 index 00000000..de565887 --- /dev/null +++ b/ms_specific_proxyservice/src/test/resources/data/idp_metadata_classpath_entity.xml @@ -0,0 +1,146 @@ + + + + + + + MIIDMzCCAhsCBFtIcPowDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH + SVoxJDAiBgNVBAsMG2NlbnRyYWwgbmF0aW9uYWwgZUlEQVMgbm9kZTEaMBgGA1UEAwwRQXNzZXJ0 + aW9uIHNpZ25pbmcwHhcNMTgwNzEzMDkyOTMwWhcNMjEwNDA3MDkyOTMwWjBeMQswCQYDVQQGEwJB + VDENMAsGA1UECgwERUdJWjEkMCIGA1UECwwbY2VudHJhbCBuYXRpb25hbCBlSURBUyBub2RlMRow + GAYDVQQDDBFBc3NlcnRpb24gc2lnbmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB + AJ5zDYxMPRcz6AHaev1tS46Tq8sdgbGFM56uxk6c7LmMDC+HTzNX/3Q5S/YwSzgL3ue5TSw1ltOf + yMXMZ6D0+buWWcsxGEkQ8M3adKRFdQrEwafzwTA7pguq5WiHOkr4qwR7dLMome9z5cc3LRcwdOPP + gq7ahb5jM3hRqc5xkMWIuvql0NFXPzlHrjDLwy5nIWPOhL5abhVt4YsXbpbjXxFSGkDEAZ32K3EU + LNBr9FSUmJfbrVX9AU2T+BKIwiqXP8e/3UJHgPHQ0l5ljWp5P6u5+tvM21o8sUM4eArRa8BkdRsP + C92GVuASSUz2ZJ3JhAK1cSM8bnvaZVLQtTvPMAcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAp7z + TubWXW6YMpyLSvWBdZiiQ3X66XpSZLZJDIAkoPzEY0DSBp8I5YASIx4JTR5XJt+6MI9acgNIAYW8 + DhtRwUMVaRWEtuCrfKhGLWm5KSxnhPcD3lzRZhY4ZcA7dUlirjf6hnqo2TFEmJ9fkM+rxwy1GkDD + 7j2YDSOFmSq9/Ud9/IbIfSnRu/lO0dh7iRrmg3y0Y/+plPxYmp4AHqehP11OchTz2FGGHVsSC2Vs + IVBQI6ANZYyOlicgfEEFHA06jP9OnA0EwEFr2P+di9caZg8vfibyzxMGeuf6CY0c0eLHokBCn2W8 + vkzvWiER3pozRvCmXFjCVZfRjUunaJf2ow== + + + + MIIC+DCCAeCgAwIBAgIEXh7TbTANBgkqhkiG9w0BAQsFADA+MQswCQYDVQQGEwJB + VDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxEDAOBgNVBAMMB3NpZ25p + bmcwHhcNMjAwMTE1MDg1NTA5WhcNMjkwMTE0MDg1NTA5WjA+MQswCQYDVQQGEwJB + VDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxEDAOBgNVBAMMB3NpZ25p + bmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUSiRjnDvPafZfhJ+L + 1wM86FKJX3VIAV/8TD9qJ6HOBkn5WwYfpheyCfRb6XVDyIGpO8qnMWAgC17Ngbmh + zj8d8HXNQ2l3uppMv24oUTfXyYhQfZWAghx0sTlRIx/ZmlnduJilx2S53Sa7ruJw + lQcBFXj9h9B8dtyegc86Sx6D9BumP1xU7+mEBk8Gv9rR5Khg0Y7qGfZWB0t4aikg + aupWveVwiGifOOSfR8czqIg9qUpMYfZiTEBTSRmN6sPiNWhd4J0GyAI9Rn5C9jz/ + sSlQrxpN+4DXzsqSU5F6gzq3yRux6wyOzDlt2birf21VPQ9HIy4YCjZXwgDWG7AO + 821pAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADnwdaxUtQU6SIpYwIb2c0ljTmQi + 7ryUcUpNHtK0M0E5Mw5Ex8zwrWbNQZ2sUyc4r07M66iOIqHsYZUQlRYvVKHifDpA + r8TCgD7iGGdB3By8Ou0RaNW+03w1fwmi98CufbHCGvpv0o2KxlejoHZminNdQ79i + bN+01nhocezJQATEQlnwHLiQSjilXpZeLYDk8HbrcUXNRxezN4ChdH+uU54vf+Ux + qcj9QHcmBe1+BM8EXfqS1DbTwZl+NTCnh5OYl8fvIFSOHMBxwFrI4pyY0faxg9Uc + rCogn/oQ+mV1gnVUDaDhvvEnVGZQtrlt7heVId2BeNellVgsrcmdW8j4U9U= + + + + MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDEN + MAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRh + MB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQx + DTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0 + YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SY + O4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYI + KoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImn + AiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA== + + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + + + + + + + + + + + + + + + + + + + + -- cgit v1.2.3