From fa2384985454568439dc286a6a9051fba47322ed Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 25 Jan 2021 16:30:07 +0100 Subject: add ID Austria communication-module and additional jUnit test It's first alpha-version of eIDAS MS-specific Proxy-Service with ID Austria authentication --- .../builder/AuthenticationDataBuilder.java | 3 + .../src/main/resources/application.properties | 71 ++++++++++++++++++---- 2 files changed, 63 insertions(+), 11 deletions(-) (limited to 'connector/src/main') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java index 3a93c1b8..2e70893b 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java @@ -86,6 +86,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder ((EidAuthenticationData)authData).setEidStatus(authProcessData.isTestIdentity() ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY); + + + } else { throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: " + authData.getClass().getName()); diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index e7437840..f6d9bb7e 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -8,6 +8,7 @@ server.servlet.contextPath=/ms_connector app.build.artifactId=ms_connector + ############################################################################# ## SpringBoot Admin client spring.boot.admin.client.enabled=false @@ -16,9 +17,9 @@ spring.boot.admin.client.enabled=false ## SpringBoot Actuator management.endpoints.web.exposure.include=health,info - ############################################################################# -## MS-speccific eIDAS-Connector configuration +## Common parts of MS-speccific eIDAS application configuration + #eidas.ms.context.url.prefix= eidas.ms.context.url.request.validation=false #eidas.ms.configRootDir=file:/.../config/ @@ -48,6 +49,29 @@ eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256 #eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret +## HTTP-client defaults +eidas.ms.client.http.connection.timeout.socket=15 +eidas.ms.client.http.connection.timeout.connection=15 +eidas.ms.client.http.connection.timeout.request=15 + + +## Common PVP2 S-Profile (SAML2) configuration +#eidas.ms.pvp2.metadata.organisation.name=JUnit +#eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit +#eidas.ms.pvp2.metadata.organisation.url=http://junit.test +#eidas.ms.pvp2.metadata.contact.givenname=Max +#eidas.ms.pvp2.metadata.contact.surname=Mustermann +#eidas.ms.pvp2.metadata.contact.email=max@junit.test + +##only for advanced config +eidas.ms.configuration.pvp.scheme.validation=true +eidas.ms.configuration.pvp.enable.entitycategories=false + + + +############################################################################# +## MS-speccific eIDAS-Connector configuration + ## eIDAS Ref. Implementation connector ### eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector eidas.ms.auth.eIDAS.eid.testidentity.default=false @@ -139,13 +163,6 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true #eidas.ms.pvp2.key.signing.password=password eidas.ms.pvp2.metadata.validity=24 -#eidas.ms.pvp2.metadata.organisation.name=JUnit -#eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit -#eidas.ms.pvp2.metadata.organisation.url=http://junit.test -#eidas.ms.pvp2.metadata.contact.givenname=Max -#eidas.ms.pvp2.metadata.contact.surname=Mustermann -#eidas.ms.pvp2.metadata.contact.email=max@junit.test - ## Service Provider configuration #eidas.ms.sp.0.uniqueID=https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata @@ -159,5 +176,37 @@ eidas.ms.pvp2.metadata.validity=24 ##only for advanced config eidas.ms.configuration.sp.disableRegistrationRequirement=false -eidas.ms.configuration.pvp.scheme.validation=true -eidas.ms.configuration.pvp.enable.entitycategories=false \ No newline at end of file + + + +############################################################################# +## MS-speccific eIDAS-Proxy-Service configuration + +#### eIDAS ms-specific Proxy-Service configuration +eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy +#eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint= + + +## PVP2 S-Profile communication with ID Austria System +# EntityId and optional metadata of ID Austria System +#eidas.ms.modules.idaustriaauth.idp.entityId= +#eidas.ms.modules.idaustriaauth.idp.metadataUrl= + +# SAML2 client configuration +eidas.ms.modules.idaustriaauth.keystore.type=jks +#eidas.ms.modules.idaustriaauth.keystore.name= +#eidas.ms.modules.idaustriaauth.keystore.path= +#eidas.ms.modules.idaustriaauth.keystore.password= +#eidas.ms.modules.idaustriaauth.metadata.sign.alias= +#eidas.ms.modules.idaustriaauth.metadata.sign.password= +#eidas.ms.modules.idaustriaauth.request.sign.alias= +#eidas.ms.modules.idaustriaauth.request.sign.password= +#eidas.ms.modules.idaustriaauth.response.encryption.alias= +#eidas.ms.modules.idaustriaauth.response.encryption.password= + +# TrustStore to validate SAML2 metadata from ID Austria +#eidas.ms.modules.idaustriaauth.truststore.type=jks +#eidas.ms.modules.idaustriaauth.truststore.name= +#eidas.ms.modules.idaustriaauth.truststore.path= +#eidas.ms.modules.idaustriaauth.truststore.password= + -- cgit v1.2.3 From 1ae77e971928a44dd278eaa473392c35855c4227 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 26 Jan 2021 07:40:01 +0100 Subject: update SAML2 IDP elements of MS-specific Connector to current snapshot version (1.1.12-SNAPSHOT) of eaaf_module_pvp2_idp --- .../resources/specific_eIDAS_connector.beans.xml | 81 ++++++++++------------ .../spring/SpringTest_connector.beans.xml | 21 ++---- 2 files changed, 42 insertions(+), 60 deletions(-) (limited to 'connector/src/main') diff --git a/connector/src/main/resources/specific_eIDAS_connector.beans.xml b/connector/src/main/resources/specific_eIDAS_connector.beans.xml index 8ff4e565..ecf6d348 100644 --- a/connector/src/main/resources/specific_eIDAS_connector.beans.xml +++ b/connector/src/main/resources/specific_eIDAS_connector.beans.xml @@ -14,71 +14,60 @@ + class="at.asitplus.eidas.specific.connector.config.StaticResourceConfiguration" /> + class="at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalController" /> - - - + + class="at.asitplus.eidas.specific.connector.auth.AuthenticationManager" /> + class="at.asitplus.eidas.specific.connector.builder.AuthenticationDataBuilder" /> + class="at.asitplus.eidas.specific.connector.config.PvpEndPointConfiguration" /> + class="at.asitplus.eidas.specific.connector.provider.PvpEndPointCredentialProvider" /> + class="at.asitplus.eidas.specific.connector.provider.PvpMetadataConfigurationFactory" /> - - - - - - + class="at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint"> + + + + class="at.asitplus.eidas.specific.connector.verification.AuthnRequestValidator" /> - + - - - + class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.MetadataAction"> + - - - - - - + class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AuthenticationAction"> + + + class="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService"> @@ -86,43 +75,43 @@ class="at.gv.egiz.eaaf.core.impl.idp.auth.services.DefaultErrorService"/> + class="at.gv.egiz.eaaf.core.impl.utils.SecurePendingRequestIdGenerationStrategy" /> + class="at.asitplus.eidas.specific.connector.provider.PvpMetadataProvider" /> + class="at.asitplus.eidas.specific.connector.builder.PvpSubjectNameGenerator" /> + class="at.asitplus.eidas.specific.connector.mapper.LoALevelMapper" /> + class="at.asitplus.eidas.specific.connector.gui.GuiBuilderConfigurationFactory" /> + class="at.asitplus.eidas.specific.connector.gui.DefaultVelocityGuiBuilderImpl" /> + class="at.gv.egiz.eaaf.core.impl.gui.builder.SpringMvcGuiFormBuilderImpl" /> + class="at.asitplus.eidas.specific.connector.provider.StatusMessageProvider" /> + class="at.asitplus.eidas.specific.connector.logger.RevisionLogger" /> + class="at.asitplus.eidas.specific.connector.logger.StatisticLogger" /> + class="at.asitplus.eidas.specific.connector.processes.tasks.GenerateCountrySelectionFrameTask" + scope="prototype" /> + class="at.asitplus.eidas.specific.connector.processes.tasks.EvaluateCountrySelectionTask" + scope="prototype" /> \ No newline at end of file diff --git a/connector/src/test/resources/spring/SpringTest_connector.beans.xml b/connector/src/test/resources/spring/SpringTest_connector.beans.xml index 8f3d25ad..6fec6000 100644 --- a/connector/src/test/resources/spring/SpringTest_connector.beans.xml +++ b/connector/src/test/resources/spring/SpringTest_connector.beans.xml @@ -38,19 +38,16 @@ - - - - - - + + - + + @@ -61,12 +58,8 @@ - - - - - - + + Date: Tue, 30 Mar 2021 15:08:07 +0200 Subject: add mandate functionality into eIDAS out-going process --- .../builder/AuthenticationDataBuilder.java | 182 +++++++++++++++--- .../test/utils/AuthenticationDataBuilderTest.java | 206 ++++++++++++++++++++- .../config/ServiceProviderConfiguration.java | 6 + .../specific/modules/auth/eidas/v2/Constants.java | 6 + .../auth/idaustria/IdAustriaAuthConstants.java | 58 ++++-- .../tasks/ReceiveFromIdAustriaSystemTask.java | 29 ++- .../tasks/RequestIdAustriaSystemTask.java | 68 +++---- .../IdAustriaAuthMetadataControllerFirstTest.java | 4 +- .../test/task/ReceiveAuthnResponseTaskTest.java | 102 ++++++++++ .../test/task/RequestIdAustriaSystemTaskTest.java | 45 +++++ .../data/Response_with_EID_with_mandate_jur.xml | 63 +++++++ .../data/Response_with_EID_with_mandate_nat.xml | 66 +++++++ .../msproxyservice/MsProxyServiceConstants.java | 16 +- .../protocol/EidasProxyServiceController.java | 32 +++- .../protocol/ProxyServiceAuthenticationAction.java | 89 ++++++++- .../protocol/EidasProxyServiceControllerTest.java | 95 ++++++++++ .../ProxyServiceAuthenticationActionTest.java | 196 +++++++++++++++++++- 17 files changed, 1160 insertions(+), 103 deletions(-) create mode 100644 eidas_modules/authmodule_id-austria/src/test/resources/data/Response_with_EID_with_mandate_jur.xml create mode 100644 eidas_modules/authmodule_id-austria/src/test/resources/data/Response_with_EID_with_mandate_nat.xml (limited to 'connector/src/main') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java index 2e70893b..629d015e 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java @@ -24,19 +24,31 @@ package at.asitplus.eidas.specific.connector.builder; import java.util.Date; +import java.util.Optional; +import java.util.Set; +import java.util.stream.Collectors; import org.springframework.stereotype.Service; +import com.google.common.collect.Streams; + import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants; +import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; +import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder; import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Triple; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder; @@ -46,55 +58,59 @@ import lombok.extern.slf4j.Slf4j; @Service("AuthenticationDataBuilder") @Slf4j public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder { - + + private static final String ERROR_B11 = "builder.11"; + @Override - protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException { + protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException { final EidAuthProcessDataWrapper authProcessData = - pendingReq.getSessionData(EidAuthProcessDataWrapper.class); - EidAuthenticationData authData = new EidAuthenticationData(); - - //set basis infos + pendingReq.getSessionData(EidAuthProcessDataWrapper.class); + final EidAuthenticationData authData = new EidAuthenticationData(); + + // set basis infos super.generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData); - + // set specific informations authData.setSsoSessionValidTo( new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); - - authData.setEidStatus(authProcessData.isTestIdentity() - ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY); - + + authData.setEidStatus(authProcessData.isTestIdentity() + ? EidIdentityStatusLevelValues.TESTIDENTITY + : EidIdentityStatusLevelValues.IDENTITY); + return authData; } @Override - protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) + protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) throws EaafException { if (authData instanceof EidAuthenticationData) { - ((EidAuthenticationData)authData).setGenericData( - ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, + ((EidAuthenticationData) authData).setGenericData( + ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, pendingReq.getUniquePiiTransactionIdentifier()); log.trace("Inject piiTransactionId: {} into AuthData", pendingReq.getUniquePiiTransactionIdentifier()); - + // set specific informations - ((EidAuthenticationData)authData).setSsoSessionValidTo( + ((EidAuthenticationData) authData).setSsoSessionValidTo( new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); - //set E-ID status-level + // set E-ID status-level final EidAuthProcessDataWrapper authProcessData = - pendingReq.getSessionData(EidAuthProcessDataWrapper.class); - ((EidAuthenticationData)authData).setEidStatus(authProcessData.isTestIdentity() - ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY); - - - - + pendingReq.getSessionData(EidAuthProcessDataWrapper.class); + ((EidAuthenticationData) authData).setEidStatus(authProcessData.isTestIdentity() + ? EidIdentityStatusLevelValues.TESTIDENTITY + : EidIdentityStatusLevelValues.IDENTITY); + + // handle mandate informations + buildMandateInformation((EidAuthenticationData) authData, pendingReq, authProcessData); + } else { - throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: " + throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: " + authData.getClass().getName()); - + } - + } @Override @@ -123,4 +139,116 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } + private void buildMandateInformation(EidAuthenticationData authData, IRequest pendingReq, + EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException, + EaafStorageException { + authData.setUseMandate(authProcessData.isMandateUsed()); + if (authProcessData.isMandateUsed()) { + log.debug("Build mandate-releated authentication data ... "); + if (authProcessData.isForeigner()) { + buildMandateInformationForEidasIncoming(); + + } else { + buildMandateInformationForEidasOutgoing(authData, pendingReq, authProcessData); + + } + + // inject mandate information into authdata + final Set mandateAttributes = Streams.concat( + IdAustriaAuthConstants.DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES.stream(), + IdAustriaAuthConstants.DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES.stream()) + .map(el -> el.getFirst()) + .collect(Collectors.toSet()); + + authProcessData.getGenericSessionDataStream() + .filter(el -> mandateAttributes.contains(el.getKey())) + .forEach(el -> { + try { + authData.setGenericData(el.getKey(), el.getValue()); + + } catch (final EaafStorageException e) { + log.error("Can not store attribute: {} into session.", el.getKey(), e); + throw new RuntimeException(e); + + } + }); + } + } + + private void buildMandateInformationForEidasIncoming() { + log.debug("Find eIDAS incoming process. Generated mandate-information for ID-Austria system ... "); + + // TODO: implement IDA specific processing of foreign mandate + + } + + private void buildMandateInformationForEidasOutgoing(EidAuthenticationData authData, IRequest pendingReq, + EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException, + EaafStorageException { + log.debug("Find eIDAS outgoing process. Generated mandate-information for other country ... "); + if (authProcessData.getGenericDataFromSession( + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME) != null) { + final Optional> missingAttribute = + IdAustriaAuthConstants.DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES.stream() + .filter(el -> authProcessData.getGenericDataFromSession(el.getFirst()) == null) + .findFirst(); + if (missingAttribute.isPresent()) { + log.error("ID-Austria response contains not all attributes for nat. person mandator. Missing: {}", + missingAttribute.get().getFirst()); + throw new EaafAuthenticationException(ERROR_B11, new Object[] { "Nat. person mandate" }); + + } else { + log.trace("Find nat. person mandate. Mandate can be used as it is "); + authData.setGenericData(MsProxyServiceConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, + extractBpkFromResponse(authProcessData.getGenericDataFromSession( + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, String.class))); + + } + + } else { + final Optional> missingAttribute = + IdAustriaAuthConstants.DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES.stream() + .filter(el -> authProcessData.getGenericDataFromSession(el.getFirst()) == null) + .findFirst(); + if (missingAttribute.isPresent()) { + log.error("ID-Austria response contains not all attributes for legal. person mandator. Missing: {}", + missingAttribute.get().getFirst()); + throw new EaafAuthenticationException(ERROR_B11, new Object[] { "Legal. person mandate" }); + + } else { + log.trace( + "Find jur. person mandate. Generate eIDAS identifier from legal-person sourcePin and type ... "); + final String sourcePin = authProcessData.getGenericDataFromSession( + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class); + final String sourcePinType = authProcessData.getGenericDataFromSession( + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class); + + // TODO: check if we should to this in such a way! + final Pair leagalPersonIdentifier = + BpkBuilder.generateAreaSpecificPersonIdentifier( + sourcePinType + sourcePin, + sourcePinType, + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + + log.debug("Use legal-person eIDAS identifer: {} from baseId: {} and baseIdType: {}", + leagalPersonIdentifier.getFirst(), sourcePin, sourcePinType); + authData.setGenericData(MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, + leagalPersonIdentifier.getFirst()); + + } + } + } + + private String extractBpkFromResponse(String pvpBpkAttrValue) { + final String[] split = pvpBpkAttrValue.split(":", 2); + if (split.length == 2) { + return split[1]; + + } else { + log.warn("PVP bPK attribute: {} has wrong format. Use it as it is.", pvpBpkAttrValue); + return pvpBpkAttrValue; + + } + } + } diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java index 552c448e..277138ef 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java @@ -1,6 +1,10 @@ package at.asitplus.eidas.specific.connector.test.utils; import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; import java.io.IOException; import java.security.PublicKey; @@ -176,9 +180,169 @@ public class AuthenticationDataBuilderTest { Assert.assertEquals("testIdentity flag", isTestIdentity ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY, - ((EidAuthenticationData)authData).getEidStatus()); + ((EidAuthenticationData)authData).getEidStatus()); + assertFalse("mandate flag", ((EidAuthenticationData)authData).isUseMandate()); + + } + + @Test + public void eidasProxyModeWithJurMandate() throws EaafAuthenticationException, EaafStorageException { + // initialize state + injectRepresentativeInfosIntoSession(); + + String commonMandate = RandomStringUtils.randomAlphabetic(10); + + // set constant country-code and sourcePin to check hashed eIDAS identifier + String sourcePinMandate = "asfdsadfsadfsafsdafsadfasr"; + spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+EE"); + + // set nat. person mandate information + pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, commonMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, + EaafConstants.URN_PREFIX_BASEID + "+XFN"); + + // execute test + IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); + + + // validate state + Assert.assertNotNull("AuthData null", authData); + assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate()); + + //check mandate informations + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, commonMandate); + checkGenericAttribute(authData, MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, + "AT/EE/oaAGaV/zIHSf6rcB0TIOqjWPoOU="); + + } + + @Test + public void eidasProxyModeWithJurMandateMissingAttribute() throws EaafAuthenticationException, EaafStorageException { + // initialize state + injectRepresentativeInfosIntoSession(); + + // set constant country-code and sourcePin to check hashed eIDAS identifier + String sourcePinMandate = "asfdsadfsadfsafsdafsadfasr"; + spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+EE"); + + // set nat. person mandate information + pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, + EaafConstants.URN_PREFIX_BASEID + "+XFN"); + + // execute test + // execute test + EaafAuthenticationException error = assertThrows(EaafAuthenticationException.class, + () -> authenticationDataBuilder.buildAuthenticationData(pendingReq)); + Assert.assertEquals("wrong errorId", "builder.11", error.getErrorId()); + + } + + @Test + public void eidasProxyModeWithNatMandate() throws EaafAuthenticationException, EaafStorageException { + // initialize state + injectRepresentativeInfosIntoSession(); + + String givenNameMandate = RandomStringUtils.randomAlphabetic(10); + String familyNameMandate = RandomStringUtils.randomAlphabetic(10); + String dateOfBirthMandate = "1957-09-15"; + String bpkMandate = RandomStringUtils.randomAlphanumeric(10); + + // set nat. person mandate information + pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, "AT+XX:" + bpkMandate); + + // execute test + IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); + + + // validate state + Assert.assertNotNull("AuthData null", authData); + assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate()); + + //check mandate informations + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1957-09-15"); + checkGenericAttribute(authData, MsProxyServiceConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, bpkMandate); + + } + + @Test + public void eidasProxyModeWithNatMandateWrongBpkFormat() throws EaafAuthenticationException, EaafStorageException { + // initialize state + injectRepresentativeInfosIntoSession(); + + String givenNameMandate = RandomStringUtils.randomAlphabetic(10); + String familyNameMandate = RandomStringUtils.randomAlphabetic(10); + String dateOfBirthMandate = "1957-09-15"; + String bpkMandate = RandomStringUtils.randomAlphanumeric(10); + + // set nat. person mandate information + pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate); + + // execute test + IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); + + + // validate state + Assert.assertNotNull("AuthData null", authData); + assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate()); + //check mandate informations + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1957-09-15"); + checkGenericAttribute(authData, MsProxyServiceConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, bpkMandate); + + } + + @Test + public void eidasProxyModeWithNatMandateMissingAttribute() throws EaafAuthenticationException, EaafStorageException { + // initialize state + injectRepresentativeInfosIntoSession(); + + String familyNameMandate = RandomStringUtils.randomAlphabetic(10); + String dateOfBirthMandate = "1957-09-15"; + String bpkMandate = RandomStringUtils.randomAlphanumeric(10); + + // set nat. person mandate information + pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate); + // execute test + EaafAuthenticationException error = assertThrows(EaafAuthenticationException.class, + () -> authenticationDataBuilder.buildAuthenticationData(pendingReq)); + Assert.assertEquals("wrong errorId", "builder.11", error.getErrorId()); + } @Test @@ -203,7 +367,7 @@ public class AuthenticationDataBuilderTest { Assert.assertEquals("testIdentity flag", isTestIdentity ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY, ((EidAuthenticationData)authData).getEidStatus()); - + String authBlock = authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class); String eidasBind = authData.getGenericData(Constants.EIDAS_BIND, String.class); @@ -276,6 +440,44 @@ public class AuthenticationDataBuilderTest { } + private void injectRepresentativeInfosIntoSession() throws EaafStorageException { + boolean isTestIdentity = RandomUtils.nextBoolean(); + pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); + + String givenName = RandomStringUtils.randomAlphabetic(10); + String familyName = RandomStringUtils.randomAlphabetic(10); + String dateOfBirth = "1956-12-08"; + String bpk = RandomStringUtils.randomAlphanumeric(10); + String cc = pendingReq.getSessionData(AuthProcessDataWrapper.class) + .getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class); + String spC = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + cc + "+" + spC); + + pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setForeigner(false); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.GIVEN_NAME_NAME, givenName); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, familyName); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.BIRTHDATE_NAME, dateOfBirth); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, bpk); + + //set LoA level attribute instead of explicit session-data + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, + pendingReq.getSessionData(AuthProcessDataWrapper.class).getQaaLevel()); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setQaaLevel(null); + + } + + private void checkGenericAttribute(IAuthData authData, String attrName, String expected) { + assertEquals("Wrong: " + attrName, expected, authData.getGenericData(attrName, String.class)); + + } + private IIdentityLink buildDummyIdl() { return new IIdentityLink() { diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java index 362d0244..0f72203b 100644 --- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java @@ -37,6 +37,8 @@ import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.idp.conf.SpConfigurationImpl; +import lombok.Getter; +import lombok.Setter; public class ServiceProviderConfiguration extends SpConfigurationImpl { private static final long serialVersionUID = 1L; @@ -46,6 +48,10 @@ public class ServiceProviderConfiguration extends SpConfigurationImpl { private String bpkTargetIdentifier; private String loaMachtingMode = EaafConstants.EIDAS_LOA_MATCHING_MINIMUM; + @Setter + @Getter + private List mandateProfiles; + public ServiceProviderConfiguration(Map spConfig, IConfiguration authConfig) { super(spConfig, authConfig); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index e2200ed1..f0d57229 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -156,6 +156,12 @@ public class Constants { public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier"; public static final String eIDAS_ATTR_LEGALNAME = "LegalName"; + public static final String eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER = "RepresentativePersonIdentifier"; + public static final String eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH = "RepresentativeDateOfBirth"; + public static final String eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME = "RepresentativeFirstName"; + public static final String eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME = "RepresentativeFamilyName"; + + public static final String eIDAS_REQ_PARAM_SECTOR_PUBLIC = "public"; public static final String eIDAS_REQ_PARAM_SECTOR_PRIVATE = "private"; diff --git a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/IdAustriaAuthConstants.java b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/IdAustriaAuthConstants.java index 18eaee4b..982bfb4f 100644 --- a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/IdAustriaAuthConstants.java +++ b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/IdAustriaAuthConstants.java @@ -3,6 +3,8 @@ package at.asitplus.eidas.specific.modules.auth.idaustria; import java.util.ArrayList; import java.util.Collections; import java.util.List; +import java.util.Set; +import java.util.stream.Collectors; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.impl.data.Triple; @@ -69,6 +71,36 @@ public class IdAustriaAuthConstants { public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + "required.additional.attributes"; + public static final List> DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES = + Collections.unmodifiableList(new ArrayList>() { + private static final long serialVersionUID = 1L; + { + add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, + PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, + PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, + PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false)); + + } + }); + + public static final List> DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES = + Collections.unmodifiableList(new ArrayList>() { + private static final long serialVersionUID = 1L; + { + add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, + PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false)); + + } + }); + public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES = Collections.unmodifiableList(new ArrayList>() { private static final long serialVersionUID = 1L; @@ -93,19 +125,21 @@ public class IdAustriaAuthConstants { add(Triple.newInstance(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false)); + // mandate attributes + add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_TYPE_NAME, + PvpAttributeDefinitions.MANDATE_TYPE_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_TYPE_OID_NAME, + PvpAttributeDefinitions.MANDATE_TYPE_OID_FRIENDLY_NAME, false)); + addAll(DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES); + addAll(DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES); + } }); - public static final List DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES = - Collections.unmodifiableList(new ArrayList() { - private static final long serialVersionUID = 1L; - { - for (final Triple el : DEFAULT_REQUIRED_PVP_ATTRIBUTES) { - if (el.getThird()) { - add(el.getFirst()); - - } - } - } - }); + public static final Set DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES = + DEFAULT_REQUIRED_PVP_ATTRIBUTES.stream() + .filter(el -> el.getThird()) + .map(el -> el.getFirst()) + .collect(Collectors.toSet()); + } diff --git a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java index 5dc04800..2141fee8 100644 --- a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java +++ b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java @@ -1,7 +1,6 @@ package at.asitplus.eidas.specific.modules.auth.idaustria.tasks; import java.io.IOException; -import java.util.List; import java.util.Set; import javax.naming.ConfigurationException; @@ -211,7 +210,7 @@ public class ReceiveFromIdAustriaSystemTask extends AbstractAuthServletTask { private void getAuthDataFromInterfederation(AssertionAttributeExtractor extractor) throws EaafBuilderException, ConfigurationException { - final List requiredEidasNodeAttributes = + final Set requiredEidasNodeAttributes = IdAustriaAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES; try { // check if all attributes are include @@ -238,7 +237,7 @@ public class ReceiveFromIdAustriaSystemTask extends AbstractAuthServletTask { extractor.getSingleAttributeValue(attrName)); } - + // set foreigner flag session.setForeigner(false); @@ -248,7 +247,9 @@ public class ReceiveFromIdAustriaSystemTask extends AbstractAuthServletTask { // set IssuerInstant from Assertion session.setIssueInstant(extractor.getAssertionIssuingDate()); - // TODO: add mandates if SEMPER are integrated + // set mandate flag + session.setUseMandates(checkIfMandateInformationIsAvailable(extractor)); + } catch (final EaafException | IOException e) { throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e); @@ -256,6 +257,20 @@ public class ReceiveFromIdAustriaSystemTask extends AbstractAuthServletTask { } } + + /** + * Check if mandate information is available. + * + * @param extractor Assertion from ID Austria system. + * @return true if mandate was used, otherwise false + */ + private boolean checkIfMandateInformationIsAvailable(AssertionAttributeExtractor extractor) { + boolean isMandateIncluded = extractor.containsAttribute(PvpAttributeDefinitions.MANDATE_TYPE_NAME); + log.debug("Response from ID-Austria system contains mandate information. Switch to mandate-mode ... "); + return isMandateIncluded; + + } + private void validateResponseAttributes(AssertionAttributeExtractor extractor) throws EaafAuthenticationException { final String bpkTarget = extractor.getSingleAttributeValue( @@ -295,14 +310,14 @@ public class ReceiveFromIdAustriaSystemTask extends AbstractAuthServletTask { log.trace("Find bPK attribute. Extract eIDAS identifier ... "); session.setGenericDataToSession(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, extractBpkFromResponse(attrValue)); - - } else { + + } else { session.setGenericDataToSession(attrName, attrValue); } } - + private String extractBpkFromResponse(String pvpBpkAttrValue) { final String[] split = pvpBpkAttrValue.split(":", 2); if (split.length == 2) { diff --git a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java index fc46ac8b..8151b429 100644 --- a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java +++ b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java @@ -14,6 +14,7 @@ import org.opensaml.saml.saml2.core.Attribute; import org.opensaml.saml.saml2.metadata.EntityDescriptor; import org.springframework.beans.factory.annotation.Autowired; +import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration; import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants; import at.asitplus.eidas.specific.modules.auth.idaustria.config.IdAustriaAuthRequestBuilderConfiguration; import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider; @@ -147,63 +148,52 @@ public class RequestIdAustriaSystemTask extends AbstractAuthServletTask { final List attributs = new ArrayList<>(); //build attribute that contains the unique identifier of the eIDAS-Connector - final Attribute attrEidasConnectorId = PvpAttributeBuilder.buildEmptyAttribute( - ExtendedPvpAttributeDefinitions.EIDAS_CONNECTOR_UNIQUEID_NAME); - final EaafRequestedAttribute attrEidasConnectorIdReqAttr = Saml2Utils.generateReqAuthnAttributeSimple( - attrEidasConnectorId, - true, + injectAttribute(attributs, ExtendedPvpAttributeDefinitions.EIDAS_CONNECTOR_UNIQUEID_NAME, pendingReq.getServiceProviderConfiguration().getUniqueIdentifier()); - attributs.add(attrEidasConnectorIdReqAttr); - - + // build EID sector for identification attribute - final Attribute attr = PvpAttributeBuilder.buildEmptyAttribute( - PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME); - final EaafRequestedAttribute bpkTargetReqAttr = Saml2Utils.generateReqAuthnAttributeSimple( - attr, - true, + injectAttribute(attributs, PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); - attributs.add(bpkTargetReqAttr); - // set requested LoA as attribute - final Attribute loaAttr = PvpAttributeBuilder.buildEmptyAttribute( - PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME); - final EaafRequestedAttribute loaReqAttr = Saml2Utils.generateReqAuthnAttributeSimple( - loaAttr, - true, + injectAttribute(attributs, PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, selectHighestLoa(pendingReq.getServiceProviderConfiguration().getRequiredLoA())); - attributs.add(loaReqAttr); - - + //set ProviderName if available String providerName = ((ProxyServicePendingRequest)pendingReq).getEidasRequest().getProviderName(); if (StringUtils.isNotEmpty(providerName)) { - final Attribute providerNameAttr = PvpAttributeBuilder.buildEmptyAttribute( - ExtendedPvpAttributeDefinitions.SP_FRIENDLYNAME_NAME); - final EaafRequestedAttribute providerNameReqAttr = Saml2Utils.generateReqAuthnAttributeSimple( - providerNameAttr, - true, - providerName); - attributs.add(providerNameReqAttr); + injectAttribute(attributs, ExtendedPvpAttributeDefinitions.SP_FRIENDLYNAME_NAME, providerName); } - - + //set ProviderName if available String requesterId = ((ProxyServicePendingRequest)pendingReq).getEidasRequest().getRequesterId(); if (StringUtils.isNotEmpty(requesterId)) { - final Attribute requesterIdAttr = PvpAttributeBuilder.buildEmptyAttribute( - ExtendedPvpAttributeDefinitions.SP_UNIQUEID_NAME); - final EaafRequestedAttribute requesterIdReqAttr = Saml2Utils.generateReqAuthnAttributeSimple( - requesterIdAttr, - true, - requesterId); - attributs.add(requesterIdReqAttr); + injectAttribute(attributs, ExtendedPvpAttributeDefinitions.SP_UNIQUEID_NAME, requesterId); } + //set mandate profiles + List mandateProfiles = + pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).getMandateProfiles(); + if (mandateProfiles != null && !mandateProfiles.isEmpty()) { + log.debug("Set mandate-profiles attribute into ID-Austria request"); + injectAttribute(attributs, ExtendedPvpAttributeDefinitions.SP_USED_MANDATE_PROFILES_NAME, + StringUtils.join(mandateProfiles, ",")); + + } + return attributs; } + private void injectAttribute(List attributs, String attributeName, String attributeValue) { + final Attribute requesterIdAttr = PvpAttributeBuilder.buildEmptyAttribute(attributeName); + final EaafRequestedAttribute requesterIdReqAttr = Saml2Utils.generateReqAuthnAttributeSimple( + requesterIdAttr, + true, + attributeValue); + attributs.add(requesterIdReqAttr); + + } + } diff --git a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthMetadataControllerFirstTest.java b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthMetadataControllerFirstTest.java index ef0c4da0..d2a2556b 100644 --- a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthMetadataControllerFirstTest.java +++ b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthMetadataControllerFirstTest.java @@ -94,7 +94,7 @@ public class IdAustriaAuthMetadataControllerFirstTest { controller.getSpMetadata(httpReq, httpResp); //check result - validateResponse(7); + validateResponse(16); } @@ -117,7 +117,7 @@ public class IdAustriaAuthMetadataControllerFirstTest { controller.getSpMetadata(httpReq, httpResp); //check result - validateResponse(8); + validateResponse(17); } diff --git a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java index a0446ad9..b3a5130f 100644 --- a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java +++ b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java @@ -1,6 +1,9 @@ package at.asitplus.eidas.specific.modules.auth.idaustria.test.task; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNull; import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; import java.io.IOException; import java.util.Arrays; @@ -536,6 +539,8 @@ public class ReceiveAuthnResponseTaskTest { Assert.assertNotNull("pendingReq not stored", storedReq); final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); Assert.assertFalse("foreigner flag", session.isForeigner()); + assertTrue("eidProcess flag", session.isEidProcess()); + assertFalse("useMandate flag", session.isMandateUsed()); checkAttributeInSession(session,PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max"); checkAttributeInSession(session,PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann"); @@ -662,6 +667,103 @@ public class ReceiveAuthnResponseTaskTest { } + @Test + public void httpPostValidSignedAssertionEidValidWithJurMandate() throws IOException, XMLParserException, UnmarshallingException, + MarshallingException, TransformerException, TaskExecutionException, EaafException { + + oaParam.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_EIDAS + "AT+XX"); + + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + + final Response response = initializeResponse( + "classpath:/data/idp_metadata_classpath_entity.xml", + "/data/Response_with_EID_with_mandate_jur.xml", + credentialProvider.getMessageSigningCredential(), + true); + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); + + // perform task + task.execute(pendingReq, executionContext); + + // validate state + IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + Assert.assertNotNull("pendingReq not stored", storedReq); + final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); + Assert.assertFalse("foreigner flag", session.isForeigner()); + assertTrue("eidProcess flag", session.isEidProcess()); + assertTrue("useMandate flag", session.isMandateUsed()); + + checkAttributeInSession(session, PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max"); + checkAttributeInSession(session, PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann"); + checkAttributeInSession(session, PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01"); + checkAttributeInSession(session, PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, "http://eidas.europa.eu/LoA/high"); + checkAttributeInSession(session, PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT"); + + checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_TYPE_NAME, "Generalvollmacht"); + checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, "Testfirma"); + checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, "999999m"); + checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, "urn:publicid:gv.at:baseid+XERSB"); + + //pre-generated eIDAS identifer + checkAttributeInSession(session, MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcM4UcyhDTNGYmVdrIoY="); + assertNull("find nat. person bpk for mandator", session.getGenericDataFromSession( + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, String.class)); + + + } + + @Test + public void httpPostValidSignedAssertionEidValidWithNatMandate() throws IOException, XMLParserException, UnmarshallingException, + MarshallingException, TransformerException, TaskExecutionException, EaafException { + + oaParam.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_EIDAS + "AT+XX"); + + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + + final Response response = initializeResponse( + "classpath:/data/idp_metadata_classpath_entity.xml", + "/data/Response_with_EID_with_mandate_nat.xml", + credentialProvider.getMessageSigningCredential(), + true); + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); + + // perform task + task.execute(pendingReq, executionContext); + + // validate state + IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + Assert.assertNotNull("pendingReq not stored", storedReq); + final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); + Assert.assertFalse("foreigner flag", session.isForeigner()); + assertTrue("eidProcess flag", session.isEidProcess()); + assertTrue("useMandate flag", session.isMandateUsed()); + + checkAttributeInSession(session, PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max"); + checkAttributeInSession(session, PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann"); + checkAttributeInSession(session, PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01"); + checkAttributeInSession(session, PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, "http://eidas.europa.eu/LoA/high"); + checkAttributeInSession(session, PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT"); + + checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_TYPE_NAME, "GeneralvollmachtBilateral"); + checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, "Gerti"); + checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, "Musterfrau"); + checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "01-02-1941"); + checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, "AT+XX:AFSDAFSDFDSFCSDAFASDF="); + + + //pre-generated eIDAS identifer + checkAttributeInSession(session, MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + "QVGm48cqcM4UcyhDTNGYmVdrIoY="); + + + } + private void checkAttributeInSession(AuthProcessDataWrapper session, String attrName, String expected) { String value = session.getGenericDataFromSession(attrName, String.class); Assert.assertEquals("wrong attr. value", expected, value); diff --git a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java index e5493332..6dc8d415 100644 --- a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java +++ b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java @@ -1,12 +1,14 @@ package at.asitplus.eidas.specific.modules.auth.idaustria.test.task; import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; import java.io.ByteArrayInputStream; import java.io.InputStream; import java.util.Arrays; import java.util.Base64; import java.util.HashMap; +import java.util.List; import java.util.Map; import java.util.UUID; @@ -45,6 +47,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory; import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; @@ -290,6 +293,48 @@ public class RequestIdAustriaSystemTaskTest { } + @Test + public void successWithMandates() throws Pvp2InternalErrorException, SecurityException, Exception { + metadataProvider.addMetadataResolverIntoChain( + metadataFactory.createMetadataProvider(METADATA_PATH, null, "jUnitTest", null)); + + LightRequest.Builder eidasRequestBuilder = LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .spType("public") + .requesterId(RandomStringUtils.randomAlphanumeric(10)) + .providerName(RandomStringUtils.randomAlphanumeric(10)); + LightRequest eidasReq = eidasRequestBuilder.build(); + pendingReq.setEidasRequest(eidasReq); + + List mandateProfiles = Arrays.asList( + RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + oaParam.setMandateProfiles(mandateProfiles); + + //execute test + task.execute(pendingReq, executionContext); + + //validate state + final EaafRequestedAttributes reqAttr = validate(); + Assert.assertEquals("#Req Attribute", 6, reqAttr.getAttributes().size()); + + Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderMandateProfiles", + reqAttr.getAttributes().get(5).getName()); + Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(1).getAttributeValues()); + Assert.assertEquals("#Req. Attr value", 1, + reqAttr.getAttributes().get(5).getAttributeValues().size()); + org.springframework.util.Assert.isInstanceOf(XSString.class, + reqAttr.getAttributes().get(5).getAttributeValues().get(0), "Wrong requested Attributes Value type"); + + List reqProfiles = KeyValueUtils.getListOfCsvValues( + ((XSString)reqAttr.getAttributes().get(5).getAttributeValues().get(0)).getValue()); + reqProfiles.stream().forEach(el -> assertTrue("missing profile: " + el, mandateProfiles.contains(el))); + + } + private EaafRequestedAttributes validate() throws Pvp2InternalErrorException, SecurityException, Exception { Assert.assertEquals("HTTP Statuscode", 200, httpResp.getStatus()); Assert.assertEquals("ContentType", "text/html;charset=UTF-8", httpResp.getContentType()); diff --git a/eidas_modules/authmodule_id-austria/src/test/resources/data/Response_with_EID_with_mandate_jur.xml b/eidas_modules/authmodule_id-austria/src/test/resources/data/Response_with_EID_with_mandate_jur.xml new file mode 100644 index 00000000..da97bbf4 --- /dev/null +++ b/eidas_modules/authmodule_id-austria/src/test/resources/data/Response_with_EID_with_mandate_jur.xml @@ -0,0 +1,63 @@ + + + classpath:/data/idp_metadata_classpath_entity.xml + + + + + https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata + + QVGm48cqcM4UcyhDTNGYmVdrIoY= + + + + + + + https://localhost/authhandler/sp/idaustria/eidas/metadata + + + + + http://eidas.europa.eu/LoA/high + + + + + 2.1 + + + http://eidas.europa.eu/LoA/high + + + AT + + + Mustermann + + + Max + + + 1940-01-01 + + + AT+XX:QVGm48cqcM4UcyhDTNGYmVdrIoY= + + + + Generalvollmacht + + + 999999m + + + urn:publicid:gv.at:baseid+XERSB + + + Testfirma + + + + + diff --git a/eidas_modules/authmodule_id-austria/src/test/resources/data/Response_with_EID_with_mandate_nat.xml b/eidas_modules/authmodule_id-austria/src/test/resources/data/Response_with_EID_with_mandate_nat.xml new file mode 100644 index 00000000..8a84503d --- /dev/null +++ b/eidas_modules/authmodule_id-austria/src/test/resources/data/Response_with_EID_with_mandate_nat.xml @@ -0,0 +1,66 @@ + + + classpath:/data/idp_metadata_classpath_entity.xml + + + + + https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata + + QVGm48cqcM4UcyhDTNGYmVdrIoY= + + + + + + + https://localhost/authhandler/sp/idaustria/eidas/metadata + + + + + http://eidas.europa.eu/LoA/high + + + + + 2.1 + + + http://eidas.europa.eu/LoA/high + + + AT + + + Mustermann + + + Max + + + 1940-01-01 + + + AT+XX:QVGm48cqcM4UcyhDTNGYmVdrIoY= + + + + GeneralvollmachtBilateral + + + AT+XX:AFSDAFSDFDSFCSDAFASDF= + + + Gerti + + + Musterfrau + + + 01-02-1941 + + + + + diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java index e5d4d33e..336e6c05 100644 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java +++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java @@ -18,12 +18,26 @@ public class MsProxyServiceConstants { public static final String ATTR_EIDAS_PERSONAL_IDENTIFIER = AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + PvpAttributeDefinitions.BPK_NAME; + public static final String ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER = + AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME; + public static final String ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER = + AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME; + //configuration constants public static final String CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID = Constants.CONIG_PROPS_EIDAS_NODE + ".proxy.entityId"; public static final String CONIG_PROPS_EIDAS_PROXY_NODE_FORWARD_URL = Constants.CONIG_PROPS_EIDAS_NODE + ".proxy.forward.endpoint"; - + + // mandate configuration + public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED = Constants.CONIG_PROPS_EIDAS_PREFIX + + ".proxy.mandates.enabled"; + public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT = Constants.CONIG_PROPS_EIDAS_PREFIX + + ".proxy.mandates.profiles.default"; + public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_SPECIFIC = Constants.CONIG_PROPS_EIDAS_PREFIX + + ".proxy.mandates.profiles.specific."; + //http end-points public static final String EIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/light/idp/post"; diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java index aafe57e7..8e417c36 100644 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java +++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java @@ -2,7 +2,9 @@ package at.asitplus.eidas.specific.modules.msproxyservice.protocol; import java.io.IOException; import java.text.MessageFormat; +import java.util.Collections; import java.util.HashMap; +import java.util.List; import java.util.Map; import java.util.stream.Collectors; @@ -30,6 +32,7 @@ import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import eu.eidas.auth.commons.EidasParameterKeys; import eu.eidas.auth.commons.light.ILightRequest; import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; @@ -221,7 +224,10 @@ public class EidasProxyServiceController extends AbstractController implements I EaafConstants.URN_PREFIX_EIDAS + ccCountry + "+" + spCountry); spConfig.setRequiredLoA( eidasRequest.getLevelsOfAssurance().stream().map(el -> el.getValue()).collect(Collectors.toList())); - + + spConfig.setMandateProfiles(buildMandateProfileConfiguration(eidasRequest)); + + return spConfig; } catch (EaafException e) { @@ -230,4 +236,28 @@ public class EidasProxyServiceController extends AbstractController implements I } } + private List buildMandateProfileConfiguration(ILightRequest eidasRequest) { + if (authConfig.getBasicConfigurationBoolean( + MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, false)) { + log.trace("eIDAS Proxy-Service allows mandates. Selecting profiles ... "); + List spMandateProfiles = authConfig.getBasicConfigurationWithPrefix( + MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_SPECIFIC) + .entrySet().stream() + .filter(el -> el.getKey().endsWith(eidasRequest.getSpCountryCode().toLowerCase())) + .findFirst() + .map(el -> KeyValueUtils.getListOfCsvValues(el.getValue())) + .orElse(KeyValueUtils.getListOfCsvValues( + authConfig.getBasicConfiguration( + MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT))); + + log.debug("Set mandate-profiles: {} to request from country: {}", + spMandateProfiles, eidasRequest.getSpCountryCode()); + return spMandateProfiles; + + } + + return Collections.emptyList(); + + } + } diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java index c51db460..9de2eb79 100644 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java +++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java @@ -21,10 +21,12 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRe import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; import at.gv.egiz.eaaf.core.api.idp.IAction; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EaafException; @@ -143,6 +145,80 @@ public class ProxyServiceAuthenticationAction implements IAction { private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData) { + IEidAuthData eidAuthData = (IEidAuthData) authData; + if (eidAuthData.isUseMandate()) { + log.debug("Building eIDAS Proxy-Service response with mandate ... "); + final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder(); + injectRepesentativeInformation(attributeMap, eidAuthData); + injectMandatorInformation(attributeMap, eidAuthData); + return attributeMap.build(); + + } else { + log.debug("Building eIDAS Proxy-Service response without mandates ... "); + return buildAttributesWithoutMandate(eidAuthData); + + } + } + + private void injectMandatorInformation( + ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) { + String natMandatorId = eidAuthData.getGenericData( + MsProxyServiceConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, String.class); + + if (StringUtils.isNotEmpty(natMandatorId)) { + log.debug("Injecting natural mandator informations ... "); + final AttributeDefinition attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); + final AttributeDefinition attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_CURRENTFAMILYNAME).first(); + final AttributeDefinition attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_CURRENTGIVENNAME).first(); + final AttributeDefinition attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_DATEOFBIRTH).first(); + + attributeMap.put(attrDefPersonalId, natMandatorId); + attributeMap.put(attrDefFamilyName, eidAuthData.getGenericData( + PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class)); + attributeMap.put(attrDefGivenName, eidAuthData.getGenericData( + PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class)); + attributeMap.put(attrDefDateOfBirth, eidAuthData.getGenericData( + PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, String.class)); + + } else { + log.debug("Injecting legal mandator informations ... "); + final AttributeDefinition commonName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_LEGALNAME).first(); + final AttributeDefinition legalPersonId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first(); + + attributeMap.put(commonName, eidAuthData.getGenericData( + PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, String.class)); + attributeMap.put(legalPersonId, eidAuthData.getGenericData( + MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class)); + + } + } + + private void injectRepesentativeInformation( + ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) { + final AttributeDefinition attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER).first(); + final AttributeDefinition attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME).first(); + final AttributeDefinition attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME).first(); + final AttributeDefinition attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH).first(); + + attributeMap.put(attrDefPersonalId, + eidAuthData.getGenericData(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class)); + attributeMap.put(attrDefFamilyName, eidAuthData.getFamilyName()); + attributeMap.put(attrDefGivenName, eidAuthData.getGivenName()); + attributeMap.put(attrDefDateOfBirth, eidAuthData.getFormatedDateOfBirth()); + + } + + private ImmutableAttributeMap buildAttributesWithoutMandate(IEidAuthData eidAuthData) { final AttributeDefinition attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); final AttributeDefinition attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( @@ -153,16 +229,17 @@ public class ProxyServiceAuthenticationAction implements IAction { Constants.eIDAS_ATTR_DATEOFBIRTH).first(); final ImmutableAttributeMap.Builder attributeMap = - ImmutableAttributeMap.builder().put(attrDefPersonalId, - authData.getGenericData(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class)) - .put(attrDefFamilyName, authData.getFamilyName()) - .put(attrDefGivenName, authData.getGivenName()) - .put(attrDefDateOfBirth, authData.getFormatedDateOfBirth()); + ImmutableAttributeMap.builder() + .put(attrDefPersonalId, + eidAuthData.getGenericData(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class)) + .put(attrDefFamilyName, eidAuthData.getFamilyName()) + .put(attrDefGivenName, eidAuthData.getGivenName()) + .put(attrDefDateOfBirth, eidAuthData.getFormatedDateOfBirth()); return attributeMap.build(); } - + private BinaryLightToken putResponseInCommunicationCache(ILightResponse lightResponse) throws ServletException { final BinaryLightToken binaryLightToken; diff --git a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java index 9ce7115a..1a19b723 100644 --- a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java +++ b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java @@ -1,13 +1,20 @@ package at.asitplus.eidas.specific.modules.auth.idaustria.test.protocol; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; import java.io.IOException; import java.net.URISyntaxException; import java.text.MessageFormat; +import java.util.Arrays; +import java.util.List; import java.util.UUID; import org.apache.commons.lang3.RandomStringUtils; +import org.apache.commons.lang3.StringUtils; import org.junit.Assert; import org.junit.Before; import org.junit.Test; @@ -23,6 +30,7 @@ import org.springframework.web.context.request.ServletRequestAttributes; import org.springframework.web.servlet.config.annotation.EnableWebMvc; import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration; +import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService; import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; @@ -51,6 +59,8 @@ public class EidasProxyServiceControllerTest { @Autowired private DummySpecificCommunicationService proxyService; @Autowired private DummyProtocolAuthService authService; + @Autowired MsConnectorDummyConfigMap config; + private MockHttpServletRequest httpReq; private MockHttpServletResponse httpResp; @@ -167,6 +177,91 @@ public class EidasProxyServiceControllerTest { EaafConstants.URN_PREFIX_EIDAS + "AT+" + spCountryCode, spConfig.getAreaSpecificTargetIdentifier()); + assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); + assertTrue("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); + } + @Test + public void validAuthnRequestWithMandatesDefaultProfiles() throws IOException, EaafException { + //initialize state + httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); + String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + LightRequest.Builder authnReqBuilder = LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .spCountryCode(spCountryCode) + .spType("public"); + + proxyService.setiLightRequest(authnReqBuilder.build()); + + List mandateProfiles = + Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT, + StringUtils.join(mandateProfiles, ",")); + + //execute + controller.receiveEidasAuthnRequest(httpReq, httpResp); + + //validate state + ServiceProviderConfiguration spConfig = + authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); + assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); + assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); + assertEquals("mandateprofile size", mandateProfiles.size(), spConfig.getMandateProfiles().size()); + spConfig.getMandateProfiles().stream() + .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfiles.contains(el))); + + } + + @Test + public void validAuthnRequestWithMandatesCountryProfiles() throws IOException, EaafException { + //initialize state + httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); + String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + LightRequest.Builder authnReqBuilder = LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .spCountryCode(spCountryCode) + .spType("public"); + + proxyService.setiLightRequest(authnReqBuilder.build()); + + List mandateProfiles = + Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + List mandateProfilesCc1 = + Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + List mandateProfilesCc2 = + Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT, + StringUtils.join(mandateProfiles, ",")); + + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_SPECIFIC + + RandomStringUtils.randomAlphabetic(2).toLowerCase(), + StringUtils.join(mandateProfilesCc1, ",")); + config.putConfigValue( + MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_SPECIFIC + spCountryCode.toLowerCase(), + StringUtils.join(mandateProfilesCc2, ",")); + + + //execute + controller.receiveEidasAuthnRequest(httpReq, httpResp); + + //validate state + ServiceProviderConfiguration spConfig = + authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); + assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); + assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); + assertEquals("mandateprofile size", mandateProfiles.size(), spConfig.getMandateProfiles().size()); + spConfig.getMandateProfiles().stream() + .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfilesCc2.contains(el))); + + } + } diff --git a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java index 96429d71..3236bbf0 100644 --- a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java +++ b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java @@ -1,9 +1,14 @@ package at.asitplus.eidas.specific.modules.auth.idaustria.test.protocol; import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; import java.net.URISyntaxException; +import java.net.URLDecoder; import java.util.Arrays; import java.util.Collections; import java.util.Date; @@ -12,10 +17,12 @@ import java.util.Map; import java.util.UUID; import org.apache.commons.lang3.RandomStringUtils; +import org.joda.time.DateTime; import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; +import org.opensaml.saml.saml2.core.NameIDType; import org.powermock.core.classloader.annotations.PrepareForTest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; @@ -26,20 +33,33 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; +import com.google.common.collect.ImmutableSortedSet; + import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummySpConfiguration; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServiceAuthenticationAction; import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePendingRequest; import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues; import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.light.ILightResponse; import eu.eidas.auth.commons.light.impl.LightRequest; +import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; +import eu.eidas.specificcommunication.exception.SpecificCommunicationException; +import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; @RunWith(SpringJUnit4ClassRunner.class) @PrepareForTest(CreateIdentityLinkTask.class) @@ -52,11 +72,13 @@ public class ProxyServiceAuthenticationActionTest { @Autowired private MsConnectorDummyConfigMap basicConfig; @Autowired private ProxyServiceAuthenticationAction action; @Autowired private ApplicationContext context; + @Autowired EidasAttributeRegistry attrRegistry; private MockHttpServletRequest httpReq; private MockHttpServletResponse httpResp; private ProxyServicePendingRequest pendingReq; private MsConnectorDummySpConfiguration oaParam; + private SpecificCommunicationService springManagedSpecificConnectorCommunicationService; /** @@ -95,6 +117,12 @@ public class ProxyServiceAuthenticationActionTest { .providerName(RandomStringUtils.randomAlphanumeric(10)); pendingReq.setEidasRequest(eidasRequestBuilder.build()); + + springManagedSpecificConnectorCommunicationService = + (SpecificCommunicationService) context.getBean( + SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE + .toString()); + } @Test @@ -114,7 +142,7 @@ public class ProxyServiceAuthenticationActionTest { attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18"); + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false); basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint"); EaafException exception = assertThrows(EaafException.class, @@ -124,12 +152,86 @@ public class ProxyServiceAuthenticationActionTest { } @Test - public void dummyResponseActionTest() throws EaafException { + public void responseWithoutMandate() throws EaafException, SpecificCommunicationException { + Map attr = new HashMap<>(); + attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false); + + //perform test + SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); + + //validate state + Assert.assertNotNull("Result should be not null", result); + + ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); + assertEquals("wrong attr. size", 4, respAttr.size()); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName()); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName()); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH, + authData.getFormatedDateOfBirth()); + + } + + @Test + public void responseWithNatMandate() throws EaafException, SpecificCommunicationException { + Map attr = new HashMap<>(); + attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); + + attr.put(MsProxyServiceConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, + "1985-11-15"); + + + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + + //perform test + SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); + + //validate state + Assert.assertNotNull("Result should be not null", result); + + ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); + assertEquals("wrong attr. size", 8, respAttr.size()); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, + (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName()); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName()); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getFormatedDateOfBirth()); + + checkAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER)); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME, + (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME)); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME, + (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME)); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH, + (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME)); + + } + + @Test + public void responseWithJurMandate() throws EaafException, SpecificCommunicationException { Map attr = new HashMap<>(); attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18"); + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + + attr.put(MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, + RandomStringUtils.randomAlphabetic(10)); //perform test SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); @@ -137,6 +239,20 @@ public class ProxyServiceAuthenticationActionTest { //validate state Assert.assertNotNull("Result should be not null", result); + ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); + assertEquals("wrong attr. size", 6, respAttr.size()); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, + (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName()); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName()); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getFormatedDateOfBirth()); + + checkAttrValue(respAttr, Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER, + (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER)); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_LEGALNAME, + (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)); + + } @Test @@ -151,12 +267,50 @@ public class ProxyServiceAuthenticationActionTest { private IAuthData generateDummyAuthData() { return generateDummyAuthData(Collections.emptyMap(), EaafConstants.EIDAS_LOA_LOW, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1940-01-01"); + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1940-01-01", false); } - private IAuthData generateDummyAuthData(Map attrs, String loa, String familyName, String givenName, String dateOfBirth) { - return new IAuthData() { + private void checkAttrValue(ImmutableAttributeMap respAttr, String attrName, String expected) { + final AttributeDefinition attrDef = + attrRegistry.getCoreAttributeRegistry().getByFriendlyName(attrName).first(); + Object value = respAttr.getFirstValue(attrDef); + assertNotNull("not attr value: " + attrName, value); + + if (value instanceof String) { + assertEquals("wrong attr. value: " + attrName, expected, value); + + } else if ( value instanceof DateTime) { + assertEquals("wrong attr. value: " + attrName, expected, ((DateTime)value).toString("yyyy-MM-dd")); + + } + + } + + private ImmutableAttributeMap validateBasicEidasResponse(IAuthData authData) throws SpecificCommunicationException { + assertNotNull("not redirct Header", httpResp.getHeader("Location")); + assertTrue("wrong redirect URL", httpResp.getHeader("Location").startsWith("http://eidas.proxy/endpoint?token=")); + String token = httpResp.getHeader("Location").substring("http://eidas.proxy/endpoint?token=".length()); + + ILightResponse resp = springManagedSpecificConnectorCommunicationService.getAndRemoveResponse(URLDecoder.decode(token), + ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes())); + + assertNotNull("responseId", resp.getId()); + assertEquals("inResponseTo", pendingReq.getEidasRequest().getId(), resp.getInResponseToId()); + assertEquals("relayState", pendingReq.getEidasRequest().getRelayState(), resp.getRelayState()); + assertEquals("LoA", authData.getEidasQaaLevel(), resp.getLevelOfAssurance()); + + assertNotNull("subjectNameId", resp.getSubject()); + assertEquals("subjectNameIdFormat", NameIDType.TRANSIENT, resp.getSubjectNameIdFormat()); + + assertFalse("not attributes", resp.getAttributes().isEmpty()); + return resp.getAttributes(); + + } + + private IAuthData generateDummyAuthData(Map attrs, String loa, String familyName, String givenName, String dateOfBirth, + boolean useMandates) { + return new IEidAuthData() { @Override public boolean isSsoSession() { @@ -303,6 +457,36 @@ public class ProxyServiceAuthenticationActionTest { // TODO Auto-generated method stub return null; } + + @Override + public byte[] getSignerCertificate() { + // TODO Auto-generated method stub + return null; + } + + @Override + public byte[] getEidToken() { + // TODO Auto-generated method stub + return null; + } + + @Override + public EidIdentityStatusLevelValues getEidStatus() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getVdaEndPointUrl() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isUseMandate() { + return useMandates; + + } }; } -- cgit v1.2.3 From 47c011420675af6e53f8d9019b28558076ff21ef Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 29 Apr 2021 15:15:44 +0200 Subject: change eIDAS LegalPersonId from bPK layout to sourcePinType + sourcePin --- .../builder/AuthenticationDataBuilder.java | 25 ++++++++++++---------- .../test/utils/AuthenticationDataBuilderTest.java | 4 ++-- 2 files changed, 16 insertions(+), 13 deletions(-) (limited to 'connector/src/main') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java index 629d015e..05704de9 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java @@ -46,7 +46,6 @@ import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; -import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.data.Triple; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; @@ -223,17 +222,21 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder final String sourcePinType = authProcessData.getGenericDataFromSession( PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class); - // TODO: check if we should to this in such a way! - final Pair leagalPersonIdentifier = - BpkBuilder.generateAreaSpecificPersonIdentifier( - sourcePinType + sourcePin, - sourcePinType, - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); - + // build leagl-person identifier for eIDAS out-going + final String[] splittedTarget = + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier().split("\\+"); + StringBuilder sb = new StringBuilder(); + sb.append(splittedTarget[1]) + .append("/") + .append(splittedTarget[2]) + .append("/") + .append(sourcePinType) + .append("+") + .append(sourcePin); + log.debug("Use legal-person eIDAS identifer: {} from baseId: {} and baseIdType: {}", - leagalPersonIdentifier.getFirst(), sourcePin, sourcePinType); - authData.setGenericData(MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, - leagalPersonIdentifier.getFirst()); + sb.toString(), sourcePin, sourcePinType); + authData.setGenericData(MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, sb.toString()); } } diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java index 277138ef..cd183088 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java @@ -172,7 +172,7 @@ public class AuthenticationDataBuilderTest { Assert.assertEquals("CitizenCountry", cc, authData.getCiticenCountryCode()); Assert.assertEquals("familyName", familyName, authData.getFamilyName()); Assert.assertEquals("givenName", givenName, authData.getGivenName()); - Assert.assertEquals("DateOfBirth", dateOfBirth, authData.getFormatedDateOfBirth()); + Assert.assertEquals("DateOfBirth", dateOfBirth, authData.getDateOfBirth()); Assert.assertEquals("bPK", pendingReq.getSessionData(AuthProcessDataWrapper.class) .getGenericDataFromSession(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class), @@ -217,7 +217,7 @@ public class AuthenticationDataBuilderTest { //check mandate informations checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, commonMandate); checkGenericAttribute(authData, MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, - "AT/EE/oaAGaV/zIHSf6rcB0TIOqjWPoOU="); + "AT/EE/urn:publicid:gv.at:baseid+XFN+asfdsadfsadfsafsdafsadfasr"); } -- cgit v1.2.3 From 4d33e943238ba29eca894a23e27ba3bedc85632c Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 29 Apr 2021 15:16:18 +0200 Subject: fix some problemes with new eaaf-components API --- .../main/resources/specific_eIDAS_connector.beans.xml | 3 +++ .../resources/spring/SpringTest_connector.beans.xml | 2 ++ .../protocol/ProxyServiceAuthenticationAction.java | 8 ++++++-- .../ProxyServiceAuthenticationActionTest.java | 19 ++++++++++--------- 4 files changed, 21 insertions(+), 11 deletions(-) (limited to 'connector/src/main') diff --git a/connector/src/main/resources/specific_eIDAS_connector.beans.xml b/connector/src/main/resources/specific_eIDAS_connector.beans.xml index ecf6d348..0372edcf 100644 --- a/connector/src/main/resources/specific_eIDAS_connector.beans.xml +++ b/connector/src/main/resources/specific_eIDAS_connector.beans.xml @@ -104,6 +104,9 @@ + + + Date: Fri, 14 May 2021 11:50:01 +0200 Subject: add some TODO's for eIDAS Proxy-Service with mandates and fix some rebase errors --- .../resources/specific_eIDAS_connector.beans.xml | 3 - .../spring/SpringTest_connector.beans.xml | 3 - .../config/ServiceProviderConfiguration.java | 2 + .../tasks/RequestIdAustriaSystemTask.java | 4 +- .../protocol/EidasProxyServiceController.java | 184 +++++++++++---------- 5 files changed, 103 insertions(+), 93 deletions(-) (limited to 'connector/src/main') diff --git a/connector/src/main/resources/specific_eIDAS_connector.beans.xml b/connector/src/main/resources/specific_eIDAS_connector.beans.xml index 0372edcf..34fd088b 100644 --- a/connector/src/main/resources/specific_eIDAS_connector.beans.xml +++ b/connector/src/main/resources/specific_eIDAS_connector.beans.xml @@ -71,9 +71,6 @@ - - diff --git a/connector/src/test/resources/spring/SpringTest_connector.beans.xml b/connector/src/test/resources/spring/SpringTest_connector.beans.xml index 818fd00c..5a1e3f36 100644 --- a/connector/src/test/resources/spring/SpringTest_connector.beans.xml +++ b/connector/src/test/resources/spring/SpringTest_connector.beans.xml @@ -67,9 +67,6 @@ - - diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java index 0f72203b..e11545b0 100644 --- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java @@ -52,6 +52,8 @@ public class ServiceProviderConfiguration extends SpConfigurationImpl { @Getter private List mandateProfiles; + + public ServiceProviderConfiguration(Map spConfig, IConfiguration authConfig) { super(spConfig, authConfig); diff --git a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java index 8151b429..555f4e47 100644 --- a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java +++ b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java @@ -182,7 +182,9 @@ public class RequestIdAustriaSystemTask extends AbstractAuthServletTask { StringUtils.join(mandateProfiles, ",")); } - + + //TODO: set force-mandates flag + return attributs; } diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java index 8e417c36..fda1652e 100644 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java +++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java @@ -41,44 +41,46 @@ import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; import lombok.extern.slf4j.Slf4j; /** - * End-point implementation for authentication requests from eIDAS Proxy-Service + * End-point implementation for authentication requests from eIDAS Proxy-Service * to MS-specific eIDAS Proxy-Service. - * + * * @author tlenz * */ @Slf4j @Controller public class EidasProxyServiceController extends AbstractController implements IModulInfo { - + private static final String ERROR_01 = "eidas.proxyservice.01"; private static final String ERROR_02 = "eidas.proxyservice.02"; private static final String ERROR_03 = "eidas.proxyservice.03"; private static final String ERROR_04 = "eidas.proxyservice.04"; private static final String ERROR_05 = "eidas.proxyservice.05"; - + public static final String PROTOCOL_ID = "eidasProxy"; - - @Autowired private EidasAttributeRegistry attrRegistry; - + + @Autowired + private EidasAttributeRegistry attrRegistry; + /** - * End-point that receives authentication requests from eIDAS Node. - * - * @param httpReq Http request + * End-point that receives authentication requests from eIDAS Node. + * + * @param httpReq Http request * @param httpResp Http response - * @throws IOException In case of general error + * @throws IOException In case of general error * @throws EaafException In case of a validation or processing error */ - @RequestMapping(value = { - MsProxyServiceConstants.EIDAS_HTTP_ENDPOINT_IDP_POST, - MsProxyServiceConstants.EIDAS_HTTP_ENDPOINT_IDP_REDIRECT + @RequestMapping(value = { + MsProxyServiceConstants.EIDAS_HTTP_ENDPOINT_IDP_POST, + MsProxyServiceConstants.EIDAS_HTTP_ENDPOINT_IDP_REDIRECT }, method = { RequestMethod.POST, RequestMethod.GET }) - public void receiveEidasAuthnRequest(HttpServletRequest httpReq, HttpServletResponse httpResp) throws IOException, + public void receiveEidasAuthnRequest(HttpServletRequest httpReq, HttpServletResponse httpResp) + throws IOException, EaafException { log.trace("Receive request on eidas proxy-service end-points"); - ProxyServicePendingRequest pendingReq = null; - try { + ProxyServicePendingRequest pendingReq = null; + try { // get token from Request final String tokenBase64 = httpReq.getParameter(EidasParameterKeys.TOKEN.toString()); if (StringUtils.isEmpty(tokenBase64)) { @@ -89,57 +91,58 @@ public class EidasProxyServiceController extends AbstractController implements I log.trace("Receive eIDAS-node token: {}. Searching authentication request from eIDAS Proxy-Service ...", tokenBase64); - //read authentication request from shared cache + // read authentication request from shared cache final SpecificCommunicationService specificProxyCommunicationService = (SpecificCommunicationService) applicationContext.getBean( - SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE.toString()); + SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE + .toString()); final ILightRequest eidasRequest = specificProxyCommunicationService.getAndRemoveRequest( tokenBase64, ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes())); - log.debug("Received eIDAS auth. request from: {}, Initializing authentication environment ... ", + log.debug("Received eIDAS auth. request from: {}, Initializing authentication environment ... ", eidasRequest.getSpCountryCode() != null ? eidasRequest.getSpCountryCode() : "'missing SP-country'"); - + // create pendingRequest object pendingReq = applicationContext.getBean(ProxyServicePendingRequest.class); pendingReq.initialize(httpReq, authConfig); pendingReq.setModule(getName()); - + // log 'transaction created' event revisionsLogger.logEvent(EventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier()); revisionsLogger.logEvent(pendingReq.getUniqueSessionIdentifier(), pendingReq.getUniqueTransactionIdentifier(), EventConstants.TRANSACTION_IP, httpReq.getRemoteAddr()); - - //validate eIDAS Authn. request and set into pending-request + + // validate eIDAS Authn. request and set into pending-request validateEidasAuthnRequest(eidasRequest); pendingReq.setEidasRequest(eidasRequest); - - //generate Service-Provider configuration from eIDAS request - ISpConfiguration spConfig = generateSpConfigurationFromEidasRequest(eidasRequest); - - // populate pendingRequest with parameters + + // generate Service-Provider configuration from eIDAS request + final ISpConfiguration spConfig = generateSpConfigurationFromEidasRequest(eidasRequest); + + // populate pendingRequest with parameters pendingReq.setOnlineApplicationConfiguration(spConfig); pendingReq.setSpEntityId(spConfig.getUniqueIdentifier()); pendingReq.setPassiv(false); pendingReq.setForce(true); - + // AuthnRequest needs authentication pendingReq.setNeedAuthentication(true); - + // set protocol action, which should be executed after authentication pendingReq.setAction(ProxyServiceAuthenticationAction.class.getName()); - + // switch to session authentication protAuthService.performAuthentication(httpReq, httpResp, pendingReq); - - } catch (EidasProxyServiceException e) { + + } catch (final EidasProxyServiceException e) { throw e; - + } catch (final SpecificCommunicationException e) { log.error("Can not read eIDAS Authn request from shared cache. Reason: {}", e.getMessage()); - throw new EidasProxyServiceException(ERROR_03, new Object[] {e.getMessage()}, e); - + throw new EidasProxyServiceException(ERROR_03, new Object[] { e.getMessage() }, e); + } catch (final Throwable e) { // write revision log entries if (pendingReq != null) { @@ -149,115 +152,124 @@ public class EidasProxyServiceController extends AbstractController implements I throw new EidasProxyServiceException(ERROR_01, new Object[] { e.getMessage() }, e); } - + } @Override public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable { - - //TODO: implement error handling for eIDAS Node communication + + // TODO: implement error handling for eIDAS Node communication return false; - + } - + @Override public String getName() { return EidasProxyServiceController.class.getName(); - + } @Override public String getAuthProtocolIdentifier() { return PROTOCOL_ID; - + } @Override public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { return true; - + } - + /** * Validate incoming eIDAS request. - * + * * @param eidasRequest Incoming eIDAS authentication request * @throws EidasProxyServiceException In case of a validation error */ private void validateEidasAuthnRequest(ILightRequest eidasRequest) throws EidasProxyServiceException { if (StringUtils.isEmpty(eidasRequest.getSpCountryCode())) { throw new EidasProxyServiceException(ERROR_05, null); - + } - - //TODO: validate requested attributes - - //TODO: validate some other stuff - + + /* + * TODO: validate requested attributes --> check if natural-person and + * legal-person attributes requested in parallel + */ + + // TODO: validate some other stuff + } /** * Generate a dummy Service-Provider configuration for processing. - * + * * @param eidasRequest Incoming eIDAS authentication request * @return Service-Provider configuration that can be used for authentication * @throws EidasProxyServiceException In case of a configuration error */ - private ISpConfiguration generateSpConfigurationFromEidasRequest(ILightRequest eidasRequest) - throws EidasProxyServiceException { + private ISpConfiguration generateSpConfigurationFromEidasRequest(ILightRequest eidasRequest) + throws EidasProxyServiceException { try { - String spCountry = eidasRequest.getSpCountryCode(); - Map spConfigMap = new HashMap<>(); + final String spCountry = eidasRequest.getSpCountryCode(); + final Map spConfigMap = new HashMap<>(); - //TODO: how we get the EntityId from eIDAS connector? + // TODO: how we get the EntityId from eIDAS connector? spConfigMap.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, - MessageFormat.format(MsProxyServiceConstants.TEMPLATE_SP_UNIQUE_ID, + MessageFormat.format(MsProxyServiceConstants.TEMPLATE_SP_UNIQUE_ID, spCountry, eidasRequest.getSpType())); - - ServiceProviderConfiguration spConfig = new ServiceProviderConfiguration(spConfigMap, authConfig); - + + final ServiceProviderConfiguration spConfig = new ServiceProviderConfiguration(spConfigMap, authConfig); + final String ccCountry = authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, Constants.DEFAULT_MS_NODE_COUNTRY_CODE); - + spConfig.setBpkTargetIdentifier( - EaafConstants.URN_PREFIX_EIDAS + ccCountry + "+" + spCountry); + EaafConstants.URN_PREFIX_EIDAS + ccCountry + "+" + spCountry); spConfig.setRequiredLoA( eidasRequest.getLevelsOfAssurance().stream().map(el -> el.getValue()).collect(Collectors.toList())); - + + // TODO: check if only mandates are allowed in case of legal person requested + // --> set force-mandate flag spConfig.setMandateProfiles(buildMandateProfileConfiguration(eidasRequest)); - - + return spConfig; - - } catch (EaafException e) { - throw new EidasProxyServiceException(ERROR_04, new Object[] {e.getMessage()}, e); - - } + + } catch (final EaafException e) { + throw new EidasProxyServiceException(ERROR_04, new Object[] { e.getMessage() }, e); + + } } private List buildMandateProfileConfiguration(ILightRequest eidasRequest) { if (authConfig.getBasicConfigurationBoolean( MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, false)) { - log.trace("eIDAS Proxy-Service allows mandates. Selecting profiles ... "); - List spMandateProfiles = authConfig.getBasicConfigurationWithPrefix( + log.trace("eIDAS Proxy-Service allows mandates. Selecting profiles ... "); + + /* + * TODO: split profiles in natural-person and legal-person profiles and select + * correct one based on requested attributes + */ + final List spMandateProfiles = authConfig.getBasicConfigurationWithPrefix( MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_SPECIFIC) - .entrySet().stream() - .filter(el -> el.getKey().endsWith(eidasRequest.getSpCountryCode().toLowerCase())) - .findFirst() - .map(el -> KeyValueUtils.getListOfCsvValues(el.getValue())) - .orElse(KeyValueUtils.getListOfCsvValues( - authConfig.getBasicConfiguration( - MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT))); - + .entrySet().stream() + .filter(el -> el.getKey().endsWith(eidasRequest.getSpCountryCode().toLowerCase())) + .findFirst() + .map(el -> KeyValueUtils.getListOfCsvValues(el.getValue())) + .orElse(KeyValueUtils.getListOfCsvValues( + authConfig.getBasicConfiguration( + MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT))); + log.debug("Set mandate-profiles: {} to request from country: {}", spMandateProfiles, eidasRequest.getSpCountryCode()); return spMandateProfiles; - + } - + return Collections.emptyList(); - + } } -- cgit v1.2.3 From a2eba5646b5b43d549993859849cdcf2baae5eb2 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Mon, 24 May 2021 14:49:48 +0200 Subject: select mandate based on eIDAS Proxy-Service request information --- .../src/main/resources/application.properties | 15 + .../config/ServiceProviderConfiguration.java | 5 +- .../specific/modules/auth/eidas/v2/Constants.java | 1 + .../tasks/RequestIdAustriaSystemTask.java | 9 +- .../test/task/RequestIdAustriaSystemTaskTest.java | 32 +- .../msproxyservice/MsProxyServiceConstants.java | 25 +- .../protocol/EidasProxyServiceController.java | 253 ++++++++++--- .../protocol/ProxyServiceAuthenticationAction.java | 113 +++--- .../messages/eidasproxy_messages.properties | 9 +- .../protocol/EidasProxyServiceControllerTest.java | 416 +++++++++++++++++++-- 10 files changed, 736 insertions(+), 142 deletions(-) (limited to 'connector/src/main') diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index f6d9bb7e..e4f30544 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -186,6 +186,19 @@ eidas.ms.configuration.sp.disableRegistrationRequirement=false eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy #eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint= +# Mandate configuration +eidas.ms.auth.eIDAS.proxy.mandates.enabled=false +#eidas.ms.auth.eIDAS.proxy.mandates.profiles.natural.default= +#eidas.ms.auth.eIDAS.proxy.mandates.profiles.legal.default= + + +## special foreign eIDAS-Connector configuration +#eidas.ms.connector.0.uniqueID=https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata +#eidas.ms.connector.0.countryCode=CC +#eidas.ms.connector.0.mandates.enabled=false +#eidas.ms.connector.0.mandates.natural= +#eidas.ms.connector.0.mandates.legal= + ## PVP2 S-Profile communication with ID Austria System # EntityId and optional metadata of ID Austria System @@ -210,3 +223,5 @@ eidas.ms.modules.idaustriaauth.keystore.type=jks #eidas.ms.modules.idaustriaauth.truststore.path= #eidas.ms.modules.idaustriaauth.truststore.password= + + diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java index e11545b0..31d521c0 100644 --- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java @@ -34,6 +34,7 @@ import org.slf4j.LoggerFactory; import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.idp.conf.SpConfigurationImpl; @@ -52,7 +53,9 @@ public class ServiceProviderConfiguration extends SpConfigurationImpl { @Getter private List mandateProfiles; - + @Getter + @Setter + private SpMandateModes mandateMode = SpMandateModes.NONE; public ServiceProviderConfiguration(Map spConfig, IConfiguration authConfig) { super(spConfig, authConfig); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index f0d57229..4c184d16 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -170,6 +170,7 @@ public class Constants { // SAML2 Constants public static final String SUCCESS_URI = "urn:oasis:names:tc:SAML:2.0:status:Success"; + public static final String ERROR_URI = "urn:oasis:names:tc:SAML:2.0:status:Responder"; public static final String HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION = "30"; // seconds public static final String HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE = "60"; // seconds diff --git a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java index 555f4e47..0c91345f 100644 --- a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java +++ b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java @@ -180,10 +180,13 @@ public class RequestIdAustriaSystemTask extends AbstractAuthServletTask { log.debug("Set mandate-profiles attribute into ID-Austria request"); injectAttribute(attributs, ExtendedPvpAttributeDefinitions.SP_USED_MANDATE_PROFILES_NAME, StringUtils.join(mandateProfiles, ",")); - + } - - //TODO: set force-mandates flag + + // inject mandate mode attribute + injectAttribute(attributs, ExtendedPvpAttributeDefinitions.SP_USED_MANDATE_TYPE_NAME, + pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).getMandateMode().getMode()); + return attributs; } diff --git a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java index 6dc8d415..92aece46 100644 --- a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java +++ b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java @@ -40,6 +40,7 @@ import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthMeta import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePendingRequest; import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes; import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; @@ -213,7 +214,7 @@ public class RequestIdAustriaSystemTaskTest { //validate state final EaafRequestedAttributes reqAttr = validate(); - Assert.assertEquals("#Req Attribute", 3, reqAttr.getAttributes().size()); + Assert.assertEquals("#Req Attribute", 4, reqAttr.getAttributes().size()); Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.eidas.uniqueId", reqAttr.getAttributes().get(0).getName()); @@ -245,6 +246,17 @@ public class RequestIdAustriaSystemTaskTest { Assert.assertEquals("Req. Attr. Value", "http://eidas.europa.eu/LoA/high", ((XSString)reqAttr.getAttributes().get(2).getAttributeValues().get(0)).getValue()); + Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderMandateType", + reqAttr.getAttributes().get(3).getName()); + Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(3).getAttributeValues()); + Assert.assertEquals("#Req. Attr value", 1, + reqAttr.getAttributes().get(3).getAttributeValues().size()); + org.springframework.util.Assert.isInstanceOf(XSString.class, + reqAttr.getAttributes().get(3).getAttributeValues().get(0), "Wrong requested Attributes Value type"); + Assert.assertEquals("Req. Attr. Value", + pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).getMandateMode().getMode(), + ((XSString)reqAttr.getAttributes().get(3).getAttributeValues().get(0)).getValue()); + } @Test @@ -269,7 +281,7 @@ public class RequestIdAustriaSystemTaskTest { //validate state final EaafRequestedAttributes reqAttr = validate(); - Assert.assertEquals("#Req Attribute", 5, reqAttr.getAttributes().size()); + Assert.assertEquals("#Req Attribute", 6, reqAttr.getAttributes().size()); Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderFriendlyName", reqAttr.getAttributes().get(3).getName()); @@ -313,13 +325,13 @@ public class RequestIdAustriaSystemTaskTest { List mandateProfiles = Arrays.asList( RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); oaParam.setMandateProfiles(mandateProfiles); - + oaParam.setMandateMode(SpMandateModes.LEGAL_FORCE); //execute test task.execute(pendingReq, executionContext); //validate state final EaafRequestedAttributes reqAttr = validate(); - Assert.assertEquals("#Req Attribute", 6, reqAttr.getAttributes().size()); + Assert.assertEquals("#Req Attribute", 7, reqAttr.getAttributes().size()); Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderMandateProfiles", reqAttr.getAttributes().get(5).getName()); @@ -333,6 +345,18 @@ public class RequestIdAustriaSystemTaskTest { ((XSString)reqAttr.getAttributes().get(5).getAttributeValues().get(0)).getValue()); reqProfiles.stream().forEach(el -> assertTrue("missing profile: " + el, mandateProfiles.contains(el))); + + Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderMandateType", + reqAttr.getAttributes().get(6).getName()); + Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(6).getAttributeValues()); + Assert.assertEquals("#Req. Attr value", 1, + reqAttr.getAttributes().get(6).getAttributeValues().size()); + org.springframework.util.Assert.isInstanceOf(XSString.class, + reqAttr.getAttributes().get(6).getAttributeValues().get(0), "Wrong requested Attributes Value type"); + Assert.assertEquals("Req. Attr. Value", + SpMandateModes.LEGAL_FORCE.getMode(), + ((XSString)reqAttr.getAttributes().get(6).getAttributeValues().get(0)).getValue()); + } private EaafRequestedAttributes validate() throws Pvp2InternalErrorException, SecurityException, Exception { diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java index 336e6c05..72890bad 100644 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java +++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java @@ -1,6 +1,7 @@ package at.asitplus.eidas.specific.modules.msproxyservice; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder; @@ -12,7 +13,7 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuil */ public class MsProxyServiceConstants { - //general constants + // general constants public static final String TEMPLATE_SP_UNIQUE_ID = "eidasProxyAuth_from_{0}_type_{1}"; public static final String ATTR_EIDAS_PERSONAL_IDENTIFIER = @@ -24,19 +25,27 @@ public class MsProxyServiceConstants { AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME; - //configuration constants + // configuration constants public static final String CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID = Constants.CONIG_PROPS_EIDAS_NODE + ".proxy.entityId"; public static final String CONIG_PROPS_EIDAS_PROXY_NODE_FORWARD_URL = Constants.CONIG_PROPS_EIDAS_NODE + ".proxy.forward.endpoint"; // mandate configuration - public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED = Constants.CONIG_PROPS_EIDAS_PREFIX - + ".proxy.mandates.enabled"; - public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT = Constants.CONIG_PROPS_EIDAS_PREFIX - + ".proxy.mandates.profiles.default"; - public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_SPECIFIC = Constants.CONIG_PROPS_EIDAS_PREFIX - + ".proxy.mandates.profiles.specific."; + public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED = + Constants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.mandates.enabled"; + public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL = + Constants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.mandates.profiles.natural.default"; + public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL = + Constants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.mandates.profiles.legal.default"; + + // specifuc eIDAS-Connector configuration + public static final String CONIG_PROPS_CONNECTOR_PREFIX = "connector"; + public static final String CONIG_PROPS_CONNECTOR_UNIQUEID = EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER; + public static final String CONIG_PROPS_CONNECTOR_COUNTRYCODE = "countryCode"; + public static final String CONIG_PROPS_CONNECTOR_MANDATES_ENABLED = "mandates.enabled"; + public static final String CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL = "mandates.natural"; + public static final String CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL = "mandates.legal"; //http end-points diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java index fda1652e..4b699bae 100644 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java +++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java @@ -4,14 +4,18 @@ import java.io.IOException; import java.text.MessageFormat; import java.util.Collections; import java.util.HashMap; -import java.util.List; import java.util.Map; +import java.util.UUID; import java.util.stream.Collectors; +import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml.saml2.core.NameIDType; +import org.opensaml.saml.saml2.core.StatusCode; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; @@ -19,6 +23,7 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.common.collect.ImmutableSortedSet; +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; @@ -28,13 +33,18 @@ import at.gv.egiz.components.eventlog.api.EventConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes; import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.GuiBuildException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import eu.eidas.auth.commons.EidasParameterKeys; import eu.eidas.auth.commons.light.ILightRequest; +import eu.eidas.auth.commons.light.impl.LightResponse; +import eu.eidas.auth.commons.light.impl.LightResponse.Builder; +import eu.eidas.auth.commons.light.impl.ResponseStatus; import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; import eu.eidas.specificcommunication.exception.SpecificCommunicationException; import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; @@ -56,11 +66,15 @@ public class EidasProxyServiceController extends AbstractController implements I private static final String ERROR_03 = "eidas.proxyservice.03"; private static final String ERROR_04 = "eidas.proxyservice.04"; private static final String ERROR_05 = "eidas.proxyservice.05"; - + private static final String ERROR_07 = "eidas.proxyservice.07"; + private static final String ERROR_08 = "eidas.proxyservice.08"; + private static final String ERROR_09 = "eidas.proxyservice.09"; + private static final String ERROR_10 = "eidas.proxyservice.10"; + public static final String PROTOCOL_ID = "eidasProxy"; - @Autowired - private EidasAttributeRegistry attrRegistry; + @Autowired EidasAttributeRegistry attrRegistry; + @Autowired ProxyServiceAuthenticationAction responseAction; /** * End-point that receives authentication requests from eIDAS Node. @@ -101,7 +115,8 @@ public class EidasProxyServiceController extends AbstractController implements I ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes())); log.debug("Received eIDAS auth. request from: {}, Initializing authentication environment ... ", eidasRequest.getSpCountryCode() != null ? eidasRequest.getSpCountryCode() : "'missing SP-country'"); - + log.trace("Received eIDAS requst: {}", eidasRequest); + // create pendingRequest object pendingReq = applicationContext.getBean(ProxyServicePendingRequest.class); pendingReq.initialize(httpReq, authConfig); @@ -114,6 +129,10 @@ public class EidasProxyServiceController extends AbstractController implements I pendingReq.getUniqueTransactionIdentifier(), EventConstants.TRANSACTION_IP, httpReq.getRemoteAddr()); + + //TODO: map issuer from eIDAS request to countryCode in special cases + + // validate eIDAS Authn. request and set into pending-request validateEidasAuthnRequest(eidasRequest); pendingReq.setEidasRequest(eidasRequest); @@ -156,10 +175,43 @@ public class EidasProxyServiceController extends AbstractController implements I } @Override - public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, - IRequest protocolRequest) throws Throwable { + public boolean generateErrorMessage(Throwable e, HttpServletRequest httpReq, HttpServletResponse httpResp, + IRequest pendingReq) throws Throwable { + if (pendingReq instanceof ProxyServicePendingRequest) { + try { + ILightRequest eidasReq = ((ProxyServicePendingRequest) pendingReq).getEidasRequest(); + + //build eIDAS response + Builder lightRespBuilder = LightResponse.builder(); + lightRespBuilder.id(UUID.randomUUID().toString()); + lightRespBuilder.inResponseToId(eidasReq.getId()); + lightRespBuilder.relayState(eidasReq.getRelayState()); + lightRespBuilder.issuer(authConfig.getBasicConfiguration( + MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID)); + lightRespBuilder.subject(UUID.randomUUID().toString()); + lightRespBuilder.subjectNameIdFormat(NameIDType.TRANSIENT); + lightRespBuilder.status(ResponseStatus.builder() + .statusCode(StatusCode.RESPONDER) + .subStatusCode(statusMessager.mapInternalErrorToExternalError(statusMessager.getResponseErrorCode(e))) + .statusMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())) + .build()); + + // forward to eIDAS Proxy-Service + responseAction.forwardToEidasProxy(pendingReq, httpReq, httpResp, lightRespBuilder.build()); + + return true; + + } catch (ServletException | IOException | GuiBuildException e1) { + log.warn("Forward error to eIDAS Proxy-Service FAILED. Handle error localy ... ", e1); + + } + + } else { + log.error("eIDAS Proxy-Service authentication requires PendingRequest of Type: {}", + ProxyServicePendingRequest.class.getName()); - // TODO: implement error handling for eIDAS Node communication + } + return false; } @@ -189,16 +241,17 @@ public class EidasProxyServiceController extends AbstractController implements I * @throws EidasProxyServiceException In case of a validation error */ private void validateEidasAuthnRequest(ILightRequest eidasRequest) throws EidasProxyServiceException { - if (StringUtils.isEmpty(eidasRequest.getSpCountryCode())) { + if (StringUtils.isEmpty(eidasRequest.getIssuer())) { throw new EidasProxyServiceException(ERROR_05, null); } - - /* - * TODO: validate requested attributes --> check if natural-person and - * legal-person attributes requested in parallel - */ - + + // check if natural-person and legal-person attributes requested in parallel + if (isLegalPersonRequested(eidasRequest) && isNaturalPersonRequested(eidasRequest)) { + throw new EidasProxyServiceException(ERROR_08, null); + + } + // TODO: validate some other stuff } @@ -213,63 +266,167 @@ public class EidasProxyServiceController extends AbstractController implements I private ISpConfiguration generateSpConfigurationFromEidasRequest(ILightRequest eidasRequest) throws EidasProxyServiceException { try { - final String spCountry = eidasRequest.getSpCountryCode(); - final Map spConfigMap = new HashMap<>(); + + Map connectorConfigMap = extractRawConnectorConfiguration(eidasRequest); + + // check if country-code is available + String spCountry = connectorConfigMap.get(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_COUNTRYCODE); + if (StringUtils.isEmpty(spCountry)) { + throw new EidasProxyServiceException(ERROR_07, null); - // TODO: how we get the EntityId from eIDAS connector? - spConfigMap.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, + } + + // build FriendyName from CountryCode and SPType + connectorConfigMap.put(MsEidasNodeConstants.PROP_CONFIG_SP_FRIENDLYNAME, MessageFormat.format(MsProxyServiceConstants.TEMPLATE_SP_UNIQUE_ID, spCountry, eidasRequest.getSpType())); - final ServiceProviderConfiguration spConfig = new ServiceProviderConfiguration(spConfigMap, authConfig); + // build Service-Provider configuration object + final ServiceProviderConfiguration spConfig = new ServiceProviderConfiguration(connectorConfigMap, authConfig); + // build bPK target from Country-Code final String ccCountry = authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, Constants.DEFAULT_MS_NODE_COUNTRY_CODE); - spConfig.setBpkTargetIdentifier( EaafConstants.URN_PREFIX_EIDAS + ccCountry + "+" + spCountry); + + // set required LoA from eIDAS request spConfig.setRequiredLoA( eidasRequest.getLevelsOfAssurance().stream().map(el -> el.getValue()).collect(Collectors.toList())); - // TODO: check if only mandates are allowed in case of legal person requested - // --> set force-mandate flag - spConfig.setMandateProfiles(buildMandateProfileConfiguration(eidasRequest)); - + //build mandate profiles for this specific request + buildMandateProfileConfiguration(spConfig, eidasRequest); + return spConfig; + } catch (EidasProxyServiceException e) { + throw e; + } catch (final EaafException e) { throw new EidasProxyServiceException(ERROR_04, new Object[] { e.getMessage() }, e); } } - private List buildMandateProfileConfiguration(ILightRequest eidasRequest) { - if (authConfig.getBasicConfigurationBoolean( - MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, false)) { - log.trace("eIDAS Proxy-Service allows mandates. Selecting profiles ... "); - - /* - * TODO: split profiles in natural-person and legal-person profiles and select - * correct one based on requested attributes - */ - final List spMandateProfiles = authConfig.getBasicConfigurationWithPrefix( - MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_SPECIFIC) - .entrySet().stream() - .filter(el -> el.getKey().endsWith(eidasRequest.getSpCountryCode().toLowerCase())) - .findFirst() - .map(el -> KeyValueUtils.getListOfCsvValues(el.getValue())) - .orElse(KeyValueUtils.getListOfCsvValues( - authConfig.getBasicConfiguration( - MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT))); - - log.debug("Set mandate-profiles: {} to request from country: {}", - spMandateProfiles, eidasRequest.getSpCountryCode()); - return spMandateProfiles; + + private Map extractRawConnectorConfiguration(ILightRequest eidasRequest) { + Map allConnectorConfigs = authConfig.getBasicConfigurationWithPrefix( + MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_PREFIX); + if (log.isTraceEnabled()) { + log.trace("Full-connector configuration:"); + allConnectorConfigs.entrySet().stream().forEach( + el -> log.trace("Key: {} -> Value: {}", el.getKey(), el.getValue())); + + } + + + Map connectorConfig = allConnectorConfigs.entrySet().stream() + .filter(el -> el.getKey().endsWith(MsEidasNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER) + && el.getValue().equals(eidasRequest.getIssuer())) + .findFirst() + .map(el -> KeyValueUtils.getSubSetWithPrefix(allConnectorConfigs, + KeyValueUtils.getParentKey(el.getKey()) + KeyValueUtils.KEY_DELIMITER)) + .orElse(new HashMap<>()); + + + if (connectorConfig.isEmpty()) { + log.debug("No specific configuration for eIDAS Connector: {} Using default configuration ... ", + eidasRequest.getIssuer()); + + // set EntityId of the requesting eIDAS Connector + connectorConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, eidasRequest.getIssuer()); + + // set country-code from eIDAS request + connectorConfig.put(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_COUNTRYCODE, + eidasRequest.getSpCountryCode()); + + // set default mandate configuration + connectorConfig.put(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_ENABLED, + String.valueOf(authConfig.getBasicConfigurationBoolean( + MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, false))); + connectorConfig.put(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL, + authConfig.getBasicConfiguration( + MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL)); + connectorConfig.put(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL, + authConfig.getBasicConfiguration( + MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL)); + + } else { + log.debug("Find specific configuration for eIDAS Connector: {}", eidasRequest.getIssuer()); + + } + + return connectorConfig; + + } + + + private void buildMandateProfileConfiguration(ServiceProviderConfiguration spConfig, ILightRequest eidasRequest) + throws EidasProxyServiceException { + // check if mandates are enabled + if (spConfig.isConfigurationValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_ENABLED, false)) { + injectMandateInfosIntoSpConfig(spConfig, eidasRequest); + + } else { + if (isLegalPersonRequested(eidasRequest)) { + throw new EidasProxyServiceException(ERROR_09, null); + + } + + spConfig.setMandateProfiles(Collections.emptyList()); + spConfig.setMandateMode(SpMandateModes.NONE); + + } + } + + private void injectMandateInfosIntoSpConfig(ServiceProviderConfiguration spConfig, + ILightRequest eidasRequest) throws EidasProxyServiceException { + log.trace("eIDAS Proxy-Service allows mandates for Connector: {}. Selecting profiles ... ", + spConfig.getUniqueIdentifier()); + + //check if legal person is requested + boolean isLegalPersonRequested = isLegalPersonRequested(eidasRequest); + + // set mandate profiles + if (isLegalPersonRequested) { + spConfig.setMandateProfiles(KeyValueUtils.getListOfCsvValues( + spConfig.getConfigurationValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL))); + + spConfig.setMandateMode(SpMandateModes.LEGAL_FORCE); + + } else if (isNaturalPersonRequested(eidasRequest)) { + spConfig.setMandateProfiles(KeyValueUtils.getListOfCsvValues( + spConfig.getConfigurationValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL))); + + spConfig.setMandateMode(SpMandateModes.NATURAL); + } - return Collections.emptyList(); + log.debug("Set mandate-profiles: {} to request from issuer: {}", + spConfig.getMandateProfiles(), spConfig.getUniqueIdentifier()); + + if (isLegalPersonRequested && spConfig.getMandateProfiles().isEmpty()) { + throw new EidasProxyServiceException(ERROR_10, null); + + } + } + private boolean isLegalPersonRequested(ILightRequest eidasRequest) { + return eidasRequest.getRequestedAttributes().entrySet().stream() + .filter(el -> el.getKey().getFriendlyName().equals(Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER)) + .findFirst() + .isPresent(); + + } + + private boolean isNaturalPersonRequested(ILightRequest eidasRequest) { + return eidasRequest.getRequestedAttributes().entrySet().stream() + .filter(el -> el.getKey().getFriendlyName().equals(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)) + .findFirst() + .isPresent(); + + } } diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java index 5d184cc8..805bbc42 100644 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java +++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java @@ -96,10 +96,6 @@ public class ProxyServiceAuthenticationAction implements IAction { lightRespBuilder.levelOfAssurance(authData.getEidasQaaLevel()); lightRespBuilder.attributes(buildAttributesFromAuthData(authData)); - // put request into shared cache - final BinaryLightToken token = putResponseInCommunicationCache(lightRespBuilder.build()); - final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token); - // set SLO response object of EAAF framework final SloInformationImpl sloInformation = new SloInformationImpl(); sloInformation.setProtocolType(pendingReq.requestedModule()); @@ -107,7 +103,7 @@ public class ProxyServiceAuthenticationAction implements IAction { .setSpEntityID(pendingReq.getServiceProviderConfiguration().getUniqueIdentifier()); // forward to eIDAS Proxy-Service - forwardToEidasProxy(pendingReq, httpReq, httpResp, tokenBase64); + forwardToEidasProxy(pendingReq, httpReq, httpResp, lightRespBuilder.build()); return sloInformation; @@ -136,6 +132,68 @@ public class ProxyServiceAuthenticationAction implements IAction { } + + /** + * Forward eIDAS Light response to eIDAS node. + * + * @param pendingReq Current pending request. + * @param httpReq Current HTTP request + * @param httpResp Current HTTP response + * @param lightResponse eIDAS LightResponse + * @throws EaafConfigurationException In case of a configuration error + * @throws IOException In case of a general error + * @throws GuiBuildException In case of a GUI rendering error, if http POST binding is used + * @throws ServletException In case of a general error + */ + public void forwardToEidasProxy(IRequest pendingReq, HttpServletRequest httpReq, + HttpServletResponse httpResp, LightResponse lightResponse) throws EaafConfigurationException, IOException, + GuiBuildException, ServletException { + + // put request into shared cache + final BinaryLightToken token = putResponseInCommunicationCache(lightResponse); + final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token); + + // select forward URL regarding the selected environment + final String forwardUrl = basicConfig.getBasicConfiguration( + MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_FORWARD_URL); + + if (StringUtils.isEmpty(forwardUrl)) { + log.warn("NO ForwardURL defined in configuration. Can NOT forward to eIDAS node! Process stops"); + throw new EaafConfigurationException("config.08", + new Object[] { MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_FORWARD_URL }); + + } + log.debug("ForwardURL: " + forwardUrl + " selected to forward eIDAS request"); + + if (basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD, + Constants.FORWARD_METHOD_GET).equals(Constants.FORWARD_METHOD_GET)) { + + log.debug("Use http-redirect for eIDAS node forwarding ... "); + // send redirect + final UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(forwardUrl); + redirectUrl.queryParam(EidasParameterKeys.TOKEN.toString(), tokenBase64); + httpResp.sendRedirect(redirectUrl.build().encode().toString()); + + } else { + log.debug("Use http-post for eIDAS node forwarding ... "); + final StaticGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( + basicConfig, + pendingReq, + Constants.TEMPLATE_POST_FORWARD_NAME, + null, + resourceLoader); + + config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardUrl); + config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME, + EidasParameterKeys.TOKEN.toString()); + config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE, + tokenBase64); + + guiBuilder.build(httpReq, httpResp, config, "Forward to eIDASNode form"); + + } + } @PostConstruct private void checkConfiguration() { @@ -264,50 +322,5 @@ public class ProxyServiceAuthenticationAction implements IAction { return binaryLightToken; } - private void forwardToEidasProxy(IRequest pendingReq, HttpServletRequest httpReq, - HttpServletResponse httpResp, String tokenBase64) throws EaafConfigurationException, IOException, - GuiBuildException { - // select forward URL regarding the selected environment - final String forwardUrl = basicConfig.getBasicConfiguration( - MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_FORWARD_URL); - - if (StringUtils.isEmpty(forwardUrl)) { - log.warn("NO ForwardURL defined in configuration. Can NOT forward to eIDAS node! Process stops"); - throw new EaafConfigurationException("config.08", - new Object[] { MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_FORWARD_URL }); - - } - log.debug("ForwardURL: " + forwardUrl + " selected to forward eIDAS request"); - - if (basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD, - Constants.FORWARD_METHOD_GET).equals(Constants.FORWARD_METHOD_GET)) { - - log.debug("Use http-redirect for eIDAS node forwarding ... "); - // send redirect - final UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(forwardUrl); - redirectUrl.queryParam(EidasParameterKeys.TOKEN.toString(), tokenBase64); - httpResp.sendRedirect(redirectUrl.build().encode().toString()); - - } else { - log.debug("Use http-post for eIDAS node forwarding ... "); - final StaticGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( - basicConfig, - pendingReq, - Constants.TEMPLATE_POST_FORWARD_NAME, - null, - resourceLoader); - - config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardUrl); - config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME, - EidasParameterKeys.TOKEN.toString()); - config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE, - tokenBase64); - - guiBuilder.build(httpReq, httpResp, config, "Forward to eIDASNode form"); - - } - - } } diff --git a/eidas_modules/eidas_proxy-sevice/src/main/resources/messages/eidasproxy_messages.properties b/eidas_modules/eidas_proxy-sevice/src/main/resources/messages/eidasproxy_messages.properties index 5c4c51b9..b934ad56 100644 --- a/eidas_modules/eidas_proxy-sevice/src/main/resources/messages/eidasproxy_messages.properties +++ b/eidas_modules/eidas_proxy-sevice/src/main/resources/messages/eidasproxy_messages.properties @@ -1,8 +1,13 @@ -eidas.proxyservice.01=General error on request-validation from eIDAS-Node Proxy-Service +eidas.proxyservice.01=General error on request-validation from national eIDAS Proxy-Service eidas.proxyservice.02=Authentication request contains not communication token. eidas.proxyservice.03=General error during eIDAS-Node communication. Reason: {} eidas.proxyservice.04=Validation of eIDAS Authn request failed. Reason: {} -eidas.proxyservice.05=No Service-Provider country-code in Authn. request. Authentication not possible +eidas.proxyservice.05=No eIDAS-Connector Issuer in Authn. request. Authentication not possible eidas.proxyservice.06=Can not build eIDAS Proxy-Service response. Authentication FAILED. +eidas.proxyservice.07=Can not determine eIDAS-Connector CountryCode. Authentication not possible +eidas.proxyservice.08=Validation of eIDAS Authn request failed. Reason: Legal person and natural person can not be requested at once. +eidas.proxyservice.09=eIDAS authentication not possible, because legal person is requested but mandates are disabled in general +eidas.proxyservice.10=eIDAS authentication not possible, because legal person is requested but not mandate profiles are defined + eidas.proxyservice.99=Internal error during eIDAS Proxy-Service authentication \ No newline at end of file diff --git a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java index 1a19b723..86357123 100644 --- a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java +++ b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java @@ -8,6 +8,7 @@ import static org.junit.Assert.assertTrue; import java.io.IOException; import java.net.URISyntaxException; +import java.net.URLDecoder; import java.text.MessageFormat; import java.util.Arrays; import java.util.List; @@ -19,8 +20,11 @@ import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; +import org.opensaml.saml.saml2.core.NameIDType; +import org.opensaml.saml.saml2.core.StatusCode; import org.powermock.core.classloader.annotations.PrepareForTest; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.test.context.ContextConfiguration; @@ -29,8 +33,12 @@ import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import org.springframework.web.servlet.config.annotation.EnableWebMvc; +import com.google.common.collect.ImmutableSortedSet; + import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration; import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService; import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; @@ -38,12 +46,17 @@ import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxySer import at.asitplus.eidas.specific.modules.msproxyservice.protocol.EidasProxyServiceController; import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePendingRequest; import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyProtocolAuthService; import eu.eidas.auth.commons.EidasParameterKeys; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.light.ILightResponse; import eu.eidas.auth.commons.light.impl.LightRequest; +import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; import eu.eidas.specificcommunication.exception.SpecificCommunicationException; +import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; @RunWith(SpringJUnit4ClassRunner.class) @PrepareForTest(CreateIdentityLinkTask.class) @@ -58,12 +71,16 @@ public class EidasProxyServiceControllerTest { @Autowired private DummySpecificCommunicationService proxyService; @Autowired private DummyProtocolAuthService authService; + @Autowired private EidasAttributeRegistry attrRegistry; + @Autowired private ApplicationContext context; @Autowired MsConnectorDummyConfigMap config; private MockHttpServletRequest httpReq; private MockHttpServletResponse httpResp; + private SpecificCommunicationService springManagedSpecificConnectorCommunicationService; + /** * jUnit test set-up. */ @@ -76,7 +93,68 @@ public class EidasProxyServiceControllerTest { proxyService.setiLightRequest(null); proxyService.setError(null); - + + config.putConfigValue("eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint", + "http://eidas.proxy/endpoint"); + + springManagedSpecificConnectorCommunicationService = + (SpecificCommunicationService) context.getBean( + SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE + .toString()); + + } + + @Test + public void generateErrorResponseWrongPendingReq() throws Throwable { + Assert.assertFalse("wrong statusCode", controller.generateErrorMessage( + new EaafException("1000"), + httpReq, httpResp, null)); + + } + + @Test + public void generateErrorResponse() throws Throwable { + ProxyServicePendingRequest pendingReq = new ProxyServicePendingRequest(); + pendingReq.initialize(httpReq, config); + + LightRequest.Builder eidasRequestBuilder = LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .spType("public") + .requesterId(RandomStringUtils.randomAlphanumeric(10)) + .providerName(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setEidasRequest(eidasRequestBuilder.build()); + + + // execute test + Assert.assertTrue("wrong statusCode", controller.generateErrorMessage( + new EaafException("1000"), + httpReq, httpResp, + pendingReq)); + + // validate state + assertNotNull("not redirct Header", httpResp.getHeader("Location")); + assertTrue("wrong redirect URL", httpResp.getHeader("Location").startsWith("http://eidas.proxy/endpoint?token=")); + String token = httpResp.getHeader("Location").substring("http://eidas.proxy/endpoint?token=".length()); + + ILightResponse resp = springManagedSpecificConnectorCommunicationService.getAndRemoveResponse(URLDecoder.decode(token), + ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes())); + + assertNotNull("responseId", resp.getId()); + assertEquals("inResponseTo", pendingReq.getEidasRequest().getId(), resp.getInResponseToId()); + assertEquals("relayState", pendingReq.getEidasRequest().getRelayState(), resp.getRelayState()); + + assertNotNull("subjectNameId", resp.getSubject()); + assertEquals("subjectNameIdFormat", NameIDType.TRANSIENT, resp.getSubjectNameIdFormat()); + assertTrue("not attributes", resp.getAttributes().isEmpty()); + + assertEquals("StatusCode", StatusCode.RESPONDER, resp.getStatus().getStatusCode()); + //assertEquals("SubStatusCode", "", resp.getStatus().getSubStatusCode()); + //assertEquals("StatusMsg", "", resp.getStatus().getStatusMessage()); + } @Test @@ -112,7 +190,7 @@ public class EidasProxyServiceControllerTest { Assert.assertTrue("Wrong exception", (exception.getCause() instanceof SpecificCommunicationException)); } - + @Test public void missingServiceProviderCountry() { //initialize state @@ -128,10 +206,66 @@ public class EidasProxyServiceControllerTest { //validate state EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class, () -> controller.receiveEidasAuthnRequest(httpReq, httpResp)); - Assert.assertEquals("wrong errorCode", "eidas.proxyservice.05", exception.getErrorId()); + Assert.assertEquals("wrong errorCode", "eidas.proxyservice.07", exception.getErrorId()); + + } + + @Test + public void requestingLegalAndNaturalPerson() { + //initialize state + httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); + LightRequest.Builder authnReqBuilder = LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) + .build()); + + proxyService.setiLightRequest(authnReqBuilder.build()); + + //validate state + EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class, + () -> controller.receiveEidasAuthnRequest(httpReq, httpResp)); + Assert.assertEquals("wrong errorCode", "eidas.proxyservice.08", exception.getErrorId()); } + @Test + public void requestLegalPersonButNoMandates() throws IOException, EaafException { + //initialize state + httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); + String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + LightRequest.Builder authnReqBuilder = LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .spCountryCode(spCountryCode) + .spType("public") + .requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build()); + + proxyService.setiLightRequest(authnReqBuilder.build()); + + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "false"); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, + StringUtils.join(Arrays.asList( + RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); + + //validate state + EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class, + () -> controller.receiveEidasAuthnRequest(httpReq, httpResp)); + Assert.assertEquals("wrong errorCode", "eidas.proxyservice.09", exception.getErrorId()); + + } + @Test public void validAuthnRequest() throws IOException, EaafException { //initialize state @@ -143,10 +277,20 @@ public class EidasProxyServiceControllerTest { .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) .spCountryCode(spCountryCode) - .spType("public"); + .spType("public") + .requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build()); proxyService.setiLightRequest(authnReqBuilder.build()); + + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "false"); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, + StringUtils.join(Arrays.asList( + RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); + + //execute controller.receiveEidasAuthnRequest(httpReq, httpResp); @@ -168,8 +312,12 @@ public class EidasProxyServiceControllerTest { pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class); Assert.assertNotNull("uniqueId", spConfig.getUniqueIdentifier()); Assert.assertEquals("uniqueId wrong pattern", + authnReqBuilder.build().getIssuer(), + spConfig.getUniqueIdentifier()); + Assert.assertEquals("friendlyName wrong pattern", MessageFormat.format(MsProxyServiceConstants.TEMPLATE_SP_UNIQUE_ID, spCountryCode, "public"), - spConfig.getUniqueIdentifier()); + spConfig.getFriendlyName()); + Assert.assertEquals("uniqueId not match to pendingReq", pendingReq.getSpEntityId(), spConfig.getUniqueIdentifier()); Assert.assertNotNull("bpkTarget", spConfig.getAreaSpecificTargetIdentifier()); @@ -179,11 +327,12 @@ public class EidasProxyServiceControllerTest { assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); assertTrue("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); - + assertEquals("MandateMode", SpMandateModes.NONE, spConfig.getMandateMode()); + } @Test - public void validAuthnRequestWithMandatesDefaultProfiles() throws IOException, EaafException { + public void validAuthnRequestWithMandatesDefaultProfilesNat() throws IOException, EaafException { //initialize state httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); @@ -193,15 +342,23 @@ public class EidasProxyServiceControllerTest { .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) .spCountryCode(spCountryCode) - .spType("public"); + .spType("public") + .requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build()); + proxyService.setiLightRequest(authnReqBuilder.build()); - List mandateProfiles = + List mandateProfilesNat = + Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + List mandateProfilesJur = Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT, - StringUtils.join(mandateProfiles, ",")); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, + StringUtils.join(mandateProfilesNat, ",")); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, + StringUtils.join(mandateProfilesJur, ",")); //execute controller.receiveEidasAuthnRequest(httpReq, httpResp); @@ -211,14 +368,15 @@ public class EidasProxyServiceControllerTest { authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); - assertEquals("mandateprofile size", mandateProfiles.size(), spConfig.getMandateProfiles().size()); + assertEquals("mandateprofile size", mandateProfilesNat.size(), spConfig.getMandateProfiles().size()); spConfig.getMandateProfiles().stream() - .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfiles.contains(el))); + .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfilesNat.contains(el))); + assertEquals("MandateMode", SpMandateModes.NATURAL, spConfig.getMandateMode()); } @Test - public void validAuthnRequestWithMandatesCountryProfiles() throws IOException, EaafException { + public void validAuthnRequestWithMandatesDefaultProfilesJur() throws IOException, EaafException { //initialize state httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); @@ -228,28 +386,168 @@ public class EidasProxyServiceControllerTest { .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) .spCountryCode(spCountryCode) - .spType("public"); + .spType("public") + .requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build()); + proxyService.setiLightRequest(authnReqBuilder.build()); - List mandateProfiles = + List mandateProfilesNat = Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); - List mandateProfilesCc1 = + List mandateProfilesJur = Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); - List mandateProfilesCc2 = + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, + StringUtils.join(mandateProfilesNat, ",")); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, + StringUtils.join(mandateProfilesJur, ",")); + + //execute + controller.receiveEidasAuthnRequest(httpReq, httpResp); + + //validate state + ServiceProviderConfiguration spConfig = + authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); + assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); + assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); + assertEquals("mandateprofile size", mandateProfilesJur.size(), spConfig.getMandateProfiles().size()); + spConfig.getMandateProfiles().stream() + .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfilesJur.contains(el))); + assertEquals("MandateMode", SpMandateModes.LEGAL_FORCE, spConfig.getMandateMode()); + + } + + @Test + public void validAuthnRequestWithMandatesDefaultNoJurProfiles() throws IOException, EaafException { + //initialize state + httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); + String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + LightRequest.Builder authnReqBuilder = LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .spCountryCode(spCountryCode) + .spType("public") + .requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build()); + + + proxyService.setiLightRequest(authnReqBuilder.build()); + + List mandateProfilesNat = Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT, + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, + StringUtils.join(mandateProfilesNat, ",")); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, ""); + + //validate state + EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class, + () -> controller.receiveEidasAuthnRequest(httpReq, httpResp)); + Assert.assertEquals("wrong errorCode", "eidas.proxyservice.10", exception.getErrorId()); + + } + + @Test + public void validAuthnRequestIssueSpecificNoMandates() throws IOException, EaafException { + //initialize state + httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); + + String issuer = RandomStringUtils.randomAlphabetic(10); + LightRequest.Builder authnReqBuilder = LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(issuer) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .spType("public") + .requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build()); + + proxyService.setiLightRequest(authnReqBuilder.build()); + + + // set default mandate configuration + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, + StringUtils.join(Arrays.asList( + RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, + StringUtils.join(Arrays.asList( + RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); + + // set specific mandate configuration + String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_UNIQUEID, issuer); + addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_COUNTRYCODE, spCountryCode); + addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_ENABLED, "false"); + + List mandateProfiles = + Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL, StringUtils.join(mandateProfiles, ",")); + addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL, + StringUtils.join(Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); + + //execute + controller.receiveEidasAuthnRequest(httpReq, httpResp); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_SPECIFIC - + RandomStringUtils.randomAlphabetic(2).toLowerCase(), - StringUtils.join(mandateProfilesCc1, ",")); - config.putConfigValue( - MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_SPECIFIC + spCountryCode.toLowerCase(), - StringUtils.join(mandateProfilesCc2, ",")); + //validate state + ServiceProviderConfiguration spConfig = + authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); + assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); + assertTrue("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); + assertEquals("MandateMode", SpMandateModes.NONE, spConfig.getMandateMode()); + + } + + @Test + public void validAuthnRequestIssueSpecificMandatesNat() throws IOException, EaafException { + //initialize state + httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); + String issuer = "https://apps.egiz.gv.at/EidasNode//ConnectorMetadata"; + LightRequest.Builder authnReqBuilder = LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(issuer) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .spType("public") + .requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build()); + proxyService.setiLightRequest(authnReqBuilder.build()); + + + // set default mandate configuration + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "false"); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, + StringUtils.join(Arrays.asList( + RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, + StringUtils.join(Arrays.asList( + RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); + + // set specific mandate configuration + String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_UNIQUEID, issuer); + addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_COUNTRYCODE, spCountryCode); + addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_ENABLED, "true"); + + List mandateProfiles = + Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL, + StringUtils.join(mandateProfiles, ",")); + addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL, + StringUtils.join(Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); + //execute controller.receiveEidasAuthnRequest(httpReq, httpResp); @@ -260,8 +558,74 @@ public class EidasProxyServiceControllerTest { assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); assertEquals("mandateprofile size", mandateProfiles.size(), spConfig.getMandateProfiles().size()); spConfig.getMandateProfiles().stream() - .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfilesCc2.contains(el))); + .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfiles.contains(el))); + assertEquals("MandateMode", SpMandateModes.NATURAL, spConfig.getMandateMode()); + + } + + @Test + public void validAuthnRequestIssueSpecificMandatesJur() throws IOException, EaafException { + //initialize state + httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); + + String issuer = RandomStringUtils.randomAlphabetic(10); + LightRequest.Builder authnReqBuilder = LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(issuer) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .spType("public") + .requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build()); + + proxyService.setiLightRequest(authnReqBuilder.build()); + + + // set default mandate configuration + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, + StringUtils.join(Arrays.asList( + RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, + StringUtils.join(Arrays.asList( + RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); + + // set specific mandate configuration + String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_UNIQUEID, issuer); + addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_COUNTRYCODE, spCountryCode); + addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_ENABLED, "true"); + + List mandateProfiles = + Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL, + StringUtils.join(mandateProfiles, ",")); + addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL, + StringUtils.join(Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); + + //execute + controller.receiveEidasAuthnRequest(httpReq, httpResp); + + //validate state + ServiceProviderConfiguration spConfig = + authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); + assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); + assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); + assertEquals("mandateprofile size", mandateProfiles.size(), spConfig.getMandateProfiles().size()); + spConfig.getMandateProfiles().stream() + .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfiles.contains(el))); + assertEquals("MandateMode", SpMandateModes.LEGAL_FORCE, spConfig.getMandateMode()); + + } + + private void addConnectorConfig(int i, String key, String value) { + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_PREFIX + String.valueOf(i) + "." + key, + value); } } + + -- cgit v1.2.3 From 94327cc9170639bcbceb2c9acc55351858e050e1 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 25 May 2021 15:17:56 +0200 Subject: add configuration-property to set ID Austria stage of a each eIDAS Connector --- .../src/main/resources/application.properties | 1 + .../auth/idaustria/IdAustriaAuthConstants.java | 7 ++++ .../tasks/ReceiveFromIdAustriaSystemTask.java | 5 ++- .../tasks/RequestIdAustriaSystemTask.java | 5 ++- .../modules/auth/idaustria/utils/Utils.java | 44 ++++++++++++++++++++++ 5 files changed, 58 insertions(+), 4 deletions(-) create mode 100644 eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/utils/Utils.java (limited to 'connector/src/main') diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index e4f30544..e3bbedd1 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -198,6 +198,7 @@ eidas.ms.auth.eIDAS.proxy.mandates.enabled=false #eidas.ms.connector.0.mandates.enabled=false #eidas.ms.connector.0.mandates.natural= #eidas.ms.connector.0.mandates.legal= +#eidas.ms.connector.0.auth.idaustria.entityId= ## PVP2 S-Profile communication with ID Austria System diff --git a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/IdAustriaAuthConstants.java b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/IdAustriaAuthConstants.java index 982bfb4f..afe7f962 100644 --- a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/IdAustriaAuthConstants.java +++ b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/IdAustriaAuthConstants.java @@ -71,6 +71,13 @@ public class IdAustriaAuthConstants { public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + "required.additional.attributes"; + + /** + * SP specific EntityId of the ID Austria. + */ + public static final String CONFIG_PROPS_APPSPECIFIC_IDAUSTRIA_NODE_URL = "auth.idaustria.entityId"; + + public static final List> DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES = Collections.unmodifiableList(new ArrayList>() { private static final long serialVersionUID = 1L; diff --git a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java index 2141fee8..f044c259 100644 --- a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java +++ b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java @@ -19,6 +19,7 @@ import org.springframework.beans.factory.annotation.Autowired; import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants; import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider; import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.auth.idaustria.utils.Utils; import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -143,8 +144,8 @@ public class ReceiveFromIdAustriaSystemTask extends AbstractAuthServletTask { } else { // validate entityId of response - final String idAustriaEntityID = authConfig.getBasicConfiguration( - IdAustriaAuthConstants.CONFIG_PROPS_IDAUSTRIA_ENTITYID); + final String idAustriaEntityID = + Utils.getIdAustriaEntityId(pendingReq.getServiceProviderConfiguration(), authConfig); final String respEntityId = msg.getEntityID(); if (!idAustriaEntityID.equals(respEntityId)) { log.warn("Response Issuer is not a 'ID Austria System'. Stopping eIDAS authentication ..."); diff --git a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java index 0c91345f..282b452b 100644 --- a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java +++ b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java @@ -19,6 +19,7 @@ import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants; import at.asitplus.eidas.specific.modules.auth.idaustria.config.IdAustriaAuthRequestBuilderConfiguration; import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider; import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.auth.idaustria.utils.Utils; import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePendingRequest; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; @@ -70,8 +71,8 @@ public class RequestIdAustriaSystemTask extends AbstractAuthServletTask { //revisionsLogger.logEvent(pendingReq, EidasAuthEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_SELECTED); // get entityID for central ID Austria system - final String idAustriaEntityID = authConfig.getBasicConfiguration( - IdAustriaAuthConstants.CONFIG_PROPS_IDAUSTRIA_ENTITYID); + final String idAustriaEntityID = + Utils.getIdAustriaEntityId(pendingReq.getServiceProviderConfiguration(), authConfig); if (StringUtils.isEmpty(idAustriaEntityID)) { log.info("ID Austria authentication not possible -> NO EntityID for central central ID Austria System FOUND!"); throw new EaafConfigurationException(IdAustriaAuthConstants.ERRORTYPE_00, diff --git a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/utils/Utils.java b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/utils/Utils.java new file mode 100644 index 00000000..1de6c33f --- /dev/null +++ b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/utils/Utils.java @@ -0,0 +1,44 @@ +package at.asitplus.eidas.specific.modules.auth.idaustria.utils; + +import javax.annotation.Nullable; + +import org.apache.commons.lang3.StringUtils; + +import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; + +public class Utils { + + /** + * Get the EntityId of the ID Austria system that + * should be used in this process. + * + * @param spConfiguration Service-Provider configuration that can include + * {@linkplain IdAustriaAuthConstants.CONFIG_PROPS_APPSPECIFIC_IDAUSTRIA_NODE_URL} + * @param authConfig Basic application configuration that include + * {@linkplain IdAustriaAuthConstants.CONFIG_PROPS_IDAUSTRIA_ENTITYID} + * @return EntityId, or null if no EntityId was found in configuration + */ + @Nullable + public static String getIdAustriaEntityId( + ISpConfiguration spConfiguration, IConfiguration authConfig) { + // load from service-provider configuration + String msNodeEntityID = spConfiguration.getConfigurationValue( + IdAustriaAuthConstants.CONFIG_PROPS_APPSPECIFIC_IDAUSTRIA_NODE_URL); + + if (StringUtils.isEmpty(msNodeEntityID)) { + msNodeEntityID = authConfig.getBasicConfiguration( + IdAustriaAuthConstants.CONFIG_PROPS_IDAUSTRIA_ENTITYID); + + } + + return msNodeEntityID; + } + + private Utils() { + //hide constructor of private class + + } + +} -- cgit v1.2.3 From cb2ec2a6deaf92036f3dc9b3dc12a6a9ba6d9099 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Fri, 28 May 2021 13:39:30 +0200 Subject: change log level in transaction store --- .../specific/connector/storage/EidasCacheTransactionStoreDecorator.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'connector/src/main') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/EidasCacheTransactionStoreDecorator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/EidasCacheTransactionStoreDecorator.java index 1ea5a280..634b3797 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/EidasCacheTransactionStoreDecorator.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/EidasCacheTransactionStoreDecorator.java @@ -171,7 +171,7 @@ public class EidasCacheTransactionStoreDecorator implements ITransactionStorage, @Override public void remove(String key) { if (containsKey(key)) { - log.debug("Remove element with key: " + key + " from " + ITransactionStorage.class.getName()); + log.trace("Remove element with key: " + key + " from " + ITransactionStorage.class.getName()); boolean delResult = storage.remove(key); log.trace("Object: {} removed from cache: {}", key, delResult); -- cgit v1.2.3 From 04024b007f29c0261c6b231e71877df60f9703b2 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Fri, 25 Jun 2021 10:24:06 +0200 Subject: fix bug in combination with EidasNode v2.5 and DE Middleware --- connector/src/main/resources/application.properties | 1 - 1 file changed, 1 deletion(-) (limited to 'connector/src/main') diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index e3bbedd1..13216e92 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -94,7 +94,6 @@ eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll=true ## set provider name for all public SPs eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=false - #eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat= eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high -- cgit v1.2.3 From 8bc8fb35e950e2e956e2bdca708c6f4aad380167 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 6 Jul 2021 17:04:12 +0200 Subject: set default NameIDFormat to unspecified to fix problems with DE middleware 1.2.x --- connector/src/main/resources/application.properties | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'connector/src/main') diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index 13216e92..74e86aed 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -94,7 +94,9 @@ eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll=true ## set provider name for all public SPs eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=false -#eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat= +## set NameIdPolicy to 'unspecified' as work-around for DE Middleware v1.2.x +eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high #eidas.ms.auth.eIDAS.szrclient.useTestService=true -- cgit v1.2.3 From 81ec57b676488700c38b6059fe56d905eba0ae6a Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Wed, 14 Jul 2021 17:08:20 +0200 Subject: update StatusMessageProvider to Spring based form to use message properties from modules --- .../connector/provider/StatusMessageProvider.java | 95 ++++++++++++++++------ 1 file changed, 69 insertions(+), 26 deletions(-) (limited to 'connector/src/main') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java index e83d9d49..5565bc63 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java @@ -31,13 +31,18 @@ import java.util.ResourceBundle; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.context.MessageSource; +import org.springframework.context.MessageSourceAware; +import org.springframework.context.NoSuchMessageException; +import org.springframework.context.i18n.LocaleContextHolder; import org.springframework.stereotype.Service; import at.gv.egiz.eaaf.core.api.IStatusMessenger; import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory; @Service("StatusMessageProvider") -public class StatusMessageProvider implements IStatusMessenger { +public class StatusMessageProvider implements IStatusMessenger, MessageSourceAware { private static final Logger log = LoggerFactory.getLogger(StatusMessageProvider.class); private static final String ERROR_MESSAGES_UNAVAILABLE = @@ -48,49 +53,78 @@ public class StatusMessageProvider implements IStatusMessenger { "External error-codes can NOT be load from application. Only internal errorCode: {0} is availabe"; private static final String ERROR_NO_EXTERNALERROR_CODE = "No external error for internal error with number.={0}"; - - // internal messanges - private static final String DEFAULT_MESSAGE_RESOURCES = "properties/status_messages_en"; - private static final Locale DEFAULT_MESSAGE_LOCALES = new Locale("en", "GB"); - private ResourceBundle messages; - + private static final String MSG_WARN_NO_SOURCE = "MessageCode: {} is NOT SET for locale: {}"; + private static final String MSG_INFO = "Use locale: {} as default"; + // external error codes private static final String DEFAULT_EXTERNALERROR_RESOURCES = "properties/external_statuscodes_map"; private static final Locale DEFAULT_EXTERNALERROR_LOCALES = new Locale("en", "GB"); private ResourceBundle externalError = null; + //internal messanges + private MessageSource messageSource; + @Override - public String getMessageWithoutDefault(String messageId, Object[] parameters) { - // initialize messages - if (messages == null) { - this.messages = ResourceBundle.getBundle( - DEFAULT_MESSAGE_RESOURCES, - DEFAULT_MESSAGE_LOCALES); + public String getMessageWithoutDefault(final String messageId, final Object[] parameters) { + if (messageSource == null) { + return null; - } + } else { + try { + final Locale locale = LocaleContextHolder.getLocale(); + return messageSource.getMessage(messageId, parameters, locale); - // create the message - if (messages == null) { - return MessageFormat.format(ERROR_MESSAGES_UNAVAILABLE, new Object[] { messageId }); + } catch (final NoSuchMessageException e) { + log.info(MSG_WARN_NO_SOURCE, messageId, LocaleContextHolder.getLocale()); + log.debug(MSG_INFO, Locale.ENGLISH); - } else { - final String rawMessage = messages.getString(messageId); - return MessageFormat.format(rawMessage, parameters); + try { + return messageSource.getMessage(messageId, parameters, Locale.ENGLISH); + + } catch (final NoSuchMessageException e2) { + log.info(MSG_WARN_NO_SOURCE, messageId, Locale.ENGLISH); + + } + } catch (final MissingResourceException e2) { + log.warn("No message source", e2); + + } } + + return null; + } @Override - public String getMessage(String messageId, Object[] parameters) { - try { - return getMessageWithoutDefault(messageId, parameters); + public String getMessage(final String messageId, final Object[] parameters) { + if (messageSource == null) { + return MessageFormat.format(ERROR_MESSAGES_UNAVAILABLE, new Object[]{messageId}); + + } else { + try { + final Locale locale = LocaleContextHolder.getLocale(); + return messageSource.getMessage(messageId, parameters, locale); + + } catch (final NoSuchMessageException e) { + log.info(MSG_WARN_NO_SOURCE, messageId, LocaleContextHolder.getLocale()); + log.debug(MSG_INFO, Locale.ENGLISH); + + try { + return messageSource.getMessage(messageId, parameters, Locale.ENGLISH); + + } catch (final NoSuchMessageException e2) { + return MessageFormat.format(ERROR_NO_MESSAGE, new Object[]{messageId}); + + } - } catch (final MissingResourceException e2) { - return MessageFormat.format(ERROR_NO_MESSAGE, new Object[] { messageId }); + } catch (final MissingResourceException e2) { + return MessageFormat.format(ERROR_NO_MESSAGE, new Object[]{messageId}); + } } } - + @Override public String getResponseErrorCode(Throwable throwable) { String errorCode = IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; @@ -136,4 +170,13 @@ public class StatusMessageProvider implements IStatusMessenger { } } + @Override + public void setMessageSource(MessageSource messageSource) { + this.messageSource = messageSource; + + log.info("Injecting 'StatusMessanger' into 'LogMessageProviderFactory'"); + LogMessageProviderFactory.setStatusMessager(this); + + } + } -- cgit v1.2.3 From 300bd1b44f521a2b33c259be1f8d21eba58c1a31 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 8 Mar 2022 13:41:31 +0100 Subject: refactor(core): split 'ms-connector' WebApp into 'core' and 'ms-connector' to reuse some code for 'ms-proxy' WebApp --- build_reporting/pom.xml | 5 + connector/pom.xml | 12 +- .../MsSpecificEidasNodeSpringResourceProvider.java | 10 +- .../connector/SpringContextCloseHandler.java | 170 ------ .../attributes/AuthBlockAttributeBuilder.java | 4 +- .../attributes/EidasBindAttributeBuilder.java | 13 +- .../connector/auth/AuthenticationManager.java | 60 -- .../builder/AuthenticationDataBuilder.java | 257 --------- .../connector/config/PvpEndPointConfiguration.java | 2 +- .../connector/config/PvpMetadataConfiguration.java | 2 +- .../config/StaticResourceConfiguration.java | 220 ------- .../controller/ProcessEngineSignalController.java | 2 +- .../connector/controller/Pvp2SProfileEndpoint.java | 2 +- .../health/EidasNodeMetadataHealthIndicator.java | 69 --- .../health/IgniteClusterHealthIndicator.java | 52 -- .../WebFrontEndSecurityInterceptor.java | 90 --- .../specific/connector/logger/RevisionLogger.java | 110 ---- .../specific/connector/logger/StatisticLogger.java | 141 ----- .../specific/connector/mapper/LoALevelMapper.java | 60 -- .../processes/CountrySelectionProcessImpl.java | 2 +- .../tasks/EvaluateCountrySelectionTask.java | 2 +- .../tasks/GenerateCountrySelectionFrameTask.java | 6 +- .../provider/PvpEndPointCredentialProvider.java | 2 +- .../connector/provider/PvpMetadataProvider.java | 2 +- .../connector/provider/StatusMessageProvider.java | 182 ------ .../connector/storage/CacheWithEidasBackend.java | 35 -- .../EidasCacheTransactionStoreDecorator.java | 180 ------ .../storage/SimpleInMemoryTransactionStorage.java | 169 ------ .../connector/storage/TransactionStoreElement.java | 70 --- .../verification/AuthnRequestValidator.java | 4 +- .../src/main/resources/applicationContext.xml | 19 +- .../resources/specific_eIDAS_connector.beans.xml | 45 +- .../specific_eIDAS_connector.storage.beans.xml | 52 -- .../attributes/AuthBlockAttributeBuilderTest.java | 8 +- .../attributes/EidasBindAttributeBuilderTest.java | 9 +- .../test/config/BasicConfigurationTest.java | 4 +- .../ProcessEngineSignalControllerTest.java | 2 +- ...sNodeMetadataHealthIndicatorNoEndpointTest.java | 70 --- .../EidasNodeMetadataHealthIndicatorTest.java | 102 ---- .../test/saml2/Pvp2SProfileEndPointTest.java | 4 +- .../task/EvaluateCountrySelectionTaskTest.java | 4 +- .../GenerateCountrySelectionFrameTaskTest.java | 2 +- .../test/utils/AuthenticationDataBuilderTest.java | 636 --------------------- .../test/utils/AuthnRequestValidatorTest.java | 8 +- .../utils/CountrySelectionProcessImplTest.java | 2 +- .../src/test/resources/config/logback_config.xml | 4 +- .../spring/SpringTest-context_basic_test.xml | 22 - .../spring/SpringTest-context_healthcheck.xml | 22 - .../spring/SpringTest-context_simple_storage.xml | 15 - .../spring/SpringTest_connector.beans.xml | 61 +- core_common_lib/pom.xml | 2 +- .../specific/connector/MsConnectorEventCodes.java | 52 -- .../specific/connector/MsEidasNodeConstants.java | 179 ------ .../config/BasicConfigurationProvider.java | 155 ----- .../config/ServiceProviderConfiguration.java | 171 ------ .../SpringBootBasicConfigurationProvider.java | 122 ---- .../gui/DefaultVelocityGuiBuilderImpl.java | 77 --- .../gui/GuiBuilderConfigurationFactory.java | 69 --- .../gui/StaticGuiBuilderConfiguration.java | 148 ----- .../eidas/specific/core/MsConnectorEventCodes.java | 52 ++ .../eidas/specific/core/MsEidasNodeConstants.java | 229 ++++++++ .../core/config/BasicConfigurationProvider.java | 155 +++++ .../core/config/ServiceProviderConfiguration.java | 171 ++++++ .../SpringBootBasicConfigurationProvider.java | 122 ++++ .../core/gui/DefaultVelocityGuiBuilderImpl.java | 77 +++ .../core/gui/GuiBuilderConfigurationFactory.java | 69 +++ .../core/gui/StaticGuiBuilderConfiguration.java | 148 +++++ .../test/config/BasicConfigProviderTest.java | 156 ----- .../config/ServiceProviderConfigurationTest.java | 54 -- .../SpringBootBasicConfigurationProviderTest.java | 148 ----- .../config/dummy/MsConnectorDummyConfigMap.java | 120 ---- .../dummy/MsConnectorDummySpConfiguration.java | 28 - .../core/test/config/BasicConfigProviderTest.java | 156 +++++ .../config/ServiceProviderConfigurationTest.java | 54 ++ .../SpringBootBasicConfigurationProviderTest.java | 148 +++++ .../config/dummy/MsConnectorDummyConfigMap.java | 120 ++++ .../dummy/MsConnectorDummySpConfiguration.java | 28 + .../SpringTest-context_basic_realConfig.xml | 4 +- core_common_webapp/checks/spotbugs-exclude.xml | 12 + core_common_webapp/pom.xml | 137 +++++ .../specific/core/SpringContextCloseHandler.java | 170 ++++++ .../specific/core/auth/AuthenticationManager.java | 60 ++ .../core/builder/AuthenticationDataBuilder.java | 255 +++++++++ .../core/config/StaticResourceConfiguration.java | 220 +++++++ .../health/EidasNodeMetadataHealthIndicator.java | 69 +++ .../core/health/IgniteClusterHealthIndicator.java | 52 ++ .../WebFrontEndSecurityInterceptor.java | 90 +++ .../eidas/specific/core/logger/RevisionLogger.java | 110 ++++ .../specific/core/logger/StatisticLogger.java | 141 +++++ .../eidas/specific/core/mapper/LoALevelMapper.java | 60 ++ .../core/provider/StatusMessageProvider.java | 182 ++++++ .../core/storage/CacheWithEidasBackend.java | 35 ++ .../EidasCacheTransactionStoreDecorator.java | 180 ++++++ .../storage/SimpleInMemoryTransactionStorage.java | 169 ++++++ .../core/storage/TransactionStoreElement.java | 70 +++ .../main/resources/specific_eIDAS_core.beans.xml | 61 ++ .../specific_eIDAS_core_storage.beans.xml | 39 ++ ...sNodeMetadataHealthIndicatorNoEndpointTest.java | 70 +++ .../EidasNodeMetadataHealthIndicatorTest.java | 102 ++++ .../test/utils/AuthenticationDataBuilderTest.java | 635 ++++++++++++++++++++ .../config/junit_config_1_springboot.properties | 113 ++++ .../config/junit_config_2_springboot.properties | 113 ++++ .../resources/config/junit_config_3.properties | 148 +++++ .../src/test/resources/config/log4j.properties | 54 ++ .../src/test/resources/data/metadata_valid.xml | 106 ++++ .../src/test/resources/data/test_idl_1.xml | 46 ++ .../spring/SpringTest-context_basic_test.xml | 22 + .../spring/SpringTest-context_healthcheck.xml | 22 + .../spring/SpringTest-context_simple_storage.xml | 15 + .../resources/spring/SpringTest_core.beans.xml | 70 +++ .../spring/SpringTest_core_config.beans.xml | 25 + eidas_modules/authmodule-eIDAS-v2/pom.xml | 2 +- .../specific/modules/auth/eidas/v2/Constants.java | 5 - .../eidas/v2/EidasAuthenticationModulImpl.java | 2 +- .../eidas/v2/service/AuthBlockSigningService.java | 2 +- .../eidas/v2/tasks/CreateIdentityLinkTask.java | 8 +- .../eidas/v2/tasks/GenerateAuthnRequestTask.java | 6 +- .../eidas/v2/tasks/ReceiveAuthnResponseTask.java | 4 +- .../v2/test/EidasAuthenticationModulImplTest.java | 2 +- .../auth/eidas/v2/test/EidasSignalServletTest.java | 6 +- .../modules/auth/eidas/v2/test/SzrClientTest.java | 2 +- .../tasks/CreateIdentityLinkTaskEidNewTest.java | 14 +- .../v2/test/tasks/CreateIdentityLinkTaskTest.java | 26 +- .../test/tasks/GenerateAuthnRequestTaskTest.java | 4 +- .../test/tasks/ReceiveEidasResponseTaskTest.java | 8 +- .../EidasRequestPreProcessingSecondTest.java | 2 +- .../validation/EidasResponseValidatorTest.java | 6 +- .../SpringTest-context_basic_mapConfig.xml | 2 +- .../SpringTest-context_basic_realConfig.xml | 2 +- eidas_modules/authmodule_id-austria/pom.xml | 4 +- .../auth/idaustria/IdAustriaAuthConstants.java | 37 +- .../tasks/ReceiveFromIdAustriaSystemTask.java | 4 +- .../tasks/RequestIdAustriaSystemTask.java | 2 +- .../IdAustriaAuthMetadataControllerFirstTest.java | 2 +- .../test/task/ReceiveAuthnResponseTaskTest.java | 18 +- .../test/task/RequestIdAustriaSystemTaskTest.java | 4 +- .../utils/IdAustriaAuthCredentialProviderTest.java | 2 +- .../IdAustriaAuthMetadataProviderFirstTest.java | 2 +- .../spring/SpringTest-context_basic_mapConfig.xml | 2 +- eidas_modules/eidas_proxy-sevice/pom.xml | 2 +- .../msproxyservice/MsProxyServiceConstants.java | 11 - .../protocol/EidasProxyServiceController.java | 4 +- .../protocol/ProxyServiceAuthenticationAction.java | 13 +- .../protocol/EidasProxyServiceControllerTest.java | 4 +- .../ProxyServiceAuthenticationActionTest.java | 44 +- .../spring/SpringTest-context_basic_mapConfig.xml | 2 +- pom.xml | 15 +- 147 files changed, 5378 insertions(+), 4590 deletions(-) delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/SpringContextCloseHandler.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/auth/AuthenticationManager.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/config/StaticResourceConfiguration.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/health/EidasNodeMetadataHealthIndicator.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/health/IgniteClusterHealthIndicator.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/logger/RevisionLogger.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/logger/StatisticLogger.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/mapper/LoALevelMapper.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/storage/CacheWithEidasBackend.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/storage/EidasCacheTransactionStoreDecorator.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/storage/SimpleInMemoryTransactionStorage.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/storage/TransactionStoreElement.java delete mode 100644 connector/src/main/resources/specific_eIDAS_connector.storage.beans.xml delete mode 100644 connector/src/test/java/at/asitplus/eidas/specific/connector/test/health/EidasNodeMetadataHealthIndicatorNoEndpointTest.java delete mode 100644 connector/src/test/java/at/asitplus/eidas/specific/connector/test/health/EidasNodeMetadataHealthIndicatorTest.java delete mode 100644 connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java delete mode 100644 connector/src/test/resources/spring/SpringTest-context_basic_test.xml delete mode 100644 connector/src/test/resources/spring/SpringTest-context_healthcheck.xml delete mode 100644 connector/src/test/resources/spring/SpringTest-context_simple_storage.xml delete mode 100644 core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/MsConnectorEventCodes.java delete mode 100644 core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java delete mode 100644 core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/config/BasicConfigurationProvider.java delete mode 100644 core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java delete mode 100644 core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/config/SpringBootBasicConfigurationProvider.java delete mode 100644 core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/DefaultVelocityGuiBuilderImpl.java delete mode 100644 core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/GuiBuilderConfigurationFactory.java delete mode 100644 core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/StaticGuiBuilderConfiguration.java create mode 100644 core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsConnectorEventCodes.java create mode 100644 core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsEidasNodeConstants.java create mode 100644 core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/BasicConfigurationProvider.java create mode 100644 core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/ServiceProviderConfiguration.java create mode 100644 core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/SpringBootBasicConfigurationProvider.java create mode 100644 core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/DefaultVelocityGuiBuilderImpl.java create mode 100644 core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/GuiBuilderConfigurationFactory.java create mode 100644 core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/StaticGuiBuilderConfiguration.java delete mode 100644 core_common_lib/src/test/java/at/asitplus/eidas/specific/connector/test/config/BasicConfigProviderTest.java delete mode 100644 core_common_lib/src/test/java/at/asitplus/eidas/specific/connector/test/config/ServiceProviderConfigurationTest.java delete mode 100644 core_common_lib/src/test/java/at/asitplus/eidas/specific/connector/test/config/SpringBootBasicConfigurationProviderTest.java delete mode 100644 core_common_lib/src/test/java/at/asitplus/eidas/specific/connector/test/config/dummy/MsConnectorDummyConfigMap.java delete mode 100644 core_common_lib/src/test/java/at/asitplus/eidas/specific/connector/test/config/dummy/MsConnectorDummySpConfiguration.java create mode 100644 core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/BasicConfigProviderTest.java create mode 100644 core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/ServiceProviderConfigurationTest.java create mode 100644 core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/SpringBootBasicConfigurationProviderTest.java create mode 100644 core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/dummy/MsConnectorDummyConfigMap.java create mode 100644 core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/dummy/MsConnectorDummySpConfiguration.java create mode 100644 core_common_webapp/checks/spotbugs-exclude.xml create mode 100644 core_common_webapp/pom.xml create mode 100644 core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/SpringContextCloseHandler.java create mode 100644 core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/auth/AuthenticationManager.java create mode 100644 core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java create mode 100644 core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/config/StaticResourceConfiguration.java create mode 100644 core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/health/EidasNodeMetadataHealthIndicator.java create mode 100644 core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/health/IgniteClusterHealthIndicator.java create mode 100644 core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/interceptor/WebFrontEndSecurityInterceptor.java create mode 100644 core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/logger/RevisionLogger.java create mode 100644 core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/logger/StatisticLogger.java create mode 100644 core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/mapper/LoALevelMapper.java create mode 100644 core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/provider/StatusMessageProvider.java create mode 100644 core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/CacheWithEidasBackend.java create mode 100644 core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/EidasCacheTransactionStoreDecorator.java create mode 100644 core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/SimpleInMemoryTransactionStorage.java create mode 100644 core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/TransactionStoreElement.java create mode 100644 core_common_webapp/src/main/resources/specific_eIDAS_core.beans.xml create mode 100644 core_common_webapp/src/main/resources/specific_eIDAS_core_storage.beans.xml create mode 100644 core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/health/EidasNodeMetadataHealthIndicatorNoEndpointTest.java create mode 100644 core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/health/EidasNodeMetadataHealthIndicatorTest.java create mode 100644 core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/utils/AuthenticationDataBuilderTest.java create mode 100644 core_common_webapp/src/test/resources/config/junit_config_1_springboot.properties create mode 100644 core_common_webapp/src/test/resources/config/junit_config_2_springboot.properties create mode 100644 core_common_webapp/src/test/resources/config/junit_config_3.properties create mode 100644 core_common_webapp/src/test/resources/config/log4j.properties create mode 100644 core_common_webapp/src/test/resources/data/metadata_valid.xml create mode 100644 core_common_webapp/src/test/resources/data/test_idl_1.xml create mode 100644 core_common_webapp/src/test/resources/spring/SpringTest-context_basic_test.xml create mode 100644 core_common_webapp/src/test/resources/spring/SpringTest-context_healthcheck.xml create mode 100644 core_common_webapp/src/test/resources/spring/SpringTest-context_simple_storage.xml create mode 100644 core_common_webapp/src/test/resources/spring/SpringTest_core.beans.xml create mode 100644 core_common_webapp/src/test/resources/spring/SpringTest_core_config.beans.xml (limited to 'connector/src/main') diff --git a/build_reporting/pom.xml b/build_reporting/pom.xml index 5fd66372..a4528495 100644 --- a/build_reporting/pom.xml +++ b/build_reporting/pom.xml @@ -17,6 +17,11 @@ at.asitplus.eidas.ms_specific core_common_lib + + at.asitplus.eidas.ms_specific + core_common_webapp + ${egiz.eidas.version} + at.asitplus.eidas.ms_specific.modules authmodule-eIDAS-v2 diff --git a/connector/pom.xml b/connector/pom.xml index 4b295e30..c2e7534b 100644 --- a/connector/pom.xml +++ b/connector/pom.xml @@ -52,6 +52,10 @@ at.asitplus.eidas.ms_specific core_common_lib + + at.asitplus.eidas.ms_specific + core_common_webapp + at.asitplus.eidas.ms_specific.modules authmodule-eIDAS-v2 @@ -166,7 +170,13 @@ authmodule-eIDAS-v2 test test-jar - + + + at.asitplus.eidas.ms_specific + core_common_webapp + test + test-jar + org.springframework.boot spring-boot-starter-tomcat diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificEidasNodeSpringResourceProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificEidasNodeSpringResourceProvider.java index 40ed283b..45e5c7d4 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificEidasNodeSpringResourceProvider.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificEidasNodeSpringResourceProvider.java @@ -33,14 +33,12 @@ public class MsSpecificEidasNodeSpringResourceProvider implements SpringResource @Override public Resource[] getResourcesToLoad() { final ClassPathResource generic = - new ClassPathResource("/applicationContext.xml", MsSpecificEidasNodeSpringResourceProvider.class); - + new ClassPathResource("/applicationContext.xml", MsSpecificEidasNodeSpringResourceProvider.class); final ClassPathResource msEidasNode = new ClassPathResource( "/specific_eIDAS_connector.beans.xml", MsSpecificEidasNodeSpringResourceProvider.class); + + return new Resource[] { generic, msEidasNode}; - final ClassPathResource msEidasNodeStorage = new ClassPathResource( - "/specific_eIDAS_connector.storage.beans.xml", MsSpecificEidasNodeSpringResourceProvider.class); - return new Resource[] { generic, msEidasNode, msEidasNodeStorage }; } @Override @@ -50,7 +48,7 @@ public class MsSpecificEidasNodeSpringResourceProvider implements SpringResource @Override public String getName() { - return "MS-specific eIDAS Node SpringResourceProvider"; + return "MS-specific eIDAS-Connector SpringResourceProvider"; } } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/SpringContextCloseHandler.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/SpringContextCloseHandler.java deleted file mode 100644 index e884b5c6..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/SpringContextCloseHandler.java +++ /dev/null @@ -1,170 +0,0 @@ -package at.asitplus.eidas.specific.connector; - -import java.util.Iterator; -import java.util.Map; -import java.util.Map.Entry; - -import org.slf4j.Logger; -import org.springframework.beans.BeansException; -import org.springframework.beans.factory.config.BeanPostProcessor; -import org.springframework.context.ApplicationContext; -import org.springframework.context.ApplicationContextAware; -import org.springframework.context.ApplicationListener; -import org.springframework.context.event.ContextClosedEvent; -import org.springframework.context.event.EventListener; -import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor; -import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler; - -import at.gv.egiz.components.spring.api.IDestroyableObject; -import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication; - -/** - * SpringContext CloseHandler. - * - * @author tlenz - * - */ - -public class SpringContextCloseHandler - implements ApplicationListener, ApplicationContextAware, BeanPostProcessor { - - private static final Logger log = - org.slf4j.LoggerFactory.getLogger(SpringContextCloseHandler.class); - - private ApplicationContext context; - - /* - * (non-Javadoc) - * - * @see org.springframework.context.ApplicationListener#onApplicationEvent(org. - * springframework.context. ApplicationEvent) - */ - @Override - @EventListener - public void onApplicationEvent(final ContextClosedEvent arg0) { - log.info("MS-specific eIDAS-Node shutdown process started ..."); - - try { - log.debug("CleanUp objects with implements the IDestroyable interface ... "); - final Map objectsToDestroy = - context.getBeansOfType(IDestroyableObject.class); - internalIDestroyableObject(objectsToDestroy); - log.info("Object cleanUp complete"); - - log.debug("Stopping Spring Thread-Pools ... "); - // shut-down task schedulers - final Map schedulers = - context.getBeansOfType(ThreadPoolTaskScheduler.class); - internalThreadPoolTaskScheduler(schedulers); - - // shut-down task executors - final Map executers = - context.getBeansOfType(ThreadPoolTaskExecutor.class); - internalThreadPoolTaskExecutor(executers); - log.debug("Spring Thread-Pools stopped"); - - - //clean-up eIDAS node - Map nodeIgnite = - context.getBeansOfType(IgniteInstanceInitializerSpecificCommunication.class); - log.info("Find #{} Apache Ignite instances from eIDAS Ref. impl.", nodeIgnite.size()); - for (Entry el : nodeIgnite.entrySet()) { - if (el.getValue().getInstance() != null) { - el.getValue().getInstance().close(); - el.getValue().destroyInstance(); - log.debug("Shutdown Apache-Ignite: {}", el.getKey()); - - } - } - - log.info("MS-specific eIDAS-Node shutdown process finished"); - - } catch (final Exception e) { - log.warn("MS-specific eIDAS-Node shutdown process has an error.", e); - - } - - } - - /* - * (non-Javadoc) - * - * @see org.springframework.beans.factory.config.BeanPostProcessor# - * postProcessAfterInitialization(java. lang.Object, java.lang.String) - */ - @Override - public Object postProcessAfterInitialization(final Object arg0, final String arg1) - throws BeansException { - if (arg0 instanceof ThreadPoolTaskScheduler) { - ((ThreadPoolTaskScheduler) arg0).setWaitForTasksToCompleteOnShutdown(true); - } - if (arg0 instanceof ThreadPoolTaskExecutor) { - ((ThreadPoolTaskExecutor) arg0).setWaitForTasksToCompleteOnShutdown(true); - } - return arg0; - - } - - /* - * (non-Javadoc) - * - * @see org.springframework.beans.factory.config.BeanPostProcessor# - * postProcessBeforeInitialization(java .lang.Object, java.lang.String) - */ - @Override - public Object postProcessBeforeInitialization(final Object arg0, final String arg1) - throws BeansException { - return arg0; - - } - - /* - * (non-Javadoc) - * - * @see - * org.springframework.context.ApplicationContextAware#setApplicationContext(org - * .springframework. context.ApplicationContext) - */ - @Override - public void setApplicationContext(final ApplicationContext arg0) throws BeansException { - this.context = arg0; - - } - - private void internalThreadPoolTaskExecutor(final Map executers) { - for (final ThreadPoolTaskExecutor executor : executers.values()) { - executor.shutdown(); - log.debug("Executer {} with active {} work has killed", executor.getThreadNamePrefix(), - executor.getActiveCount()); - - } - - } - - // Not required at the moment - private void internalThreadPoolTaskScheduler( - final Map schedulers) { - log.trace("Stopping #{} task-schedulers", schedulers.size()); - - } - - private void internalIDestroyableObject(final Map objectsToDestroy) { - if (objectsToDestroy != null) { - final Iterator> interator = - objectsToDestroy.entrySet().iterator(); - while (interator.hasNext()) { - final Entry object = interator.next(); - try { - object.getValue().fullyDestroy(); - log.debug("Object with ID: {} is destroyed", object.getKey()); - - } catch (final Exception e) { - log.warn("Destroing object with ID: {} FAILED!", object.getKey(), null, e); - - } - } - } - - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java index 1833f377..17eb0704 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java @@ -27,7 +27,7 @@ import java.util.Base64; import org.apache.commons.lang3.StringUtils; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder; @@ -49,7 +49,7 @@ public class AuthBlockAttributeBuilder implements IPvpAttributeBuilder { public ATT build(final ISpConfiguration oaParam, final IAuthData authData, final IAttributeGenerator g) throws AttributeBuilderException { - String authBlock = authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class); + String authBlock = authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class); if (StringUtils.isNotEmpty(authBlock)) { return g.buildStringAttribute(EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, EID_AUTHBLOCK_SIGNED_NAME, Base64.getEncoder().encodeToString(authBlock.getBytes(StandardCharsets.UTF_8))); diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java index a4fe8c6c..18eb74f8 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java @@ -19,7 +19,12 @@ package at.asitplus.eidas.specific.connector.attributes; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME; +import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME; + +import org.apache.commons.lang3.StringUtils; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder; @@ -27,10 +32,6 @@ import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata; -import org.apache.commons.lang3.StringUtils; - -import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME; -import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME; @PvpMetadata public class EidasBindAttributeBuilder implements IPvpAttributeBuilder { @@ -45,7 +46,7 @@ public class EidasBindAttributeBuilder implements IPvpAttributeBuilder { public ATT build(final ISpConfiguration oaParam, final IAuthData authData, final IAttributeGenerator g) throws AttributeBuilderException { - String eidasBind = authData.getGenericData(Constants.EIDAS_BIND, String.class); + String eidasBind = authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class); if (StringUtils.isNotEmpty(eidasBind)) { return g.buildStringAttribute(EID_EIDBIND_FRIENDLY_NAME, EID_EIDBIND_NAME, eidasBind); diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/auth/AuthenticationManager.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/auth/AuthenticationManager.java deleted file mode 100644 index abda468d..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/auth/AuthenticationManager.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.auth; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.stereotype.Service; - -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.api.idp.slo.ISloInformationContainer; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager; -import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; - -@Service("AuthenticationManager") -public class AuthenticationManager extends AbstractAuthenticationManager { - private static final Logger log = LoggerFactory.getLogger(AuthenticationManager.class); - - @Override - public ISloInformationContainer performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, - IRequest pendingReq, String internalSsoId) throws EaafException { - throw new RuntimeException("Single LogOut is NOT supported by this implementation"); - - } - - @Override - protected void populateExecutionContext(ExecutionContext executionContext, - RequestImpl pendingReq, HttpServletRequest httpReq) - throws EaafException { - log.trace("No implementation-specific population of execution-context required ... "); - - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java deleted file mode 100644 index 05704de9..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java +++ /dev/null @@ -1,257 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.connector.builder; - -import java.util.Date; -import java.util.Optional; -import java.util.Set; -import java.util.stream.Collectors; - -import org.springframework.stereotype.Service; - -import com.google.common.collect.Streams; - -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants; -import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues; -import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; -import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; -import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; -import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.data.Triple; -import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; -import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData; -import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper; -import lombok.extern.slf4j.Slf4j; - -@Service("AuthenticationDataBuilder") -@Slf4j -public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder { - - private static final String ERROR_B11 = "builder.11"; - - @Override - protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException { - final EidAuthProcessDataWrapper authProcessData = - pendingReq.getSessionData(EidAuthProcessDataWrapper.class); - final EidAuthenticationData authData = new EidAuthenticationData(); - - // set basis infos - super.generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData); - - // set specific informations - authData.setSsoSessionValidTo( - new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); - - authData.setEidStatus(authProcessData.isTestIdentity() - ? EidIdentityStatusLevelValues.TESTIDENTITY - : EidIdentityStatusLevelValues.IDENTITY); - - return authData; - - } - - @Override - protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) - throws EaafException { - if (authData instanceof EidAuthenticationData) { - ((EidAuthenticationData) authData).setGenericData( - ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, - pendingReq.getUniquePiiTransactionIdentifier()); - log.trace("Inject piiTransactionId: {} into AuthData", pendingReq.getUniquePiiTransactionIdentifier()); - - // set specific informations - ((EidAuthenticationData) authData).setSsoSessionValidTo( - new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); - - // set E-ID status-level - final EidAuthProcessDataWrapper authProcessData = - pendingReq.getSessionData(EidAuthProcessDataWrapper.class); - ((EidAuthenticationData) authData).setEidStatus(authProcessData.isTestIdentity() - ? EidIdentityStatusLevelValues.TESTIDENTITY - : EidIdentityStatusLevelValues.IDENTITY); - - // handle mandate informations - buildMandateInformation((EidAuthenticationData) authData, pendingReq, authProcessData); - - } else { - throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: " - + authData.getClass().getName()); - - } - - } - - @Override - protected IAuthData getAuthDataInstance(IRequest arg0) throws EaafException { - return new EidAuthenticationData(); - - } - - @Override - protected Pair buildOAspecificbPK(IRequest pendingReq, AuthenticationData authData) - throws EaafBuilderException { - return super.buildOAspecificbPK(pendingReq, authData); - - } - - @Override - protected Pair getEncryptedBpkFromPvpAttribute(IAuthProcessDataContainer arg0, - AuthenticationData arg1, ISpConfiguration arg2) throws EaafBuilderException { - return null; - - } - - @Override - protected Pair getbaseIdFromSzr(AuthenticationData arg0, String arg1, String arg2) { - return null; - - } - - private void buildMandateInformation(EidAuthenticationData authData, IRequest pendingReq, - EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException, - EaafStorageException { - authData.setUseMandate(authProcessData.isMandateUsed()); - if (authProcessData.isMandateUsed()) { - log.debug("Build mandate-releated authentication data ... "); - if (authProcessData.isForeigner()) { - buildMandateInformationForEidasIncoming(); - - } else { - buildMandateInformationForEidasOutgoing(authData, pendingReq, authProcessData); - - } - - // inject mandate information into authdata - final Set mandateAttributes = Streams.concat( - IdAustriaAuthConstants.DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES.stream(), - IdAustriaAuthConstants.DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES.stream()) - .map(el -> el.getFirst()) - .collect(Collectors.toSet()); - - authProcessData.getGenericSessionDataStream() - .filter(el -> mandateAttributes.contains(el.getKey())) - .forEach(el -> { - try { - authData.setGenericData(el.getKey(), el.getValue()); - - } catch (final EaafStorageException e) { - log.error("Can not store attribute: {} into session.", el.getKey(), e); - throw new RuntimeException(e); - - } - }); - } - } - - private void buildMandateInformationForEidasIncoming() { - log.debug("Find eIDAS incoming process. Generated mandate-information for ID-Austria system ... "); - - // TODO: implement IDA specific processing of foreign mandate - - } - - private void buildMandateInformationForEidasOutgoing(EidAuthenticationData authData, IRequest pendingReq, - EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException, - EaafStorageException { - log.debug("Find eIDAS outgoing process. Generated mandate-information for other country ... "); - if (authProcessData.getGenericDataFromSession( - PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME) != null) { - final Optional> missingAttribute = - IdAustriaAuthConstants.DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES.stream() - .filter(el -> authProcessData.getGenericDataFromSession(el.getFirst()) == null) - .findFirst(); - if (missingAttribute.isPresent()) { - log.error("ID-Austria response contains not all attributes for nat. person mandator. Missing: {}", - missingAttribute.get().getFirst()); - throw new EaafAuthenticationException(ERROR_B11, new Object[] { "Nat. person mandate" }); - - } else { - log.trace("Find nat. person mandate. Mandate can be used as it is "); - authData.setGenericData(MsProxyServiceConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, - extractBpkFromResponse(authProcessData.getGenericDataFromSession( - PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, String.class))); - - } - - } else { - final Optional> missingAttribute = - IdAustriaAuthConstants.DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES.stream() - .filter(el -> authProcessData.getGenericDataFromSession(el.getFirst()) == null) - .findFirst(); - if (missingAttribute.isPresent()) { - log.error("ID-Austria response contains not all attributes for legal. person mandator. Missing: {}", - missingAttribute.get().getFirst()); - throw new EaafAuthenticationException(ERROR_B11, new Object[] { "Legal. person mandate" }); - - } else { - log.trace( - "Find jur. person mandate. Generate eIDAS identifier from legal-person sourcePin and type ... "); - final String sourcePin = authProcessData.getGenericDataFromSession( - PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class); - final String sourcePinType = authProcessData.getGenericDataFromSession( - PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class); - - // build leagl-person identifier for eIDAS out-going - final String[] splittedTarget = - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier().split("\\+"); - StringBuilder sb = new StringBuilder(); - sb.append(splittedTarget[1]) - .append("/") - .append(splittedTarget[2]) - .append("/") - .append(sourcePinType) - .append("+") - .append(sourcePin); - - log.debug("Use legal-person eIDAS identifer: {} from baseId: {} and baseIdType: {}", - sb.toString(), sourcePin, sourcePinType); - authData.setGenericData(MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, sb.toString()); - - } - } - } - - private String extractBpkFromResponse(String pvpBpkAttrValue) { - final String[] split = pvpBpkAttrValue.split(":", 2); - if (split.length == 2) { - return split[1]; - - } else { - log.warn("PVP bPK attribute: {} has wrong format. Use it as it is.", pvpBpkAttrValue); - return pvpBpkAttrValue; - - } - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java index d7d88017..c62cbeef 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java @@ -41,7 +41,7 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EaafException; diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpMetadataConfiguration.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpMetadataConfiguration.java index 0fc061ff..e83fd4cf 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpMetadataConfiguration.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpMetadataConfiguration.java @@ -34,7 +34,7 @@ import org.opensaml.saml.saml2.metadata.RequestedAttribute; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/StaticResourceConfiguration.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/StaticResourceConfiguration.java deleted file mode 100644 index b4d58cdd..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/StaticResourceConfiguration.java +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Copyright 2019 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.connector.config; - -import java.net.MalformedURLException; -import java.util.List; - -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.context.support.ReloadableResourceBundleMessageSource; -import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; -import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; -import org.springframework.web.servlet.i18n.CookieLocaleResolver; -import org.thymeleaf.templateresolver.FileTemplateResolver; - -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; -import at.gv.egiz.eaaf.core.impl.utils.FileUtils; - -/** - * Spring configurator for Web resources. - * - * @author tlenz - * - */ -@Configuration -public class StaticResourceConfiguration implements WebMvcConfigurer { - private static final Logger log = LoggerFactory.getLogger(StaticResourceConfiguration.class); - private static final String[] CLASSPATH_RESOURCE_LOCATIONS = { - "/" - }; - - private static final String DEFAULT_MESSAGE_SOURCE = "classpath:properties/status_messages"; - - @Autowired - private IConfiguration basicConfig; - - @Override - public void addResourceHandlers(ResourceHandlerRegistry registry) { - final String staticResources = basicConfig.getBasicConfiguration( - MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_STATIC_PATH); - try { - if (StringUtils.isNotEmpty(staticResources)) { - String absPath = FileUtils.makeAbsoluteUrl(staticResources, basicConfig - .getConfigurationRootDirectory()); - if (!absPath.endsWith("/")) { - absPath += "/"; - } - - registry.addResourceHandler("/static/**").addResourceLocations(absPath); - log.info("Add Ressourcefolder: " + absPath + " for static Web content"); - - } else { - log.debug("No Ressourcefolder for static Web content"); - } - - } catch (final MalformedURLException e) { - log.warn("Can NOT initialize ressourcefolder for static Web content", e); - - } - - registry.addResourceHandler("/**").addResourceLocations(CLASSPATH_RESOURCE_LOCATIONS); - - } - - /** - * Get a message source with only internal message properties. - * - * @param ressourceLocations List of source-locations - * @return - */ - @Bean - public ReloadableResourceBundleMessageSource internalMessageSource( - @Autowired(required = false) final List ressourceLocations) { - final ReloadableResourceBundleMessageSource messageSource = - new ReloadableResourceBundleMessageSource(); - - // add default message source - messageSource.setBasename(DEFAULT_MESSAGE_SOURCE); - - if (ressourceLocations != null) { - // load more message sources - for (final IMessageSourceLocation el : ressourceLocations) { - if (el.getMessageSourceLocation() != null) { - for (final String source : el.getMessageSourceLocation()) { - messageSource.addBasenames(source); - log.debug("Add additional messageSources: {}", el.getMessageSourceLocation().toArray()); - - } - } - } - } - - messageSource.setDefaultEncoding("UTF-8"); - return messageSource; - - } - - /** - * Get full message source with internal and external message-properties files. - * - * @param ressourceLocations List of source-locations - * @return - */ - @Bean - public ReloadableResourceBundleMessageSource messageSource( - @Autowired(required = false) final List ressourceLocations) { - final ReloadableResourceBundleMessageSource messageSource = - new ReloadableResourceBundleMessageSource(); - messageSource.setDefaultEncoding("UTF-8"); - messageSource.setParentMessageSource(internalMessageSource(ressourceLocations)); - - final String staticResources = basicConfig - .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_PROPERTIES_PATH); - try { - if (StringUtils.isNotEmpty(staticResources)) { - final String absPath = - FileUtils.makeAbsoluteUrl(staticResources, basicConfig.getConfigurationRootDirectory()); - messageSource.setBasename(absPath); - - } else { - log.debug("No Ressourcefolder for dynamic Web content templates"); - - } - - } catch (final MalformedURLException e) { - log.warn("Can NOT initialize ressourcefolder for dynamic Web content templates", e); - - } - - return messageSource; - - } - - /** - * Get a i18n resolver based on cookies. - * - * @return - */ - @Bean - public CookieLocaleResolver localeResolver() { - final CookieLocaleResolver localeResolver = new CookieLocaleResolver(); - localeResolver.setCookieName("currentLanguage"); - localeResolver.setCookieMaxAge(3600); - return localeResolver; - - } - - /** - * Get a Tyhmeleaf Template-Resolver with external configuration path. - * - * @return - */ - @Bean(name = "templateResolver") - public FileTemplateResolver templateResolver() { - final String staticResources = basicConfig - .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH); - try { - if (StringUtils.isNotEmpty(staticResources)) { - String absPath = - FileUtils.makeAbsoluteUrl(staticResources, basicConfig.getConfigurationRootDirectory()); - if (!absPath.endsWith("/")) { - absPath += "/"; - - } - - if (absPath.startsWith("file:")) { - absPath = absPath.substring("file:".length()); - - } - - final FileTemplateResolver viewResolver = new FileTemplateResolver(); - viewResolver.setPrefix(absPath); - viewResolver.setSuffix(".html"); - viewResolver.setTemplateMode("HTML"); - viewResolver.setCacheable(false); - - log.info("Add Ressourcefolder: {} for dynamic Web content templates", absPath); - return viewResolver; - - } else { - log.debug("No Ressourcefolder for dynamic Web content templates"); - - } - - } catch (final MalformedURLException e) { - log.warn("Can NOT initialize ressourcefolder for dynamic Web content templates", e); - - } - - throw new RuntimeException("Can NOT initialize HTML template resolver"); - - } -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java index 1bf1ad67..e649fd3a 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java @@ -32,7 +32,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/Pvp2SProfileEndpoint.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/Pvp2SProfileEndpoint.java index d2ec5a7c..923864cc 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/Pvp2SProfileEndpoint.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/Pvp2SProfileEndpoint.java @@ -30,7 +30,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.modules.pvp2.idp.impl.AbstractPvp2XProtocol; import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PvpSProfilePendingRequest; diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/health/EidasNodeMetadataHealthIndicator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/health/EidasNodeMetadataHealthIndicator.java deleted file mode 100644 index f160916c..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/health/EidasNodeMetadataHealthIndicator.java +++ /dev/null @@ -1,69 +0,0 @@ -package at.asitplus.eidas.specific.connector.health; - -import java.io.ByteArrayInputStream; - -import javax.xml.transform.TransformerFactoryConfigurationError; - -import org.apache.commons.lang3.StringUtils; -import org.apache.http.StatusLine; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.client.methods.HttpUriRequest; -import org.apache.http.client.utils.URIBuilder; -import org.apache.http.entity.ContentType; -import org.apache.http.impl.client.CloseableHttpClient; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.actuate.health.Health; -import org.springframework.boot.actuate.health.HealthIndicator; - -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.impl.data.Triple; -import at.gv.egiz.eaaf.core.impl.http.HttpUtils; -import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; -import at.gv.egiz.eaaf.core.impl.utils.DomUtils; -import lombok.extern.slf4j.Slf4j; - -@Slf4j -public class EidasNodeMetadataHealthIndicator implements HealthIndicator { - - @Autowired IConfiguration config; - @Autowired IHttpClientFactory httpClientFactory; - - @Override - public Health health() { - try { - final String urlString = config.getBasicConfiguration( - MsEidasNodeConstants.PROP_CONFIG_MONITORING_EIDASNODE_METADATAURL); - if (StringUtils.isEmpty(urlString)) { - log.trace("No eIDASNode metadata URL. Skipping test ... "); - return Health.unknown().build(); - - } - - // create HTTP client - CloseableHttpClient httpClient = httpClientFactory.getHttpClient(); - URIBuilder uriBuilder = new URIBuilder(urlString); - HttpUriRequest request = new HttpGet(uriBuilder.build()); - - final Triple respCode = httpClient.execute(request, - HttpUtils.bodyStatusCodeResponseHandler()); - if (respCode.getFirst().getStatusCode() != 200) { - log.warn("Monitoring: Get http StatusCode: {} from eIDAS-Node Metadata endpoint", - respCode.getFirst().getStatusCode()); - return Health.down().withDetail("http StatusCode", respCode.getFirst().getStatusCode()).build(); - - } - - // parse metadata - DomUtils.parseXmlNonValidating(respCode.getSecond()); - - return Health.up().build(); - - } catch (Exception | TransformerFactoryConfigurationError e) { - log.warn("Monitoring: Can not read SAML2 metadata from eIDAS-Node", e); - return Health.down().down(e).build(); - - } - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/health/IgniteClusterHealthIndicator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/health/IgniteClusterHealthIndicator.java deleted file mode 100644 index 10517565..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/health/IgniteClusterHealthIndicator.java +++ /dev/null @@ -1,52 +0,0 @@ -package at.asitplus.eidas.specific.connector.health; - -import org.apache.ignite.Ignite; -import org.springframework.boot.actuate.health.Health; -import org.springframework.boot.actuate.health.HealthIndicator; - -import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication; -import lombok.Setter; -import lombok.extern.slf4j.Slf4j; - -/** - * HealthCheck that validate Nodes in Apache-Ignite Cluster. - * - * @author tlenz - * - */ -@Slf4j -public class IgniteClusterHealthIndicator implements HealthIndicator { - - @Setter - protected IgniteInstanceInitializerSpecificCommunication igniteInstanceInitializerSpecificCommunication; - - @Override - public Health health() { - final Ignite instance = igniteInstanceInitializerSpecificCommunication.getInstance(); - - // check if Apache Ignite cluster is active - if (!instance.cluster().active()) { - return Health.outOfService().build(); - - } - - final Health.Builder healthBuilder; - // Status UP requires more than 1 node because MS-Connector and eIDAS-Node operations as - // micro-services - if (instance.cluster().nodes().size() > 1) { - healthBuilder = Health.up(); - - } else { - // Something looks wrong if only a single node was found because MS-Connector and eIDAS-Node - // operations as micro-services - healthBuilder = Health.outOfService(); - - } - - healthBuilder.withDetail("#Nodes", instance.cluster().nodes().size()); - log.trace("Ignite state. #Nodes: {}", instance.cluster().nodes().size()); - return healthBuilder.build(); - - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java deleted file mode 100644 index d90cd22b..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.interceptor; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.web.servlet.HandlerInterceptor; -import org.springframework.web.servlet.ModelAndView; - -/** - * Spring interceptor to inject securtiy headers into http response. - * - * @author tlenz - * - */ -public class WebFrontEndSecurityInterceptor implements HandlerInterceptor { - - /* - * (non-Javadoc) - * - * @see - * org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet. - * http.HttpServletRequest, javax.servlet.http.HttpServletResponse, - * java.lang.Object) - */ - @Override - public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) - throws Exception { - - // set security headers - response.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT"); - response.setHeader("Pragma", "no-cache"); - response.setHeader("Cache-control", "no-store, no-cache, must-revalidate"); - - return true; - - } - - /* - * (non-Javadoc) - * - * @see - * org.springframework.web.servlet.HandlerInterceptor#postHandle(javax.servlet. - * http.HttpServletRequest, javax.servlet.http.HttpServletResponse, - * java.lang.Object, org.springframework.web.servlet.ModelAndView) - */ - @Override - public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, - ModelAndView modelAndView) throws Exception { - - } - - /* - * (non-Javadoc) - * - * @see - * org.springframework.web.servlet.HandlerInterceptor#afterCompletion(javax. - * servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, - * java.lang.Object, java.lang.Exception) - */ - @Override - public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, - Exception ex) - throws Exception { - - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/logger/RevisionLogger.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/logger/RevisionLogger.java deleted file mode 100644 index 16385e10..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/logger/RevisionLogger.java +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.logger; - -import java.util.Date; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; - -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.gv.egiz.components.eventlog.api.Event; -import at.gv.egiz.components.eventlog.api.EventConstants; -import at.gv.egiz.components.eventlog.api.EventLogFactory; -import at.gv.egiz.components.eventlog.api.EventLoggingException; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; -import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; - -public class RevisionLogger extends EventLogFactory implements IRevisionLogger { - private static final Logger log = LoggerFactory.getLogger(RevisionLogger.class); - - @Autowired - private IConfiguration basicConfig; - - @Override - public void logEvent(ISpConfiguration oaConfig, int eventCode, String message) { - logEvent(createNewEvent(new Date().getTime(), eventCode, message)); - - } - - @Override - public void logEvent(IRequest pendingRequest, int eventCode) { - logEvent(createNewEvent(new Date().getTime(), eventCode, - pendingRequest.getUniqueSessionIdentifier(), pendingRequest.getUniqueTransactionIdentifier())); - - } - - @Override - public void logEvent(IRequest pendingRequest, int eventCode, String message) { - logEvent(createNewEvent(new Date().getTime(), eventCode, message, - pendingRequest.getUniqueSessionIdentifier(), pendingRequest.getUniqueTransactionIdentifier())); - - } - - @Override - public void logEvent(int eventCode, String message) { - logEvent(createNewEvent(new Date().getTime(), eventCode, message)); - - } - - @Override - public void logEvent(String sessionID, String transactionID, int eventCode, String message) { - logEvent(createNewEvent(new Date().getTime(), eventCode, message, sessionID, transactionID)); - - } - - @Override - public void logEvent(String sessionID, String transactionID, int eventCode) { - logEvent(createNewEvent(new Date().getTime(), eventCode, sessionID, transactionID)); - - } - - private void logEvent(Event event) { - try { - if (event.getEventCode() >= 1100) { - if (event.getEventCode() == EventConstants.TRANSACTION_IP - && !basicConfig.getBasicConfigurationBoolean( - MsEidasNodeConstants.PROP_CONFIG_REVISIONLOG_LOG_IP_ADDRESS_OF_USER, true)) { - log.trace("Ignore Event: " + event.getEventCode() + " because IP adresse logging prohibited"); - return; - - } - - getEventLog().logEvent(event); - - } else { - log.trace("Ignore Event: " + event.getEventCode() - + " because session functionallity is not implemented"); - } - - } catch (final EventLoggingException e) { - log.warn("Event logging FAILED! Reason: " + e.getMessage()); - - } - - } -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/logger/StatisticLogger.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/logger/StatisticLogger.java deleted file mode 100644 index 3483f367..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/logger/StatisticLogger.java +++ /dev/null @@ -1,141 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.logger; - -import org.apache.commons.lang3.StringUtils; -import org.joda.time.DateTime; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger; -import at.gv.egiz.eaaf.core.exceptions.EaafException; - -public class StatisticLogger implements IStatisticLogger { - - private static final Logger log = LoggerFactory.getLogger(StatisticLogger.class); - - private static final String DATEFORMATER = "yyyy.MM.dd-HH:mm:ss+z"; - private static final String STATUS_SUCCESS = "success"; - private static final String STATUS_ERROR = "error"; - - @Override - public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSsoSession) { - log.info(buildLogMessage( - protocolRequest.getUniqueTransactionIdentifier(), - protocolRequest.getSpEntityId(), - protocolRequest.getRawData(MsEidasNodeConstants.DATA_REQUESTERID), - protocolRequest.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), - authData.getCiticenCountryCode(), - STATUS_SUCCESS, - StringUtils.EMPTY, - StringUtils.EMPTY)); - - } - - @Override - public void logErrorOperation(Throwable throwable) { - String errorId = "TODO"; - if (throwable instanceof EaafException) { - errorId = ((EaafException) throwable).getErrorId(); - } - - log.info(buildLogMessage( - StringUtils.EMPTY, - StringUtils.EMPTY, - StringUtils.EMPTY, - StringUtils.EMPTY, - StringUtils.EMPTY, - STATUS_ERROR, - errorId, - throwable.getMessage())); - - } - - @Override - public void logErrorOperation(Throwable throwable, IRequest errorRequest) { - String errorId = "TODO"; - if (throwable instanceof EaafException) { - errorId = ((EaafException) throwable).getErrorId(); - } - - if (errorRequest != null) { - log.info(buildLogMessage( - errorRequest.getUniqueTransactionIdentifier(), - errorRequest.getSpEntityId(), - errorRequest.getRawData(MsEidasNodeConstants.DATA_REQUESTERID), - errorRequest.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), - StringUtils.EMPTY, - STATUS_ERROR, - errorId, - throwable.getMessage())); - } else { - log.info(buildLogMessage( - StringUtils.EMPTY, - StringUtils.EMPTY, - StringUtils.EMPTY, - StringUtils.EMPTY, - StringUtils.EMPTY, - STATUS_ERROR, - errorId, - throwable.getMessage())); - } - - } - - @Override - public void internalTesting() throws Exception { - log.trace("Not implemented for a File-based logger"); - - } - - private String buildLogMessage(String transId, String entityId, Object requesterId, String target, - String cc, - String status, String errorCode, String errorMsg) { - String logMsg = StringUtils.EMPTY; - - // data,tId,MOAID-Id,SP-Id,bPKTarget,CC,status,error-code,error-msg - - logMsg += DateTime.now().toString(DATEFORMATER) + ","; - logMsg += transId + ","; - logMsg += entityId + ","; - - if (requesterId instanceof String && StringUtils.isNotEmpty((String) requesterId)) { - logMsg += (String) requesterId + ","; - } else { - logMsg += StringUtils.EMPTY + ","; - } - - logMsg += target + ","; - logMsg += cc + ","; - - logMsg += status + ","; - logMsg += errorCode + ","; - logMsg += errorMsg; - - return logMsg; - } -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/mapper/LoALevelMapper.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/mapper/LoALevelMapper.java deleted file mode 100644 index 564160be..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/mapper/LoALevelMapper.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.mapper; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.stereotype.Service; - -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; - -@Service("LoALevelMapper") -public class LoALevelMapper implements ILoALevelMapper { - private static final Logger log = LoggerFactory.getLogger(LoALevelMapper.class); - - @Override - public String mapToSecClass(String loa) { - log.info("Mapping to PVP SecClass is NOT supported"); - return null; - } - - @Override - public String mapToEidasLoa(String loa) { - if (loa.startsWith(EaafConstants.EIDAS_LOA_PREFIX)) { - return loa; - } else { - log.info("Can NOT map '" + loa + "' to eIDAS LoA"); - } - - return null; - - } - - @Override - public String mapEidasQaaToStorkQaa(String eidasqaaLevel) { - return null; - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/CountrySelectionProcessImpl.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/CountrySelectionProcessImpl.java index 805148f7..2ec86f53 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/CountrySelectionProcessImpl.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/CountrySelectionProcessImpl.java @@ -25,7 +25,7 @@ package at.asitplus.eidas.specific.connector.processes; import org.apache.commons.lang3.StringUtils; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java index 727653b3..b2c5c51d 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java @@ -34,7 +34,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Component; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java index d3b8116a..e87979fb 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java @@ -29,9 +29,9 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.asitplus.eidas.specific.connector.MsConnectorEventCodes; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.asitplus.eidas.specific.connector.gui.StaticGuiBuilderConfiguration; +import at.asitplus.eidas.specific.core.MsConnectorEventCodes; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration; import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpEndPointCredentialProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpEndPointCredentialProvider.java index 3a3e9664..98e88eff 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpEndPointCredentialProvider.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpEndPointCredentialProvider.java @@ -25,7 +25,7 @@ package at.asitplus.eidas.specific.connector.provider; import org.springframework.beans.factory.annotation.Autowired; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java index 8dbb74c7..6161c271 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java @@ -41,7 +41,7 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java deleted file mode 100644 index 5565bc63..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java +++ /dev/null @@ -1,182 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.provider; - -import java.text.MessageFormat; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; - -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.context.MessageSource; -import org.springframework.context.MessageSourceAware; -import org.springframework.context.NoSuchMessageException; -import org.springframework.context.i18n.LocaleContextHolder; -import org.springframework.stereotype.Service; - -import at.gv.egiz.eaaf.core.api.IStatusMessenger; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory; - -@Service("StatusMessageProvider") -public class StatusMessageProvider implements IStatusMessenger, MessageSourceAware { - private static final Logger log = LoggerFactory.getLogger(StatusMessageProvider.class); - - private static final String ERROR_MESSAGES_UNAVAILABLE = - "Error messages can NOT be load from application. Only errorCode: {0} is availabe"; - private static final String ERROR_NO_MESSAGE = "No errormesseage for error with number.={0}"; - - private static final String ERROR_EXTERNALERROR_CODES_UNAVAILABLE = - "External error-codes can NOT be load from application. Only internal errorCode: {0} is availabe"; - private static final String ERROR_NO_EXTERNALERROR_CODE = - "No external error for internal error with number.={0}"; - private static final String MSG_WARN_NO_SOURCE = "MessageCode: {} is NOT SET for locale: {}"; - private static final String MSG_INFO = "Use locale: {} as default"; - - // external error codes - private static final String DEFAULT_EXTERNALERROR_RESOURCES = "properties/external_statuscodes_map"; - private static final Locale DEFAULT_EXTERNALERROR_LOCALES = new Locale("en", "GB"); - private ResourceBundle externalError = null; - - //internal messanges - private MessageSource messageSource; - - @Override - public String getMessageWithoutDefault(final String messageId, final Object[] parameters) { - if (messageSource == null) { - return null; - - } else { - try { - final Locale locale = LocaleContextHolder.getLocale(); - return messageSource.getMessage(messageId, parameters, locale); - - } catch (final NoSuchMessageException e) { - log.info(MSG_WARN_NO_SOURCE, messageId, LocaleContextHolder.getLocale()); - log.debug(MSG_INFO, Locale.ENGLISH); - - try { - return messageSource.getMessage(messageId, parameters, Locale.ENGLISH); - - } catch (final NoSuchMessageException e2) { - log.info(MSG_WARN_NO_SOURCE, messageId, Locale.ENGLISH); - - } - - } catch (final MissingResourceException e2) { - log.warn("No message source", e2); - - } - } - - return null; - - } - - @Override - public String getMessage(final String messageId, final Object[] parameters) { - if (messageSource == null) { - return MessageFormat.format(ERROR_MESSAGES_UNAVAILABLE, new Object[]{messageId}); - - } else { - try { - final Locale locale = LocaleContextHolder.getLocale(); - return messageSource.getMessage(messageId, parameters, locale); - - } catch (final NoSuchMessageException e) { - log.info(MSG_WARN_NO_SOURCE, messageId, LocaleContextHolder.getLocale()); - log.debug(MSG_INFO, Locale.ENGLISH); - - try { - return messageSource.getMessage(messageId, parameters, Locale.ENGLISH); - - } catch (final NoSuchMessageException e2) { - return MessageFormat.format(ERROR_NO_MESSAGE, new Object[]{messageId}); - - } - - } catch (final MissingResourceException e2) { - return MessageFormat.format(ERROR_NO_MESSAGE, new Object[]{messageId}); - - } - } - } - - @Override - public String getResponseErrorCode(Throwable throwable) { - String errorCode = IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; - if (throwable instanceof EaafException) { - errorCode = ((EaafException) throwable).getErrorId(); - - } - - return errorCode; - - } - - @Override - public String mapInternalErrorToExternalError(String intErrorCode) { - // initialize messages - if (externalError == null) { - this.externalError = ResourceBundle.getBundle( - DEFAULT_EXTERNALERROR_RESOURCES, - DEFAULT_EXTERNALERROR_LOCALES); - - } - - // create the message - if (externalError == null) { - log.warn(MessageFormat.format(ERROR_EXTERNALERROR_CODES_UNAVAILABLE, new Object[] { intErrorCode })); - return IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; - - } else { - try { - if (StringUtils.isNotEmpty(intErrorCode)) { - return externalError.getString(intErrorCode); - - } else { - return IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; - - } - - } catch (final MissingResourceException e2) { - log.info(MessageFormat.format(ERROR_NO_EXTERNALERROR_CODE, new Object[] { intErrorCode })); - return IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; - - } - } - } - - @Override - public void setMessageSource(MessageSource messageSource) { - this.messageSource = messageSource; - - log.info("Injecting 'StatusMessanger' into 'LogMessageProviderFactory'"); - LogMessageProviderFactory.setStatusMessager(this); - - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/CacheWithEidasBackend.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/CacheWithEidasBackend.java deleted file mode 100644 index 87ebda92..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/CacheWithEidasBackend.java +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.storage; - -import eu.eidas.auth.commons.cache.ConcurrentCacheService; -import eu.eidas.auth.commons.tx.AbstractCache; - -public class CacheWithEidasBackend extends AbstractCache { - - protected CacheWithEidasBackend(ConcurrentCacheService concurrentMapService) { - super(concurrentMapService); - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/EidasCacheTransactionStoreDecorator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/EidasCacheTransactionStoreDecorator.java deleted file mode 100644 index 634b3797..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/EidasCacheTransactionStoreDecorator.java +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.storage; - -import java.util.Arrays; -import java.util.Date; -import java.util.List; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.actuate.health.Health; -import org.springframework.boot.actuate.health.HealthIndicator; - -import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; -import at.gv.egiz.eaaf.core.impl.utils.Random; - -public class EidasCacheTransactionStoreDecorator implements ITransactionStorage, HealthIndicator { - private static final Logger log = LoggerFactory.getLogger(EidasCacheTransactionStoreDecorator.class); - - @Autowired(required = true) - private CacheWithEidasBackend storage; - - @Override - public Health health() { - try { - final String key = Random.nextHexRandom16(); - final String value = Random.nextHexRandom16(); - - this.put(key, value, -1); - final String result = this.get(key, String.class); - this.remove(key); - - if (result != null && result.equals(value)) { - return Health.up().build(); - - } else { - log.warn("Montioring: TestValue: " + value + " does NOT match in Storage test"); - return Health.down().build(); - - } - - } catch (final EaafException e) { - log.warn("Montioring: Can not read/write to storage.", e); - return Health.down().down(e).build(); - - } - } - - @Override - public void changeKey(String oldKey, String newKey, Object value) throws EaafException { - if (containsKey(oldKey)) { - final TransactionStoreElement el = storage.get(oldKey); - el.setKey(newKey); - el.setData(value); - storage.put(newKey, el); - boolean delResult = storage.remove(oldKey); - log.trace("Object: {} removed from cache: {}", oldKey, delResult); - - } else { - throw new EaafStorageException("No element in TransactionStorage with key: " + oldKey); - } - - } - - @Override - public List clean(Date now, long dataTimeOut) { - log.info("Clean is NOT implemented, because its not needed"); - return Arrays.asList(); - - } - - @Override - public boolean containsKey(String key) { - return storage.containsKey(key); - - } - - @Override - public Object get(String key) throws EaafException { - if (key != null && containsKey(key)) { - final TransactionStoreElement element = storage.get(key); - return element.getData(); - - } else { - return null; - } - } - - @Override - public T get(String key, Class type) throws EaafException { - return get(key, type, -1); - - } - - @Override - public T get(String key, Class type, long dataTimeOut) throws EaafException { - if (key != null && containsKey(key)) { - final TransactionStoreElement value = storage.get(key); - - if (dataTimeOut > -1) { - final long now = new Date().getTime(); - if (now - value.getCreated().getTime() > dataTimeOut) { - log.info("Transaction-Data with key: " + key + " is out of time."); - throw new EaafStorageException("Transaction-Data with key: " + key + " is out of time."); - - } - } - - if (type.isAssignableFrom(value.getData().getClass())) { - return (T) value.getData(); - - } else { - log.warn("Can NOT cast '" + value.getClass() + "' to '" + type + "'"); - } - - } - - return null; - } - - @Override - public Object getRaw(String key) throws EaafException { - return storage.get(key); - - } - - @Override - public void put(String key, Object value, int dataTimeOut) throws EaafException { - final TransactionStoreElement element = new TransactionStoreElement(); - element.setKey(key); - element.setData(value); - storage.put(key, element); - - } - - @Override - public void putRaw(String key, Object value) throws EaafException { - if (value instanceof TransactionStoreElement) { - storage.put(((TransactionStoreElement) value).getKey(), (TransactionStoreElement) value); - } else { - log.info(value.getClass().getName() + " is NOT a RAW element of " + ITransactionStorage.class - .getName()); - } - - } - - @Override - public void remove(String key) { - if (containsKey(key)) { - log.trace("Remove element with key: " + key + " from " + ITransactionStorage.class.getName()); - boolean delResult = storage.remove(key); - log.trace("Object: {} removed from cache: {}", key, delResult); - - } - } -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/SimpleInMemoryTransactionStorage.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/SimpleInMemoryTransactionStorage.java deleted file mode 100644 index 3bda2932..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/SimpleInMemoryTransactionStorage.java +++ /dev/null @@ -1,169 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.storage; - -import java.util.ArrayList; -import java.util.Date; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; -import java.util.concurrent.ConcurrentHashMap; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; - -public class SimpleInMemoryTransactionStorage implements ITransactionStorage { - private static final Logger log = LoggerFactory.getLogger(SimpleInMemoryTransactionStorage.class); - - private final Map storage = - new ConcurrentHashMap<>(); - - @Override - public void changeKey(String oldKey, String newKey, Object value) throws EaafException { - if (containsKey(oldKey)) { - final TransactionStoreElement el = storage.get(oldKey); - el.setKey(newKey); - storage.put(newKey, el); - storage.remove(oldKey); - - } else { - throw new EaafStorageException("No element in TransactionStorage with key: " + oldKey); - } - - } - - @Override - public List clean(Date now, long dataTimeOut) { - final List result = new ArrayList<>(); - final Iterator> iterator = storage.entrySet().iterator(); - while (iterator.hasNext()) { - final Entry key = iterator.next(); - synchronized (storage) { - if (storage.containsKey(key.getKey())) { - final TransactionStoreElement element = key.getValue(); - if (now.getTime() - element.getCreated().getTime() > dataTimeOut) { - result.add(key.getKey()); - } - } - } - } - - return result; - - } - - @Override - public boolean containsKey(String key) { - if (key != null) { - return storage.containsKey(key); - } else { - return false; - } - - } - - @Override - public Object get(String key) throws EaafException { - if (key != null && containsKey(key)) { - final TransactionStoreElement element = storage.get(key); - return element.getData(); - - } else { - return null; - } - } - - @Override - public T get(String key, Class type) throws EaafException { - return get(key, type, -1); - - } - - @Override - public T get(String key, Class type, long dataTimeOut) throws EaafException { - if (key != null && containsKey(key)) { - final TransactionStoreElement value = storage.get(key); - - if (dataTimeOut > -1) { - final long now = new Date().getTime(); - if (now - value.getCreated().getTime() > dataTimeOut) { - log.info("Transaction-Data with key: " + key + " is out of time."); - throw new EaafStorageException("Transaction-Data with key: " + key + " is out of time."); - - } - } - - if (type.isAssignableFrom(value.getData().getClass())) { - return (T) value.getData(); - - } else { - log.warn("Can NOT cast '" + value.getClass() + "' to '" + type + "'"); - } - - } - - return null; - } - - @Override - public Object getRaw(String key) throws EaafException { - return storage.get(key); - - } - - @Override - public void put(String key, Object value, int dataTimeOut) throws EaafException { - final TransactionStoreElement element = new TransactionStoreElement(); - element.setKey(key); - element.setData(value); - storage.put(key, element); - - } - - @Override - public void putRaw(String key, Object value) throws EaafException { - if (value instanceof TransactionStoreElement) { - storage.put(((TransactionStoreElement) value).getKey(), (TransactionStoreElement) value); - } else { - log.info(value.getClass().getName() + " is NOT a RAW element of " + ITransactionStorage.class - .getName()); - } - - } - - @Override - public void remove(String key) { - if (containsKey(key)) { - log.debug("Remove element with key: " + key + " from " + ITransactionStorage.class.getName()); - storage.remove(key); - - } - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/TransactionStoreElement.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/TransactionStoreElement.java deleted file mode 100644 index 4e9e737f..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/TransactionStoreElement.java +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.storage; - -import java.io.Serializable; -import java.util.Date; - -public class TransactionStoreElement implements Serializable { - - private static final long serialVersionUID = 1L; - private String key = null; - private Object data = null; - private Date created; - - public String getKey() { - return key; - } - - public void setKey(String key) { - this.key = key; - } - - public Object getData() { - return data; - } - - public void setData(Object data) { - this.data = data; - } - - public Date getCreated() { - return copyOrNull(created); - } - - public void setCreated(Date created) { - this.created = copyOrNull(created); - } - - private Date copyOrNull(Date in) { - if (in != null) { - return new Date(in.getTime()); - - } - - return null; - - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java index e4c68004..23702264 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java @@ -42,8 +42,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; diff --git a/connector/src/main/resources/applicationContext.xml b/connector/src/main/resources/applicationContext.xml index 15ce0a55..ec8e79f4 100644 --- a/connector/src/main/resources/applicationContext.xml +++ b/connector/src/main/resources/applicationContext.xml @@ -15,16 +15,10 @@ - - + class="at.asitplus.eidas.specific.core.interceptor.WebFrontEndSecurityInterceptor" /> @@ -32,22 +26,17 @@ - - + class="at.asitplus.eidas.specific.core.SpringContextCloseHandler" /> + class="at.asitplus.eidas.specific.core.config.BasicConfigurationProvider"> + class="at.asitplus.eidas.specific.core.config.SpringBootBasicConfigurationProvider" /> diff --git a/connector/src/main/resources/specific_eIDAS_connector.beans.xml b/connector/src/main/resources/specific_eIDAS_connector.beans.xml index 34fd088b..7ac6236c 100644 --- a/connector/src/main/resources/specific_eIDAS_connector.beans.xml +++ b/connector/src/main/resources/specific_eIDAS_connector.beans.xml @@ -11,10 +11,8 @@ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> - + - @@ -24,15 +22,6 @@ - - - - - - @@ -66,44 +55,12 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/AuthBlockAttributeBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/AuthBlockAttributeBuilderTest.java index 5c0a1420..6c6276c3 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/AuthBlockAttributeBuilderTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/AuthBlockAttributeBuilderTest.java @@ -14,7 +14,7 @@ import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import at.asitplus.eidas.specific.connector.attributes.AuthBlockAttributeBuilder; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.IAuthData; @@ -62,7 +62,7 @@ public class AuthBlockAttributeBuilderTest extends AbstractAttributeBuilderTest log.info("starting: " + mTestName); try { final IAuthData authData = buildAuthData(); - ((AuthenticationData) authData).setGenericData(Constants.SZR_AUTHBLOCK, JSW); + ((AuthenticationData) authData).setGenericData(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, JSW); final String value = attrBuilde.build(spConfig, authData, gen); @@ -80,7 +80,7 @@ public class AuthBlockAttributeBuilderTest extends AbstractAttributeBuilderTest log.info("starting: " + mTestName); try { final IAuthData authData = buildAuthData(); - ((AuthenticationData) authData).setGenericData(Constants.SZR_AUTHBLOCK, null); + ((AuthenticationData) authData).setGenericData(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, null); final String value = attrBuilde.build(spConfig, authData, gen); Assert.fail("Attr. Builder provide no 'UnavailableAttributeException'"); @@ -99,7 +99,7 @@ public class AuthBlockAttributeBuilderTest extends AbstractAttributeBuilderTest log.info("starting: " + mTestName); try { final IAuthData authData = buildAuthData(); - ((AuthenticationData) authData).setGenericData(Constants.SZR_AUTHBLOCK, ""); + ((AuthenticationData) authData).setGenericData(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, ""); final String value = attrBuilde.build(spConfig, authData, gen); Assert.fail("Attr. Builder provide no 'UnavailableAttributeException'"); diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/EidasBindAttributeBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/EidasBindAttributeBuilderTest.java index 9a2c6cdc..969a22fb 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/EidasBindAttributeBuilderTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/EidasBindAttributeBuilderTest.java @@ -1,7 +1,5 @@ package at.asitplus.eidas.specific.connector.test.attributes; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.EIDAS_BIND; - import org.junit.Assert; import org.junit.Before; import org.junit.Rule; @@ -12,6 +10,7 @@ import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import at.asitplus.eidas.specific.connector.attributes.EidasBindAttributeBuilder; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.IAuthData; @@ -54,7 +53,7 @@ public class EidasBindAttributeBuilderTest extends AbstractAttributeBuilderTest log.info("starting: " + mTestName); try { final IAuthData authData = buildAuthData(); - ((AuthenticationData) authData).setGenericData(EIDAS_BIND, "vuG8w29GT0"); + ((AuthenticationData) authData).setGenericData(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, "vuG8w29GT0"); final String value = attrBuilde.build(spConfig, authData, gen); @@ -70,7 +69,7 @@ public class EidasBindAttributeBuilderTest extends AbstractAttributeBuilderTest log.info("starting: " + mTestName); try { final IAuthData authData = buildAuthData(); - ((AuthenticationData) authData).setGenericData(EIDAS_BIND, null); + ((AuthenticationData) authData).setGenericData(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, null); final String value = attrBuilde.build(spConfig, authData, gen); Assert.fail("Attr. Builder provide no 'UnavailableAttributeException'"); @@ -89,7 +88,7 @@ public class EidasBindAttributeBuilderTest extends AbstractAttributeBuilderTest log.info("starting: " + mTestName); try { final IAuthData authData = buildAuthData(); - ((AuthenticationData) authData).setGenericData(EIDAS_BIND, ""); + ((AuthenticationData) authData).setGenericData(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, ""); final String value = attrBuilde.build(spConfig, authData, gen); Assert.fail("Attr. Builder provide no 'UnavailableAttributeException'"); diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/config/BasicConfigurationTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/config/BasicConfigurationTest.java index 80307ea2..f9a43b52 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/config/BasicConfigurationTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/config/BasicConfigurationTest.java @@ -17,7 +17,7 @@ import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.web.WebAppConfiguration; -import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration; +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; @@ -28,7 +28,7 @@ import net.shibboleth.utilities.java.support.component.ComponentInitializationEx @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/applicationContext.xml", - "/specific_eIDAS_connector.beans.xml", + "/spring/SpringTest_connector.beans.xml", "/eaaf_core.beans.xml", "/eaaf_pvp.beans.xml", "/eaaf_pvp_idp.beans.xml", diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java index 5b612036..499c5937 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java @@ -25,7 +25,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/applicationContext.xml", - "/specific_eIDAS_connector.beans.xml", + "/spring/SpringTest_connector.beans.xml", "/eaaf_core.beans.xml", "/eaaf_pvp.beans.xml", "/eaaf_pvp_idp.beans.xml", diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/health/EidasNodeMetadataHealthIndicatorNoEndpointTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/health/EidasNodeMetadataHealthIndicatorNoEndpointTest.java deleted file mode 100644 index b04a5bdb..00000000 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/health/EidasNodeMetadataHealthIndicatorNoEndpointTest.java +++ /dev/null @@ -1,70 +0,0 @@ -package at.asitplus.eidas.specific.connector.test.health; - -import java.io.IOException; - -import org.apache.commons.io.IOUtils; -import org.junit.AfterClass; -import org.junit.Assert; -import org.junit.BeforeClass; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.actuate.health.Health; -import org.springframework.http.MediaType; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.TestPropertySource; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.test.context.web.WebAppConfiguration; - -import at.asitplus.eidas.specific.connector.health.EidasNodeMetadataHealthIndicator; -import okhttp3.mockwebserver.MockResponse; -import okhttp3.mockwebserver.MockWebServer; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration({ - "/spring/SpringTest-context_healthcheck.xml" }) -@TestPropertySource(locations = {"classpath:/config/junit_config_2_springboot.properties"}) -@WebAppConfiguration -public class EidasNodeMetadataHealthIndicatorNoEndpointTest { - - @Autowired EidasNodeMetadataHealthIndicator health; - - private static MockWebServer mockWebServer = null; - - /** - * Testclass initializer. - * - * @throws IOException In case of an error - */ - @BeforeClass - public static void classInitializer() throws IOException { - mockWebServer = new MockWebServer(); - mockWebServer.start(40900); - mockWebServer.url("/mockup"); - - } - - @AfterClass - public static void resetTestEnviroment() throws NoSuchFieldException, SecurityException, - IllegalArgumentException, IllegalAccessException, IOException { - mockWebServer.shutdown(); - - } - - @Test - public void noEndpointInConfiguration() throws IOException { - //set-up status - mockWebServer.enqueue(new MockResponse().setResponseCode(200) - .setBody(IOUtils.toString(EidasNodeMetadataHealthIndicatorNoEndpointTest.class - .getResourceAsStream("/config/log4j.properties"), "UTF-8")) - .setHeader("Content-Type", MediaType.APPLICATION_XML)); - - //perform test - Health status = health.health(); - - //validate state - Assert.assertEquals("wrong healthState", Health.unknown().build().getStatus(), status.getStatus()); - - } - -} diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/health/EidasNodeMetadataHealthIndicatorTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/health/EidasNodeMetadataHealthIndicatorTest.java deleted file mode 100644 index b044d4d2..00000000 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/health/EidasNodeMetadataHealthIndicatorTest.java +++ /dev/null @@ -1,102 +0,0 @@ -package at.asitplus.eidas.specific.connector.test.health; - -import java.io.IOException; - -import org.apache.commons.io.IOUtils; -import org.junit.AfterClass; -import org.junit.Assert; -import org.junit.BeforeClass; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.actuate.health.Health; -import org.springframework.http.MediaType; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.TestPropertySource; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.test.context.web.WebAppConfiguration; - -import at.asitplus.eidas.specific.connector.health.EidasNodeMetadataHealthIndicator; -import okhttp3.mockwebserver.MockResponse; -import okhttp3.mockwebserver.MockWebServer; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration({ - "/spring/SpringTest-context_healthcheck.xml" }) -@TestPropertySource(locations = {"classpath:/config/junit_config_1_springboot.properties"}) -@WebAppConfiguration -public class EidasNodeMetadataHealthIndicatorTest { - - @Autowired EidasNodeMetadataHealthIndicator health; - - private static MockWebServer mockWebServer = null; - - /** - * Testclass initializer. - * - * @throws IOException In case of an error - */ - @BeforeClass - public static void classInitializer() throws IOException { - mockWebServer = new MockWebServer(); - mockWebServer.start(40900); - mockWebServer.url("/mockup"); - - } - - @AfterClass - public static void resetTestEnviroment() throws NoSuchFieldException, SecurityException, - IllegalArgumentException, IllegalAccessException, IOException { - mockWebServer.shutdown(); - - } - - @Test - public void httpStatusCode500() throws IOException { - //set-up status - mockWebServer.enqueue(new MockResponse().setResponseCode(500) - .setBody(IOUtils.toString(EidasNodeMetadataHealthIndicatorTest.class - .getResourceAsStream("/data/metadata_valid.xml"), "UTF-8")) - .setHeader("Content-Type", MediaType.APPLICATION_XML)); - - //perform test - Health status = health.health(); - - //validate state - Assert.assertEquals("wrong healthState", Health.down().build().getStatus(), status.getStatus()); - - } - - @Test - public void httpStatusCode200() throws IOException { - //set-up status - mockWebServer.enqueue(new MockResponse().setResponseCode(200) - .setBody(IOUtils.toString(EidasNodeMetadataHealthIndicatorTest.class - .getResourceAsStream("/data/metadata_valid.xml"), "UTF-8")) - .setHeader("Content-Type", MediaType.APPLICATION_XML)); - - //perform test - Health status = health.health(); - - //validate state - Assert.assertEquals("wrong healthState", Health.up().build().getStatus(), status.getStatus()); - - } - - @Test - public void noXmlResponse() throws IOException { - //set-up status - mockWebServer.enqueue(new MockResponse().setResponseCode(200) - .setBody(IOUtils.toString(EidasNodeMetadataHealthIndicatorTest.class - .getResourceAsStream("/config/log4j.properties"), "UTF-8")) - .setHeader("Content-Type", MediaType.APPLICATION_XML)); - - //perform test - Health status = health.health(); - - //validate state - Assert.assertEquals("wrong healthState", Health.down().build().getStatus(), status.getStatus()); - - } - -} diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java index 6b39bd76..ebc07680 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java @@ -47,10 +47,10 @@ import org.springframework.util.Base64Utils; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint; import at.asitplus.eidas.specific.connector.provider.PvpEndPointCredentialProvider; import at.asitplus.eidas.specific.connector.provider.PvpMetadataProvider; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; import at.gv.egiz.eaaf.core.exceptions.EaafException; @@ -64,7 +64,7 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/applicationContext.xml", - "/specific_eIDAS_connector.beans.xml", + "/spring/SpringTest_connector.beans.xml", "/eaaf_core.beans.xml", "/eaaf_pvp.beans.xml", "/eaaf_pvp_idp.beans.xml", diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/task/EvaluateCountrySelectionTaskTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/task/EvaluateCountrySelectionTaskTest.java index 4bff9416..abfc60ff 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/task/EvaluateCountrySelectionTaskTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/task/EvaluateCountrySelectionTaskTest.java @@ -19,8 +19,8 @@ import org.springframework.test.context.web.WebAppConfiguration; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.connector.processes.tasks.EvaluateCountrySelectionTask; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask; @@ -30,7 +30,7 @@ import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/applicationContext.xml", - "/specific_eIDAS_connector.beans.xml", + "/spring/SpringTest_connector.beans.xml", "/eaaf_core.beans.xml", "/eaaf_pvp.beans.xml", "/eaaf_pvp_idp.beans.xml", diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/task/GenerateCountrySelectionFrameTaskTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/task/GenerateCountrySelectionFrameTaskTest.java index 2aab286f..746c8375 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/task/GenerateCountrySelectionFrameTaskTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/task/GenerateCountrySelectionFrameTaskTest.java @@ -29,7 +29,7 @@ import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/applicationContext.xml", - "/specific_eIDAS_connector.beans.xml", + "/spring/SpringTest_connector.beans.xml", "/eaaf_core.beans.xml", "/eaaf_pvp.beans.xml", "/eaaf_pvp_idp.beans.xml", diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java deleted file mode 100644 index cd183088..00000000 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java +++ /dev/null @@ -1,636 +0,0 @@ -package at.asitplus.eidas.specific.connector.test.utils; - -import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertThrows; -import static org.junit.Assert.assertTrue; - -import java.io.IOException; -import java.security.PublicKey; -import java.util.Date; -import java.util.HashMap; -import java.util.Map; - -import javax.xml.transform.TransformerException; - -import org.apache.commons.lang3.RandomStringUtils; -import org.apache.commons.lang3.RandomUtils; -import org.junit.Assert; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.opensaml.core.config.InitializationException; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.i18n.LocaleContextHolder; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.test.context.ActiveProfiles; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.test.context.web.WebAppConfiguration; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; -import org.w3c.dom.Element; - -import at.asitplus.eidas.specific.connector.builder.AuthenticationDataBuilder; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; -import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues; -import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; -import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; -import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; -import at.gv.egiz.eaaf.core.exceptions.EaafParserException; -import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; -import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder; -import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; -import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; -import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; -import net.shibboleth.utilities.java.support.component.ComponentInitializationException; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration({ "/applicationContext.xml", "/spring/SpringTest_connector.beans.xml", "/eaaf_core.beans.xml", - "/eaaf_pvp.beans.xml", "/eaaf_pvp_idp.beans.xml", "/spring/SpringTest-context_simple_storage.xml" }) -@ActiveProfiles(profiles = {"deprecatedConfig"}) -@WebAppConfiguration -public class AuthenticationDataBuilderTest { - - @Autowired - private AuthenticationDataBuilder authenticationDataBuilder; - - @Autowired(required = true) - private IConfiguration basicConfig; - - private MockHttpServletRequest httpReq; - private MockHttpServletResponse httpResp; - private TestRequestImpl pendingReq; - - private DummySpConfiguration oaParam; - private Map spConfig; - - private String eidasBind; - private String authBlock; - - @BeforeClass - public static void classInitializer() throws InitializationException, ComponentInitializationException { - final String current = new java.io.File(".").toURI().toString(); - System.setProperty("eidas.ms.configuration", current - + "src/test/resources/config/junit_config_3.properties"); - - EaafOpenSaml3xInitializer.eaafInitialize(); - } - - @Before - public void initialize() throws EaafStorageException { - httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); - httpResp = new MockHttpServletResponse(); - RequestContextHolder.resetRequestAttributes(); - RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - - spConfig = new HashMap<>(); - spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); - spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); - spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true"); - oaParam = new DummySpConfiguration(spConfig, basicConfig); - - pendingReq = new TestRequestImpl(); - pendingReq.setAuthUrl("https://localhost/ms_connector"); - pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); - pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10)); - pendingReq.setSpConfig(oaParam); - authBlock = RandomStringUtils.randomAlphanumeric(20); - eidasBind = RandomStringUtils.randomAlphanumeric(20); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setQaaLevel(EaafConstants.EIDAS_LOA_PREFIX + RandomStringUtils.randomAlphabetic(5)); - pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( - PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, - RandomStringUtils.randomAlphabetic(2).toUpperCase()); - - LocaleContextHolder.resetLocaleContext(); - - } - - @Test - public void eidasProxyMode() throws EaafAuthenticationException, EaafStorageException { - // initialize state - boolean isTestIdentity = RandomUtils.nextBoolean(); - pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity); - pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); - - String givenName = RandomStringUtils.randomAlphabetic(10); - String familyName = RandomStringUtils.randomAlphabetic(10); - String dateOfBirth = "1956-12-08"; - String bpk = RandomStringUtils.randomAlphanumeric(10); - String cc = pendingReq.getSessionData(AuthProcessDataWrapper.class) - .getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class); - String spC = RandomStringUtils.randomAlphabetic(2).toUpperCase(); - - spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + cc + "+" + spC); - - pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); - pendingReq.getSessionData(AuthProcessDataWrapper.class).setForeigner(false); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.GIVEN_NAME_NAME, givenName); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, familyName); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.BIRTHDATE_NAME, dateOfBirth); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, bpk); - - //set LoA level attribute instead of explicit session-data - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, - pendingReq.getSessionData(AuthProcessDataWrapper.class).getQaaLevel()); - pendingReq.getSessionData(AuthProcessDataWrapper.class).setQaaLevel(null); - - - - // execute test - IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); - - - // validate state - Assert.assertNotNull("AuthData null", authData); - Assert.assertNull("authBlock null", authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class)); - Assert.assertNull("eidasBind null", authData.getGenericData(Constants.EIDAS_BIND, String.class)); - - Assert.assertEquals("LoA", pendingReq.getSessionData(AuthProcessDataWrapper.class) - .getGenericDataFromSession(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, String.class), - authData.getEidasQaaLevel()); - Assert.assertEquals("CitizenCountry", cc, authData.getCiticenCountryCode()); - Assert.assertEquals("familyName", familyName, authData.getFamilyName()); - Assert.assertEquals("givenName", givenName, authData.getGivenName()); - Assert.assertEquals("DateOfBirth", dateOfBirth, authData.getDateOfBirth()); - - Assert.assertEquals("bPK", pendingReq.getSessionData(AuthProcessDataWrapper.class) - .getGenericDataFromSession(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class), - authData.getGenericData(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class)); - - Assert.assertEquals("testIdentity flag", - isTestIdentity ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY, - ((EidAuthenticationData)authData).getEidStatus()); - assertFalse("mandate flag", ((EidAuthenticationData)authData).isUseMandate()); - - } - - @Test - public void eidasProxyModeWithJurMandate() throws EaafAuthenticationException, EaafStorageException { - // initialize state - injectRepresentativeInfosIntoSession(); - - String commonMandate = RandomStringUtils.randomAlphabetic(10); - - // set constant country-code and sourcePin to check hashed eIDAS identifier - String sourcePinMandate = "asfdsadfsadfsafsdafsadfasr"; - spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+EE"); - - // set nat. person mandate information - pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, commonMandate); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinMandate); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, - EaafConstants.URN_PREFIX_BASEID + "+XFN"); - - // execute test - IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); - - - // validate state - Assert.assertNotNull("AuthData null", authData); - assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate()); - - //check mandate informations - checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, commonMandate); - checkGenericAttribute(authData, MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, - "AT/EE/urn:publicid:gv.at:baseid+XFN+asfdsadfsadfsafsdafsadfasr"); - - } - - @Test - public void eidasProxyModeWithJurMandateMissingAttribute() throws EaafAuthenticationException, EaafStorageException { - // initialize state - injectRepresentativeInfosIntoSession(); - - // set constant country-code and sourcePin to check hashed eIDAS identifier - String sourcePinMandate = "asfdsadfsadfsafsdafsadfasr"; - spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+EE"); - - // set nat. person mandate information - pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinMandate); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, - EaafConstants.URN_PREFIX_BASEID + "+XFN"); - - // execute test - // execute test - EaafAuthenticationException error = assertThrows(EaafAuthenticationException.class, - () -> authenticationDataBuilder.buildAuthenticationData(pendingReq)); - Assert.assertEquals("wrong errorId", "builder.11", error.getErrorId()); - - } - - @Test - public void eidasProxyModeWithNatMandate() throws EaafAuthenticationException, EaafStorageException { - // initialize state - injectRepresentativeInfosIntoSession(); - - String givenNameMandate = RandomStringUtils.randomAlphabetic(10); - String familyNameMandate = RandomStringUtils.randomAlphabetic(10); - String dateOfBirthMandate = "1957-09-15"; - String bpkMandate = RandomStringUtils.randomAlphanumeric(10); - - // set nat. person mandate information - pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, "AT+XX:" + bpkMandate); - - // execute test - IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); - - - // validate state - Assert.assertNotNull("AuthData null", authData); - assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate()); - - //check mandate informations - checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate); - checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); - checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1957-09-15"); - checkGenericAttribute(authData, MsProxyServiceConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, bpkMandate); - - } - - @Test - public void eidasProxyModeWithNatMandateWrongBpkFormat() throws EaafAuthenticationException, EaafStorageException { - // initialize state - injectRepresentativeInfosIntoSession(); - - String givenNameMandate = RandomStringUtils.randomAlphabetic(10); - String familyNameMandate = RandomStringUtils.randomAlphabetic(10); - String dateOfBirthMandate = "1957-09-15"; - String bpkMandate = RandomStringUtils.randomAlphanumeric(10); - - // set nat. person mandate information - pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate); - - // execute test - IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); - - - // validate state - Assert.assertNotNull("AuthData null", authData); - assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate()); - - //check mandate informations - checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate); - checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); - checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1957-09-15"); - checkGenericAttribute(authData, MsProxyServiceConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, bpkMandate); - - } - - @Test - public void eidasProxyModeWithNatMandateMissingAttribute() throws EaafAuthenticationException, EaafStorageException { - // initialize state - injectRepresentativeInfosIntoSession(); - - String familyNameMandate = RandomStringUtils.randomAlphabetic(10); - String dateOfBirthMandate = "1957-09-15"; - String bpkMandate = RandomStringUtils.randomAlphanumeric(10); - - // set nat. person mandate information - pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate); - - // execute test - EaafAuthenticationException error = assertThrows(EaafAuthenticationException.class, - () -> authenticationDataBuilder.buildAuthenticationData(pendingReq)); - Assert.assertEquals("wrong errorId", "builder.11", error.getErrorId()); - - } - - @Test - public void eidMode() throws EaafAuthenticationException, EaafStorageException { - // initialize state - boolean isTestIdentity = RandomUtils.nextBoolean(); - pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity); - pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(Constants.SZR_AUTHBLOCK, authBlock); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(Constants.EIDAS_BIND, eidasBind); - - // execute - IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); - - // validate state - Assert.assertNotNull("AuthData null", authData); - Assert.assertNotNull("authBlock null", authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class)); - Assert.assertNotNull("eidasBind null", authData.getGenericData(Constants.EIDAS_BIND, String.class)); - Assert.assertNotNull("LoA null", authData.getEidasQaaLevel()); - Assert.assertEquals("testIdentity flag", - isTestIdentity ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY, - ((EidAuthenticationData)authData).getEidStatus()); - - String authBlock = authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class); - String eidasBind = authData.getGenericData(Constants.EIDAS_BIND, String.class); - - Assert.assertEquals("authBlock not equal", this.authBlock, authBlock); - Assert.assertEquals("eidasBind not equal", this.eidasBind, eidasBind); - Assert.assertEquals("piiTransactionId", - authData.getGenericData(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, String.class), - this.pendingReq.getUniquePiiTransactionIdentifier()); - Assert.assertNotNull("assertion validTo", authData.getSsoSessionValidTo()); - Assert.assertEquals("LoA", pendingReq.getSessionData(AuthProcessDataWrapper.class).getQaaLevel(), - authData.getEidasQaaLevel()); - Assert.assertEquals("EID-ISSUING-NATION", - pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession( - PvpAttributeDefinitions.EID_ISSUING_NATION_NAME), - authData.getCiticenCountryCode()); - - Assert.assertNull("bPK", authData.getBpk()); - Assert.assertNull("bPKType", authData.getBpkType()); - Assert.assertNull("FamilyName", authData.getFamilyName()); - Assert.assertNull("GivenName", authData.getGivenName()); - Assert.assertNull("DateOfBirth", authData.getDateOfBirth()); - Assert.assertNull("baseId", authData.getIdentificationValue()); - Assert.assertNull("baseIdType", authData.getIdentificationType()); - Assert.assertNull("IDL", authData.getIdentityLink()); - - } - - @Test - public void moaIdMode() throws EaafAuthenticationException, EaafBuilderException { - //initialize state - boolean isTestIdentity = RandomUtils.nextBoolean(); - pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity); - pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(false); - IIdentityLink idl = buildDummyIdl(); - pendingReq.getSessionData(AuthProcessDataWrapper.class).setIdentityLink(idl); - - //execute - IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); - - //validate state - Assert.assertNotNull("AuthData null", authData); - Assert.assertNull("authBlock null", authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class)); - Assert.assertNull("eidasBind null", authData.getGenericData(Constants.EIDAS_BIND, String.class)); - Assert.assertNull("piiTransactionId", - authData.getGenericData(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, String.class)); - - Assert.assertEquals("testIdentity flag", - isTestIdentity ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY, - ((EidAuthenticationData)authData).getEidStatus()); - - Assert.assertNotNull("assertion validTo", authData.getSsoSessionValidTo()); - Assert.assertNotNull("LoA null", authData.getEidasQaaLevel()); - Assert.assertEquals("LoA", pendingReq.getSessionData(AuthProcessDataWrapper.class).getQaaLevel(), - authData.getEidasQaaLevel()); - Assert.assertEquals("EID-ISSUING-NATION", - pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession( - PvpAttributeDefinitions.EID_ISSUING_NATION_NAME), - authData.getCiticenCountryCode()); - - Assert.assertEquals("FamilyName", idl.getFamilyName(), authData.getFamilyName()); - Assert.assertEquals("GivenName", idl.getGivenName(), authData.getGivenName()); - Assert.assertEquals("DateOfBirth", idl.getDateOfBirth(), authData.getDateOfBirth()); - Assert.assertEquals("bPK", - BpkBuilder.generateAreaSpecificPersonIdentifier( - idl.getIdentificationValue(), EaafConstants.URN_PREFIX_CDID + "XX").getFirst(), - authData.getBpk()); - Assert.assertEquals("bPKType", EaafConstants.URN_PREFIX_CDID + "XX", authData.getBpkType()); - Assert.assertNotNull("IDL", authData.getIdentityLink()); - - - } - - private void injectRepresentativeInfosIntoSession() throws EaafStorageException { - boolean isTestIdentity = RandomUtils.nextBoolean(); - pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity); - pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); - - String givenName = RandomStringUtils.randomAlphabetic(10); - String familyName = RandomStringUtils.randomAlphabetic(10); - String dateOfBirth = "1956-12-08"; - String bpk = RandomStringUtils.randomAlphanumeric(10); - String cc = pendingReq.getSessionData(AuthProcessDataWrapper.class) - .getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class); - String spC = RandomStringUtils.randomAlphabetic(2).toUpperCase(); - spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + cc + "+" + spC); - - pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); - pendingReq.getSessionData(AuthProcessDataWrapper.class).setForeigner(false); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.GIVEN_NAME_NAME, givenName); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, familyName); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.BIRTHDATE_NAME, dateOfBirth); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, bpk); - - //set LoA level attribute instead of explicit session-data - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, - pendingReq.getSessionData(AuthProcessDataWrapper.class).getQaaLevel()); - pendingReq.getSessionData(AuthProcessDataWrapper.class).setQaaLevel(null); - - } - - private void checkGenericAttribute(IAuthData authData, String attrName, String expected) { - assertEquals("Wrong: " + attrName, expected, authData.getGenericData(attrName, String.class)); - - } - - private IIdentityLink buildDummyIdl() { - return new IIdentityLink() { - - String familyName = RandomStringUtils.randomAlphabetic(10); - String givenName = RandomStringUtils.randomAlphabetic(10); - String dateOfBirth = "1955-02-03"; - String baseId = RandomStringUtils.randomAlphanumeric(20); - String saml2Serialized = RandomStringUtils.randomAlphanumeric(150); - - - - @Override - public void setSamlAssertion(Element arg0) throws TransformerException, IOException { - - } - - @Override - public void setPublicKey(PublicKey[] arg0) { - // TODO Auto-generated method stub - - } - - @Override - public void setPrPerson(Element arg0) { - // TODO Auto-generated method stub - - } - - @Override - public void setIssueInstant(String arg0) { - // TODO Auto-generated method stub - - } - - @Override - public void setIdentificationValue(String arg0) { - // TODO Auto-generated method stub - - } - - @Override - public void setIdentificationType(String arg0) { - // TODO Auto-generated method stub - - } - - @Override - public void setGivenName(String arg0) { - // TODO Auto-generated method stub - - } - - @Override - public void setFamilyName(String arg0) { - // TODO Auto-generated method stub - - } - - @Override - public void setDsigReferenceTransforms(Element[] arg0) { - // TODO Auto-generated method stub - - } - - @Override - public void setDateOfBirth(String arg0) { - // TODO Auto-generated method stub - - } - - @Override - public String getSerializedSamlAssertion() { - return this.saml2Serialized; - } - - @Override - public Element getSamlAssertion() { - IIdentityLink fullIdl; - try { - fullIdl = new SimpleIdentityLinkAssertionParser( - AuthenticationDataBuilderTest.class.getResourceAsStream("/data/test_idl_1.xml")).parseIdentityLink(); - return fullIdl.getSamlAssertion(); - - } catch (EaafParserException e) { - e.printStackTrace(); - } - - return null; - - } - - @Override - public PublicKey[] getPublicKey() { - // TODO Auto-generated method stub - return null; - } - - @Override - public Element getPrPerson() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getName() { - // TODO Auto-generated method stub - return null; - } - - @Override - public Date getIssueInstantDate() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getIssueInstant() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getIdentificationValue() { - return this.baseId; - } - - @Override - public String getIdentificationType() { - return EaafConstants.URN_PREFIX_BASEID; - } - - @Override - public String getGivenName() { - return this.givenName; - } - - @Override - public String getFamilyName() { - return this.familyName; - } - - @Override - public Element[] getDsigReferenceTransforms() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getDateOfBirth() { - return this.dateOfBirth; - - } - }; - } - -} diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java index c57515a0..ea163e61 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java @@ -31,8 +31,8 @@ import org.springframework.web.context.request.ServletRequestAttributes; import org.w3c.dom.Element; import org.xml.sax.SAXException; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; @@ -48,11 +48,11 @@ import net.shibboleth.utilities.java.support.component.ComponentInitializationEx @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/applicationContext.xml", - "/specific_eIDAS_connector.beans.xml", + "/spring/SpringTest_connector.beans.xml", "/eaaf_core.beans.xml", "/eaaf_pvp.beans.xml", "/eaaf_pvp_idp.beans.xml", - "/spring/SpringTest-context_simple_storage.xml" }) + "/spring/SpringTest-context_simple_storage.xml"}) @ActiveProfiles(profiles = {"deprecatedConfig"}) @WebAppConfiguration @DirtiesContext(classMode = ClassMode.BEFORE_CLASS) diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/CountrySelectionProcessImplTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/CountrySelectionProcessImplTest.java index d0343eba..368a8e4e 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/CountrySelectionProcessImplTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/CountrySelectionProcessImplTest.java @@ -17,8 +17,8 @@ import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.connector.processes.CountrySelectionProcessImpl; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; diff --git a/connector/src/test/resources/config/logback_config.xml b/connector/src/test/resources/config/logback_config.xml index fa27a46a..bb3de3e8 100644 --- a/connector/src/test/resources/config/logback_config.xml +++ b/connector/src/test/resources/config/logback_config.xml @@ -89,10 +89,10 @@ - + - + diff --git a/connector/src/test/resources/spring/SpringTest-context_basic_test.xml b/connector/src/test/resources/spring/SpringTest-context_basic_test.xml deleted file mode 100644 index 5d052be9..00000000 --- a/connector/src/test/resources/spring/SpringTest-context_basic_test.xml +++ /dev/null @@ -1,22 +0,0 @@ - - - - - - - - - - - - \ No newline at end of file diff --git a/connector/src/test/resources/spring/SpringTest-context_healthcheck.xml b/connector/src/test/resources/spring/SpringTest-context_healthcheck.xml deleted file mode 100644 index 3bac88e3..00000000 --- a/connector/src/test/resources/spring/SpringTest-context_healthcheck.xml +++ /dev/null @@ -1,22 +0,0 @@ - - - - - - - - - - - - \ No newline at end of file diff --git a/connector/src/test/resources/spring/SpringTest-context_simple_storage.xml b/connector/src/test/resources/spring/SpringTest-context_simple_storage.xml deleted file mode 100644 index 5ee3e0b8..00000000 --- a/connector/src/test/resources/spring/SpringTest-context_simple_storage.xml +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - \ No newline at end of file diff --git a/connector/src/test/resources/spring/SpringTest_connector.beans.xml b/connector/src/test/resources/spring/SpringTest_connector.beans.xml index 5a1e3f36..9c66ca0f 100644 --- a/connector/src/test/resources/spring/SpringTest_connector.beans.xml +++ b/connector/src/test/resources/spring/SpringTest_connector.beans.xml @@ -10,23 +10,12 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> - - - - - - + + - - - - @@ -45,10 +34,6 @@ - - - @@ -62,54 +47,12 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - msConnectorLib + core_common_lib diff --git a/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/MsConnectorEventCodes.java b/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/MsConnectorEventCodes.java deleted file mode 100644 index cfc434c4..00000000 --- a/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/MsConnectorEventCodes.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.connector; - -public class MsConnectorEventCodes { - - public static final int STARTING_COUNTRY_SELECTION = 4100; - public static final int COUNTRY_SELECTED = 4101; - - public static final int PROCESS_STOPPED_BY_USER = 4102; - - public static final int EIDAS_NODE_CONNECTED = 6101; - public static final int RESPONSE_FROM_EIDAS_NODE = 6102; - public static final int RESPONSE_FROM_EIDAS_NODE_VALID = 6103; - public static final int RESPONSE_FROM_EIDAS_NODE_NOT_VALID = 6104; - public static final int RESPONSE_FROM_EIDAS_MDSDATA = 6105; - - public static final int SZR_IDL_RECEIVED = 6200; - public static final int SZR_BPK_RECEIVED = 6201; - public static final int SZR_VSZ_RECEIVED = 6202; - public static final int SZR_EIDASBIND_RECEIVED = 6203; - public static final int TECH_AUCHBLOCK_CREATED = 6204; - - public static final int SZR_ERNB_EIDAS_RAW_ID = 6210; - public static final int SZR_ERNB_EIDAS_ERNB_ID = 6211; - - - private MsConnectorEventCodes() { - // hidden constructor for class with static values only. - } -} diff --git a/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java b/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java deleted file mode 100644 index 027d0832..00000000 --- a/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java +++ /dev/null @@ -1,179 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector; - -import java.util.Arrays; -import java.util.List; - -import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; - -public class MsEidasNodeConstants { - // ************ configuration properties ************ - public static final String PROP_CONFIG_APPLICATION_PREFIX = "eidas.ms."; - public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX = "context.url.prefix"; - public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION = - "context.url.request.validation"; - public static final String PROP_CONFIG_REVISIONLOG_LOG_IP_ADDRESS_OF_USER = - "revisionlog.logIPAddressOfUser"; - public static final String PROP_CONFIG_REVISIONLOG_WRITE_MDS_INTO_REVISION_LOG = - "revisionlog.write.MDS.into.revisionlog"; - public static final String PROP_CONFIG_TECHNICALLOG_WRITE_MDS_INTO_TECH_LOG = - "technicallog.write.MDS.into.techlog"; - - public static final String PROP_CONFIG_WEBCONTENT_STATIC_PATH = "webcontent.static.directory"; - public static final String PROP_CONFIG_WEBCONTENT_PROPERTIES_PATH = "webcontent.properties"; - public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH = "webcontent.templates"; - - public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_CCSELECTION = "webcontent.templates.countryselection"; - - public static final String PROP_CONFIG_MONITORING_EIDASNODE_METADATAURL = - "monitoring.eIDASNode.metadata.url"; - - private static final String PROP_CONFIG_PVP2_PREFIX = "pvp2."; - public static final String CONFIG_PROPS_KEYSTORE_TYPE = PROP_CONFIG_PVP2_PREFIX + "keystore.type"; - public static final String CONFIG_PROPS_KEYSTORE_NAME = PROP_CONFIG_PVP2_PREFIX + "keystore.name"; - public static final String PROP_CONFIG_PVP2_KEYSTORE_PATH = PROP_CONFIG_PVP2_PREFIX + "keystore.path"; - public static final String PROP_CONFIG_PVP2_KEYSTORE_PASSWORD = PROP_CONFIG_PVP2_PREFIX - + "keystore.password"; - public static final String PROP_CONFIG_PVP2_KEY_METADATA_ALIAS = PROP_CONFIG_PVP2_PREFIX - + "key.metadata.alias"; - public static final String PROP_CONFIG_PVP2_KEY_METADATA_PASSWORD = PROP_CONFIG_PVP2_PREFIX - + "key.metadata.password"; - public static final String PROP_CONFIG_PVP2_KEY_SIGNING_ALIAS = PROP_CONFIG_PVP2_PREFIX - + "key.signing.alias"; - public static final String PROP_CONFIG_PVP2_KEY_SIGNING_PASSWORD = PROP_CONFIG_PVP2_PREFIX - + "key.signing.password"; - public static final String PROP_CONFIG_PVP2_METADATA_VALIDITY = PROP_CONFIG_PVP2_PREFIX - + "metadata.validity"; - - public static final String CONFIG_PROPS_METADATA_CONTACT_GIVENNAME = - PROP_CONFIG_PVP2_PREFIX + "metadata.contact.givenname"; - public static final String CONFIG_PROPS_METADATA_CONTACT_SURNAME = - PROP_CONFIG_PVP2_PREFIX + "metadata.contact.surname"; - public static final String CONFIG_PROPS_METADATA_CONTACT_EMAIL = - PROP_CONFIG_PVP2_PREFIX + "metadata.contact.email"; - public static final String CONFIG_PROPS_METADATA_ORGANISATION_NAME = - PROP_CONFIG_PVP2_PREFIX + "metadata.organisation.name"; - public static final String CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME = - PROP_CONFIG_PVP2_PREFIX + "metadata.organisation.friendyname"; - public static final String CONFIG_PROPS_METADATA_ORGANISATION_URL = - PROP_CONFIG_PVP2_PREFIX + "metadata.organisation.url"; - - // TODO: is not implemented yet - public static final String PROP_CONFIG_SP_VALIDATION_DISABLED = - "configuration.sp.disableRegistrationRequirement"; - - public static final String PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL = - "auth.eIDAS.node_v2.loa.requested.minimum"; - - public static final String PROP_CONFIG_AUTHBLOCK_KEYSTORE_TYPE = - "auth.eIDAS.authblock.keystore.type"; - public static final String PROP_CONFIG_AUTHBLOCK_KEYSTORE_PATH = - "auth.eIDAS.authblock.keystore.path"; - public static final String PROP_CONFIG_AUTHBLOCK_KEYSTORE_PASSWORD = - "auth.eIDAS.authblock.keystore.password"; - public static final String PROP_CONFIG_AUTHBLOCK_KEYSTORE_NAME = - "auth.eIDAS.authblock.keystore.name"; - public static final String PROP_CONFIG_AUTHBLOCK_KEY_ALIAS = - "auth.eIDAS.authblock.key.alias"; - public static final String PROP_CONFIG_AUTHBLOCK_KEY_PASSWORD = - "auth.eIDAS.authblock.key.password"; - - - - - public static final String PROP_CONFIG_SP_LIST_PREFIX = "sp"; - public static final String PROP_CONFIG_SP_UNIQUEIDENTIFIER = EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER; - public static final String PROP_CONFIG_SP_FRIENDLYNAME = "friendlyName"; - public static final String PROP_CONFIG_SP_PVP2_METADATA_URL = "pvp2.metadata.url"; - public static final String PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE = "pvp2.metadata.truststore"; - public static final String PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE_PASSWORD = - "pvp2.metadata.truststore.password"; - public static final String PROP_CONFIG_SP_NEW_EID_MODE = - "newEidMode"; - - public static final String PROP_CONFIG_SP_POLICY_ALLOWED_TARGETS = "policy.allowed.requested.targets"; - public static final String PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION = - "policy.hasBaseIdTransferRestriction"; - - public static final String PROP_CONFIG_PVP_SCHEME_VALIDATION = "configuration.pvp.scheme.validation"; - public static final String PROP_CONFIG_PVP_ENABLE_ENTITYCATEGORIES = - "configuration.pvp.enable.entitycategories"; - - // ********** default values *************** - - // Default policy for SP-targets requested by MOA-ID to ms-specific eIDAS - // Connector - public static final String POLICY_DEFAULT_ALLOWED_TARGETS = ".*"; - // EAAFConstants.URN_PREFIX_CDID.replaceAll("\\.", "\\\\.").replaceAll("\\+", - // "\\\\+") + ".*"; - - public static final int METADATA_SOCKED_TIMEOUT = 20 * 1000; // 20 seconds metadata socked timeout - public static final int DEFAULT_PVP_METADATA_VALIDITY = 24; // 24 hours - public static final int DEFAULT_PVP_ASSERTION_VALIDITY = 5; // 5 minutes - - // ************ application end-points ************* - public static final String ENDPOINT_PVP_METADATA = "/pvp/metadata"; - public static final String ENDPOINT_PVP_POST = "/pvp/post"; - public static final String ENDPOINT_PVP_REDIRECT = "/pvp/redirect"; - - public static final String ENDPOINT_COUNTRYSELECTION = "/myHomeCountry"; - - public static final String ENDPOINT_MONITORING_MONITOR = "/monitoring"; - public static final String ENDPOINT_MONITORING_VERIFY = "/verify"; - - // ************ paths and templates ************ - public static final String CLASSPATH_TEMPLATE_DIR = "/templates/"; - public static final String FILESYSTEM_TEMPLATE_DIR = "./templates/"; - - public static final String TEMPLATE_HTML_ERROR = "error_message.html"; - public static final String TEMPLATE_HTML_PVP_POSTBINDING = "pvp2_post_binding.html"; - public static final String TEMPLATE_HTML_COUNTRYSELECTION = "countrySelection.html"; - - // ************ execution context and generic data ************ - public static final String REQ_PARAM_SELECTED_COUNTRY = "selectedCountry"; - public static final String REQ_PARAM_SELECTED_ENVIRONMENT = "selectedEnvironment"; - public static final String REQ_PARAM_STOP_PROCESS = "stopAuthProcess"; - - public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_PRODUCTION = "prod"; - public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS = "qs"; - public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING = "test"; - public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT = "dev"; - - public static final String DATA_REQUESTERID = "req_requesterId"; - public static final String DATA_PROVIDERNAME = "req_providerName"; - public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA"; - public static final String DATA_REQUESTED_LOA_COMPERISON = "req_requestedLoAComperision"; - - public static final List COUNTRY_SELECTION_PARAM_WHITELIST = - Arrays.asList(REQ_PARAM_SELECTED_COUNTRY, REQ_PARAM_SELECTED_ENVIRONMENT); - - - public static final String EID_BINDING_PUBLIC_KEY_NAME = "urn:eidgvat:attributes.binding.pubkey"; - - private MsEidasNodeConstants() { - //hidden Constructor for class with static values only. - } - -} diff --git a/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/config/BasicConfigurationProvider.java b/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/config/BasicConfigurationProvider.java deleted file mode 100644 index 89ccdfe7..00000000 --- a/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/config/BasicConfigurationProvider.java +++ /dev/null @@ -1,155 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.config; - -import java.net.URL; -import java.util.HashMap; -import java.util.Map; -import java.util.Map.Entry; - -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.context.annotation.Profile; -import org.springframework.stereotype.Service; - -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.idp.conf.AbstractConfigurationImpl; -import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; - -@Service("BasicMSSpecificNodeConfig") -@Profile("deprecatedConfig") -public class BasicConfigurationProvider extends AbstractConfigurationImpl { - private static final Logger log = LoggerFactory.getLogger(BasicConfigurationProvider.class); - - private final Map spConfigCache = new HashMap<>(); - - public BasicConfigurationProvider(String configPath) throws EaafConfigurationException { - super(configPath); - - } - - @Override - public ISpConfiguration getServiceProviderConfiguration(String entityId) throws EaafConfigurationException { - if (!spConfigCache.containsKey(entityId)) { - log.debug("SP: " + entityId + " is NOT cached. Starting load operation ... "); - final Map allSPs = getBasicConfigurationWithPrefix( - MsEidasNodeConstants.PROP_CONFIG_SP_LIST_PREFIX + KeyValueUtils.KEY_DELIMITER); - for (Entry entry : allSPs.entrySet()) { - if (entry.getKey().endsWith(MsEidasNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER) - && entry.getValue().equals(entityId)) { - final String listId = KeyValueUtils.getParentKey(entry.getKey()); - log.trace("Find SP configuration with list-Id: " + listId - + ". Extracting configuration elements ... "); - final Map spConfig = KeyValueUtils.getSubSetWithPrefix(allSPs, listId - + KeyValueUtils.KEY_DELIMITER); - spConfigCache.put(entityId, - new ServiceProviderConfiguration(spConfig, this)); - break; - } - } - - if (spConfigCache.containsKey(entityId)) { - log.info("SP: " + entityId + " is loaded. Continuing auth. process ... "); - } else { - log.warn("SP: " + entityId + " is NOT found in configuration. Stopping auth. process ... "); - return null; - - } - - } else { - log.trace("SP: " + entityId + " is already cached. Use configuration from there ... "); - } - - return spConfigCache.get(entityId); - } - - @Override - public T getServiceProviderConfiguration(String entityId, Class decorator) - throws EaafConfigurationException { - final ISpConfiguration spConfig = getServiceProviderConfiguration(entityId); - if (spConfig != null && decorator != null) { - if (decorator.isInstance(spConfig)) { - return (T) spConfig; - } else { - log.error("SPConfig: " + spConfig.getClass().getName() + " is NOT instance of: " + decorator - .getName()); - } - - } - - return null; - - } - - @Override - public String validateIdpUrl(URL url) throws EaafException { - log.trace("Validate requested URL: " + url); - String urlPrefixFromConfig = getBasicConfiguration( - MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX); - if (StringUtils.isEmpty(urlPrefixFromConfig)) { - log.warn("Application config containts NO URL prefix"); - throw new EaafConfigurationException("config.27", - new Object[] { "Application config containts NO " - + getApplicationSpecificKeyPrefix() - + MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX }); - - } - - // remove last slash - if (urlPrefixFromConfig.endsWith("/")) { - urlPrefixFromConfig = urlPrefixFromConfig.substring(0, urlPrefixFromConfig.length() - 1); - } - - if (getBasicConfigurationBoolean( - MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION, false)) { - if (url != null && url.toExternalForm().startsWith(urlPrefixFromConfig)) { - return urlPrefixFromConfig; - } - - log.info("URL: " + url + " does NOT match to allowed application prefix: " + urlPrefixFromConfig); - return null; - - } else { - return urlPrefixFromConfig; - - } - } - - @Override - public String getApplicationSpecificKeyPrefix() { - return MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PREFIX; - - } - - @Override - protected String getBackupConfigPath() { - return null; - - } - -} diff --git a/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java b/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java deleted file mode 100644 index 31d521c0..00000000 --- a/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.config; - -import java.util.Arrays; -import java.util.List; -import java.util.Map; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.idp.conf.SpConfigurationImpl; -import lombok.Getter; -import lombok.Setter; - -public class ServiceProviderConfiguration extends SpConfigurationImpl { - private static final long serialVersionUID = 1L; - private static final Logger log = LoggerFactory.getLogger(ServiceProviderConfiguration.class); - - private List minimumLoA = Arrays.asList(EaafConstants.EIDAS_LOA_HIGH); - private String bpkTargetIdentifier; - private String loaMachtingMode = EaafConstants.EIDAS_LOA_MATCHING_MINIMUM; - - @Setter - @Getter - private List mandateProfiles; - - @Getter - @Setter - private SpMandateModes mandateMode = SpMandateModes.NONE; - - public ServiceProviderConfiguration(Map spConfig, IConfiguration authConfig) { - super(spConfig, authConfig); - - } - - @Override - public boolean hasBaseIdInternalProcessingRestriction() { - return false; - - } - - - @Override - public boolean hasBaseIdTransferRestriction() { - final Boolean spConfigPolicy = isConfigurationValue( - MsEidasNodeConstants.PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION); - if (spConfigPolicy) { - return spConfigPolicy; - - } else { - log.trace("SP configuration defines no baseID transfer restriction. Enforce default policy ..."); - for (final String el : getTargetsWithNoBaseIdTransferRestriction()) { - if (this.bpkTargetIdentifier != null && this.bpkTargetIdentifier.startsWith(el)) { - log.debug("SP-Target: " + this.bpkTargetIdentifier - + " has NO baseID transfer restriction in default policy"); - return false; - - } - } - } - - log.debug("Default-policy defines baseID transfer restriction for SP-Target: " - + this.bpkTargetIdentifier); - return true; - } - - @Override - public List getRequiredLoA() { - return minimumLoA; - - } - - @Override - public String getLoAMatchingMode() { - return loaMachtingMode; - - } - - @Override - public String getAreaSpecificTargetIdentifier() { - return bpkTargetIdentifier; - } - - @Override - public String getFriendlyName() { - return getConfigurationValue( - MsEidasNodeConstants.PROP_CONFIG_SP_FRIENDLYNAME, - "NO FRIENDLYNAME SET"); - - } - - /** - * Set the minimum level of eIDAS authentication for this SP
- * Default: http://eidas.europa.eu/LoA/high
- * Info: In case of MINIMUM matching-mode, only one entry is allowed - * - * @param minimumLoA eIDAS LoA URIs - */ - - public void setRequiredLoA(List minimumLoA) { - this.minimumLoA = minimumLoA; - } - - /** - * Set the mode of operation for LoA matching for this SP. Default: - * minimum
- * Info: Currently only 'minimum' and 'exact' are supported - * - * @param mode LoA matching mode according to SAML2 core specification - */ - public void setLoAMachtingMode(String mode) { - this.loaMachtingMode = mode; - } - - /** - * Set the bPK Target for this service provider. - * - * @param bpkTargetIdentifier Set the bPK sector - * @throws EAAFException If the bPKTargetIdentifier is NOT ALLOWED for this - * service provider - */ - public void setBpkTargetIdentifier(String bpkTargetIdentifier) throws EaafException { - final String allowedTargetIdentifierRegExPattern = getConfigurationValue( - MsEidasNodeConstants.PROP_CONFIG_SP_POLICY_ALLOWED_TARGETS, - MsEidasNodeConstants.POLICY_DEFAULT_ALLOWED_TARGETS); - log.trace("Use bPK-target regex pattern: " + allowedTargetIdentifierRegExPattern); - - final Pattern p = Pattern.compile(allowedTargetIdentifierRegExPattern); - final Matcher m = p.matcher(bpkTargetIdentifier); - if (m.matches()) { - log.debug("Requested bPK-target: " + bpkTargetIdentifier + " matches regex pattern"); - this.bpkTargetIdentifier = bpkTargetIdentifier; - - } else { - log.warn("Requested bPK-target: " + bpkTargetIdentifier + " does NOT match regex pattern."); - throw new EaafException("auth.37", new Object[] { bpkTargetIdentifier, getUniqueIdentifier() }); - - } - - } - -} diff --git a/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/config/SpringBootBasicConfigurationProvider.java b/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/config/SpringBootBasicConfigurationProvider.java deleted file mode 100644 index 76e2c01f..00000000 --- a/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/config/SpringBootBasicConfigurationProvider.java +++ /dev/null @@ -1,122 +0,0 @@ -package at.asitplus.eidas.specific.connector.config; - -import java.net.URL; -import java.util.HashMap; -import java.util.Map; -import java.util.Map.Entry; - -import org.apache.commons.lang3.StringUtils; - -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.idp.conf.AbstractSpringBootConfigurationImpl; -import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; -import lombok.extern.slf4j.Slf4j; - -@Slf4j -public class SpringBootBasicConfigurationProvider extends AbstractSpringBootConfigurationImpl { - - private final Map spConfigCache = new HashMap<>(); - - @Override - public ISpConfiguration getServiceProviderConfiguration(String entityId) throws EaafConfigurationException { - if (!spConfigCache.containsKey(entityId)) { - log.debug("SP: " + entityId + " is NOT cached. Starting load operation ... "); - final Map allSPs = getBasicConfigurationWithPrefix( - MsEidasNodeConstants.PROP_CONFIG_SP_LIST_PREFIX); - for (Entry entry : allSPs.entrySet()) { - if (entry.getKey().endsWith(MsEidasNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER) - && entry.getValue().equals(entityId)) { - final String listId = KeyValueUtils.getParentKey(entry.getKey()); - log.trace("Find SP configuration with list-Id: " + listId - + ". Extracting configuration elements ... "); - final Map spConfig = KeyValueUtils.getSubSetWithPrefix(allSPs, listId - + KeyValueUtils.KEY_DELIMITER); - spConfigCache.put(entityId, - new ServiceProviderConfiguration(spConfig, this)); - break; - } - } - - if (spConfigCache.containsKey(entityId)) { - log.info("SP: " + entityId + " is loaded. Continuing auth. process ... "); - } else { - log.warn("SP: " + entityId + " is NOT found in configuration. Stopping auth. process ... "); - return null; - - } - - } else { - log.trace("SP: " + entityId + " is already cached. Use configuration from there ... "); - } - - return spConfigCache.get(entityId); - } - - @Override - public T getServiceProviderConfiguration(String entityId, Class decorator) - throws EaafConfigurationException { - final ISpConfiguration spConfig = getServiceProviderConfiguration(entityId); - if (spConfig != null && decorator != null) { - if (decorator.isInstance(spConfig)) { - return (T) spConfig; - } else { - log.error("SPConfig: " + spConfig.getClass().getName() + " is NOT instance of: " + decorator - .getName()); - } - - } - - return null; - - } - - @Override - public String validateIdpUrl(URL url) throws EaafException { - log.trace("Validate requested URL: " + url); - String urlPrefixFromConfig = getBasicConfiguration( - MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX); - if (StringUtils.isEmpty(urlPrefixFromConfig)) { - log.warn("Application config containts NO URL prefix"); - throw new EaafConfigurationException("config.27", - new Object[] { "Application config containts NO " - + getApplicationSpecificKeyPrefix() - + MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX }); - - } - - // remove last slash - if (urlPrefixFromConfig.endsWith("/")) { - urlPrefixFromConfig = urlPrefixFromConfig.substring(0, urlPrefixFromConfig.length() - 1); - } - - if (getBasicConfigurationBoolean( - MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION, false)) { - if (url != null && url.toExternalForm().startsWith(urlPrefixFromConfig)) { - return urlPrefixFromConfig; - } - - log.info("URL: " + url + " does NOT match to allowed application prefix: " + urlPrefixFromConfig); - return null; - - } else { - return urlPrefixFromConfig; - - } - } - - @Override - public String getApplicationSpecificKeyPrefix() { - return MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PREFIX; - - } - - @Override - protected String getBackupConfigPath() { - return null; - - } - -} diff --git a/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/DefaultVelocityGuiBuilderImpl.java b/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/DefaultVelocityGuiBuilderImpl.java deleted file mode 100644 index 2283081e..00000000 --- a/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/DefaultVelocityGuiBuilderImpl.java +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.gui; - -import java.io.InputStream; - -import javax.servlet.http.HttpServletRequest; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.http.MediaType; -import org.springframework.stereotype.Service; - -import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.exceptions.GuiBuildException; -import at.gv.egiz.eaaf.core.impl.gui.AbstractVelocityGuiFormBuilderImpl; - -@Service("velocityGUIBuilderImpl") -public class DefaultVelocityGuiBuilderImpl extends AbstractVelocityGuiFormBuilderImpl { - private static final Logger log = LoggerFactory.getLogger(DefaultVelocityGuiBuilderImpl.class); - - private static final String CLASSPATH_HTMLTEMPLATES_DIR = "templates/"; - - public DefaultVelocityGuiBuilderImpl() throws GuiBuildException { - super(); - - } - - @Override - protected InputStream getInternalTemplate(IVelocityGuiBuilderConfiguration config) - throws GuiBuildException { - final String viewName = config.getViewName(); - log.debug("GUI template:" + viewName + " is not found in configuration directory. " - + " Load template from project library ... "); - final String pathLocation = getInternalClasspathTemplateDir(config, CLASSPATH_HTMLTEMPLATES_DIR) - + viewName; - try { - final InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(pathLocation); - return is; - - } catch (final Exception e1) { - log.error("GUI template:" + pathLocation + " is NOT loadable from classpath!", e1); - throw new GuiBuildException("GUI template:" + pathLocation + " is NOT loadable from classpath!", e1); - - } - } - - @Override - public String evaluateResponseContentType(HttpServletRequest httpReq, IGuiBuilderConfiguration config, - String loggerName) throws GuiBuildException { - return MediaType.TEXT_HTML_VALUE; - - } - -} diff --git a/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/GuiBuilderConfigurationFactory.java b/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/GuiBuilderConfigurationFactory.java deleted file mode 100644 index 91713cd4..00000000 --- a/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/GuiBuilderConfigurationFactory.java +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.gui; - -import java.net.MalformedURLException; -import java.net.URI; - -import javax.annotation.Nonnull; - -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.io.ResourceLoader; -import org.springframework.stereotype.Service; - -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfigurationFactory; -import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; - -@Service("GUIBuilderConfigurationFactory") -public class GuiBuilderConfigurationFactory implements IGuiBuilderConfigurationFactory { - @Autowired(required = true) private IConfiguration basicConfig; - @Autowired(required = true) private ResourceLoader resourceLoader; - - @Override - public IGuiBuilderConfiguration getDefaultErrorGui(String authUrl) { - return new StaticGuiBuilderConfiguration(basicConfig, authUrl, MsEidasNodeConstants.TEMPLATE_HTML_ERROR, - null, resourceLoader); - } - - @Override - public IVelocityGuiBuilderConfiguration getSpSpecificSaml2PostConfiguration(IRequest pendingReq, - String viewName, URI configRootContextDir) - throws MalformedURLException { - return new StaticGuiBuilderConfiguration(basicConfig, pendingReq, - MsEidasNodeConstants.TEMPLATE_HTML_PVP_POSTBINDING, null, resourceLoader); - } - - @Override - public IGuiBuilderConfiguration getDefaultIFrameParentHopGui(IRequest pendingReq, - @Nonnull String endpoint, @Nonnull String errorId) { - //TODO: implement if iFrame to parent hop is needed - throw new RuntimeException("Operation not supported yet."); - - } - -} diff --git a/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/StaticGuiBuilderConfiguration.java b/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/StaticGuiBuilderConfiguration.java deleted file mode 100644 index 9701ddda..00000000 --- a/core_common_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/StaticGuiBuilderConfiguration.java +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.gui; - -import java.io.IOException; -import java.io.InputStream; - -import org.apache.commons.text.StringEscapeUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.core.io.Resource; -import org.springframework.core.io.ResourceLoader; - -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.gui.GroupDefinition; -import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration; -import at.gv.egiz.eaaf.core.impl.utils.FileUtils; - -public class StaticGuiBuilderConfiguration extends AbstractGuiFormBuilderConfiguration implements - IVelocityGuiBuilderConfiguration, ModifyableGuiBuilderConfiguration { - private static final Logger log = LoggerFactory.getLogger(StaticGuiBuilderConfiguration.class); - - private IRequest pendingReq = null; - private IConfiguration basicConfig = null; - private ResourceLoader resourceLoader; - - /** - * Static resource configuration for GUI Builder implementations. - * - * @param basicConfig basicConfig - * @param authUrl Public URL of the application - * @param viewName Name of the template - * @param formSubmitEndpoint Form Submit end-point, if template contains a form. - * @param resourceLoader Spring ResourceLoader implementation - */ - public StaticGuiBuilderConfiguration(IConfiguration basicConfig, String authUrl, String viewName, - String formSubmitEndpoint, ResourceLoader resourceLoader) { - super(authUrl, viewName, formSubmitEndpoint); - this.basicConfig = basicConfig; - this.resourceLoader = resourceLoader; - - } - - /** - * Static resource configuration for GUI Builder implementations. - * - * @param basicConfig Application configuration - * @param pendingReq Current pending request - * @param viewName Name of the template - * @param formSubmitEndpoint Form Submit end-point, if template contains a form. - * @param resourceLoader Spring ResourceLoader implementation - */ - public StaticGuiBuilderConfiguration(IConfiguration basicConfig, IRequest pendingReq, String viewName, - String formSubmitEndpoint, ResourceLoader resourceLoader) { - super(pendingReq.getAuthUrl(), viewName, formSubmitEndpoint); - this.pendingReq = pendingReq; - this.basicConfig = basicConfig; - this.resourceLoader = resourceLoader; - - } - - @Override - public String getClasspathTemplateDir() { - return MsEidasNodeConstants.CLASSPATH_TEMPLATE_DIR; - - } - - @Override - public String getDefaultContentType() { - return null; - - } - - @Override - public InputStream getTemplate(String viewName) { - final String templateUrl = MsEidasNodeConstants.FILESYSTEM_TEMPLATE_DIR + viewName; - try { - final String absUrl = FileUtils.makeAbsoluteUrl(templateUrl, this.basicConfig - .getConfigurationRootDirectory()); - log.debug("Load template URL for view: " + viewName + " from: " + absUrl); - Resource resource = resourceLoader.getResource(absUrl); - return resource.getInputStream(); - - } catch (IOException e) { - log.info("Can can build filesytem path to template: " + templateUrl - + " Reason: " + e.getMessage()); - - } - - return null; - } - - @Override - public void putCustomParameterWithOutEscaption(GroupDefinition group, String key, Object value) { - setViewParameter(getFromGroup(), key, value); - - } - - @Override - public void putCustomParameter(GroupDefinition group, String key, String value) { - setViewParameter(getFromGroup(), key, StringEscapeUtils.escapeHtml4(value)); - - } - - @Override - protected void putSpecificViewParameters() { - if (pendingReq != null) { - setViewParameter(getFromGroup(), PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml4(pendingReq - .getPendingRequestId())); - setViewParameter(getFromGroup(), PARAM_PENDINGREQUESTID_DEPRECATED, StringEscapeUtils.escapeHtml4( - pendingReq.getPendingRequestId())); - - } - - } - - @Override - protected GroupDefinition getFromGroup() { - return null; - - } - -} diff --git a/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsConnectorEventCodes.java b/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsConnectorEventCodes.java new file mode 100644 index 00000000..d15cf77c --- /dev/null +++ b/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsConnectorEventCodes.java @@ -0,0 +1,52 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.core; + +public class MsConnectorEventCodes { + + public static final int STARTING_COUNTRY_SELECTION = 4100; + public static final int COUNTRY_SELECTED = 4101; + + public static final int PROCESS_STOPPED_BY_USER = 4102; + + public static final int EIDAS_NODE_CONNECTED = 6101; + public static final int RESPONSE_FROM_EIDAS_NODE = 6102; + public static final int RESPONSE_FROM_EIDAS_NODE_VALID = 6103; + public static final int RESPONSE_FROM_EIDAS_NODE_NOT_VALID = 6104; + public static final int RESPONSE_FROM_EIDAS_MDSDATA = 6105; + + public static final int SZR_IDL_RECEIVED = 6200; + public static final int SZR_BPK_RECEIVED = 6201; + public static final int SZR_VSZ_RECEIVED = 6202; + public static final int SZR_EIDASBIND_RECEIVED = 6203; + public static final int TECH_AUCHBLOCK_CREATED = 6204; + + public static final int SZR_ERNB_EIDAS_RAW_ID = 6210; + public static final int SZR_ERNB_EIDAS_ERNB_ID = 6211; + + + private MsConnectorEventCodes() { + // hidden constructor for class with static values only. + } +} diff --git a/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsEidasNodeConstants.java b/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsEidasNodeConstants.java new file mode 100644 index 00000000..ecf5cf67 --- /dev/null +++ b/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsEidasNodeConstants.java @@ -0,0 +1,229 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.core; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; + +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.impl.data.Triple; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder; + +public class MsEidasNodeConstants { + // ************ configuration properties ************ + public static final String PROP_CONFIG_APPLICATION_PREFIX = "eidas.ms."; + public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX = "context.url.prefix"; + public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION = + "context.url.request.validation"; + public static final String PROP_CONFIG_REVISIONLOG_LOG_IP_ADDRESS_OF_USER = + "revisionlog.logIPAddressOfUser"; + public static final String PROP_CONFIG_REVISIONLOG_WRITE_MDS_INTO_REVISION_LOG = + "revisionlog.write.MDS.into.revisionlog"; + public static final String PROP_CONFIG_TECHNICALLOG_WRITE_MDS_INTO_TECH_LOG = + "technicallog.write.MDS.into.techlog"; + + public static final String PROP_CONFIG_WEBCONTENT_STATIC_PATH = "webcontent.static.directory"; + public static final String PROP_CONFIG_WEBCONTENT_PROPERTIES_PATH = "webcontent.properties"; + public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH = "webcontent.templates"; + + public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_CCSELECTION = "webcontent.templates.countryselection"; + + public static final String PROP_CONFIG_MONITORING_EIDASNODE_METADATAURL = + "monitoring.eIDASNode.metadata.url"; + + private static final String PROP_CONFIG_PVP2_PREFIX = "pvp2."; + public static final String CONFIG_PROPS_KEYSTORE_TYPE = PROP_CONFIG_PVP2_PREFIX + "keystore.type"; + public static final String CONFIG_PROPS_KEYSTORE_NAME = PROP_CONFIG_PVP2_PREFIX + "keystore.name"; + public static final String PROP_CONFIG_PVP2_KEYSTORE_PATH = PROP_CONFIG_PVP2_PREFIX + "keystore.path"; + public static final String PROP_CONFIG_PVP2_KEYSTORE_PASSWORD = PROP_CONFIG_PVP2_PREFIX + + "keystore.password"; + public static final String PROP_CONFIG_PVP2_KEY_METADATA_ALIAS = PROP_CONFIG_PVP2_PREFIX + + "key.metadata.alias"; + public static final String PROP_CONFIG_PVP2_KEY_METADATA_PASSWORD = PROP_CONFIG_PVP2_PREFIX + + "key.metadata.password"; + public static final String PROP_CONFIG_PVP2_KEY_SIGNING_ALIAS = PROP_CONFIG_PVP2_PREFIX + + "key.signing.alias"; + public static final String PROP_CONFIG_PVP2_KEY_SIGNING_PASSWORD = PROP_CONFIG_PVP2_PREFIX + + "key.signing.password"; + public static final String PROP_CONFIG_PVP2_METADATA_VALIDITY = PROP_CONFIG_PVP2_PREFIX + + "metadata.validity"; + + public static final String CONFIG_PROPS_METADATA_CONTACT_GIVENNAME = + PROP_CONFIG_PVP2_PREFIX + "metadata.contact.givenname"; + public static final String CONFIG_PROPS_METADATA_CONTACT_SURNAME = + PROP_CONFIG_PVP2_PREFIX + "metadata.contact.surname"; + public static final String CONFIG_PROPS_METADATA_CONTACT_EMAIL = + PROP_CONFIG_PVP2_PREFIX + "metadata.contact.email"; + public static final String CONFIG_PROPS_METADATA_ORGANISATION_NAME = + PROP_CONFIG_PVP2_PREFIX + "metadata.organisation.name"; + public static final String CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME = + PROP_CONFIG_PVP2_PREFIX + "metadata.organisation.friendyname"; + public static final String CONFIG_PROPS_METADATA_ORGANISATION_URL = + PROP_CONFIG_PVP2_PREFIX + "metadata.organisation.url"; + + // TODO: is not implemented yet + public static final String PROP_CONFIG_SP_VALIDATION_DISABLED = + "configuration.sp.disableRegistrationRequirement"; + + public static final String PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL = + "auth.eIDAS.node_v2.loa.requested.minimum"; + + public static final String PROP_CONFIG_AUTHBLOCK_KEYSTORE_TYPE = + "auth.eIDAS.authblock.keystore.type"; + public static final String PROP_CONFIG_AUTHBLOCK_KEYSTORE_PATH = + "auth.eIDAS.authblock.keystore.path"; + public static final String PROP_CONFIG_AUTHBLOCK_KEYSTORE_PASSWORD = + "auth.eIDAS.authblock.keystore.password"; + public static final String PROP_CONFIG_AUTHBLOCK_KEYSTORE_NAME = + "auth.eIDAS.authblock.keystore.name"; + public static final String PROP_CONFIG_AUTHBLOCK_KEY_ALIAS = + "auth.eIDAS.authblock.key.alias"; + public static final String PROP_CONFIG_AUTHBLOCK_KEY_PASSWORD = + "auth.eIDAS.authblock.key.password"; + + + + + public static final String PROP_CONFIG_SP_LIST_PREFIX = "sp"; + public static final String PROP_CONFIG_SP_UNIQUEIDENTIFIER = EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER; + public static final String PROP_CONFIG_SP_FRIENDLYNAME = "friendlyName"; + public static final String PROP_CONFIG_SP_PVP2_METADATA_URL = "pvp2.metadata.url"; + public static final String PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE = "pvp2.metadata.truststore"; + public static final String PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE_PASSWORD = + "pvp2.metadata.truststore.password"; + public static final String PROP_CONFIG_SP_NEW_EID_MODE = + "newEidMode"; + + public static final String PROP_CONFIG_SP_POLICY_ALLOWED_TARGETS = "policy.allowed.requested.targets"; + public static final String PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION = + "policy.hasBaseIdTransferRestriction"; + + public static final String PROP_CONFIG_PVP_SCHEME_VALIDATION = "configuration.pvp.scheme.validation"; + public static final String PROP_CONFIG_PVP_ENABLE_ENTITYCATEGORIES = + "configuration.pvp.enable.entitycategories"; + + // ********** default values *************** + + // Default policy for SP-targets requested by MOA-ID to ms-specific eIDAS + // Connector + public static final String POLICY_DEFAULT_ALLOWED_TARGETS = ".*"; + // EAAFConstants.URN_PREFIX_CDID.replaceAll("\\.", "\\\\.").replaceAll("\\+", + // "\\\\+") + ".*"; + + public static final int METADATA_SOCKED_TIMEOUT = 20 * 1000; // 20 seconds metadata socked timeout + public static final int DEFAULT_PVP_METADATA_VALIDITY = 24; // 24 hours + public static final int DEFAULT_PVP_ASSERTION_VALIDITY = 5; // 5 minutes + + // ************ application end-points ************* + public static final String ENDPOINT_PVP_METADATA = "/pvp/metadata"; + public static final String ENDPOINT_PVP_POST = "/pvp/post"; + public static final String ENDPOINT_PVP_REDIRECT = "/pvp/redirect"; + + public static final String ENDPOINT_COUNTRYSELECTION = "/myHomeCountry"; + + public static final String ENDPOINT_MONITORING_MONITOR = "/monitoring"; + public static final String ENDPOINT_MONITORING_VERIFY = "/verify"; + + // ************ paths and templates ************ + public static final String CLASSPATH_TEMPLATE_DIR = "/templates/"; + public static final String FILESYSTEM_TEMPLATE_DIR = "./templates/"; + + public static final String TEMPLATE_HTML_ERROR = "error_message.html"; + public static final String TEMPLATE_HTML_PVP_POSTBINDING = "pvp2_post_binding.html"; + public static final String TEMPLATE_HTML_COUNTRYSELECTION = "countrySelection.html"; + + // ************ execution context and generic data ************ + public static final String REQ_PARAM_SELECTED_COUNTRY = "selectedCountry"; + public static final String REQ_PARAM_SELECTED_ENVIRONMENT = "selectedEnvironment"; + public static final String REQ_PARAM_STOP_PROCESS = "stopAuthProcess"; + + public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_PRODUCTION = "prod"; + public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS = "qs"; + public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING = "test"; + public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT = "dev"; + + public static final String DATA_REQUESTERID = "req_requesterId"; + public static final String DATA_PROVIDERNAME = "req_providerName"; + public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA"; + public static final String DATA_REQUESTED_LOA_COMPERISON = "req_requestedLoAComperision"; + + public static final List COUNTRY_SELECTION_PARAM_WHITELIST = + Arrays.asList(REQ_PARAM_SELECTED_COUNTRY, REQ_PARAM_SELECTED_ENVIRONMENT); + + + public static final String EID_BINDING_PUBLIC_KEY_NAME = "urn:eidgvat:attributes.binding.pubkey"; + + + // ---- Attribute configuration ------ + public static final String ATTR_EIDAS_PERSONAL_IDENTIFIER = + AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + PvpAttributeDefinitions.BPK_NAME; + public static final String ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER = + AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME; + public static final String ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER = + AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME; + + public static final String AUTH_DATA_SZR_AUTHBLOCK = "authData_AUTHBLOCK"; + public static final String AUTH_DATA_EIDAS_BIND = "authData_EIDAS_BIND"; + + + public static final List> DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES = + Collections.unmodifiableList(new ArrayList>() { + private static final long serialVersionUID = 1L; + { + add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, + PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, + PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, + PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false)); + + } + }); + + public static final List> DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES = + Collections.unmodifiableList(new ArrayList>() { + private static final long serialVersionUID = 1L; + { + add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, + PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false)); + + } + }); + + + private MsEidasNodeConstants() { + //hidden Constructor for class with static values only. + } + +} diff --git a/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/BasicConfigurationProvider.java b/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/BasicConfigurationProvider.java new file mode 100644 index 00000000..3a1bdc9c --- /dev/null +++ b/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/BasicConfigurationProvider.java @@ -0,0 +1,155 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.core.config; + +import java.net.URL; +import java.util.HashMap; +import java.util.Map; +import java.util.Map.Entry; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.context.annotation.Profile; +import org.springframework.stereotype.Service; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.idp.conf.AbstractConfigurationImpl; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; + +@Service("BasicMSSpecificNodeConfig") +@Profile("deprecatedConfig") +public class BasicConfigurationProvider extends AbstractConfigurationImpl { + private static final Logger log = LoggerFactory.getLogger(BasicConfigurationProvider.class); + + private final Map spConfigCache = new HashMap<>(); + + public BasicConfigurationProvider(String configPath) throws EaafConfigurationException { + super(configPath); + + } + + @Override + public ISpConfiguration getServiceProviderConfiguration(String entityId) throws EaafConfigurationException { + if (!spConfigCache.containsKey(entityId)) { + log.debug("SP: " + entityId + " is NOT cached. Starting load operation ... "); + final Map allSPs = getBasicConfigurationWithPrefix( + MsEidasNodeConstants.PROP_CONFIG_SP_LIST_PREFIX + KeyValueUtils.KEY_DELIMITER); + for (Entry entry : allSPs.entrySet()) { + if (entry.getKey().endsWith(MsEidasNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER) + && entry.getValue().equals(entityId)) { + final String listId = KeyValueUtils.getParentKey(entry.getKey()); + log.trace("Find SP configuration with list-Id: " + listId + + ". Extracting configuration elements ... "); + final Map spConfig = KeyValueUtils.getSubSetWithPrefix(allSPs, listId + + KeyValueUtils.KEY_DELIMITER); + spConfigCache.put(entityId, + new ServiceProviderConfiguration(spConfig, this)); + break; + } + } + + if (spConfigCache.containsKey(entityId)) { + log.info("SP: " + entityId + " is loaded. Continuing auth. process ... "); + } else { + log.warn("SP: " + entityId + " is NOT found in configuration. Stopping auth. process ... "); + return null; + + } + + } else { + log.trace("SP: " + entityId + " is already cached. Use configuration from there ... "); + } + + return spConfigCache.get(entityId); + } + + @Override + public T getServiceProviderConfiguration(String entityId, Class decorator) + throws EaafConfigurationException { + final ISpConfiguration spConfig = getServiceProviderConfiguration(entityId); + if (spConfig != null && decorator != null) { + if (decorator.isInstance(spConfig)) { + return (T) spConfig; + } else { + log.error("SPConfig: " + spConfig.getClass().getName() + " is NOT instance of: " + decorator + .getName()); + } + + } + + return null; + + } + + @Override + public String validateIdpUrl(URL url) throws EaafException { + log.trace("Validate requested URL: " + url); + String urlPrefixFromConfig = getBasicConfiguration( + MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX); + if (StringUtils.isEmpty(urlPrefixFromConfig)) { + log.warn("Application config containts NO URL prefix"); + throw new EaafConfigurationException("config.27", + new Object[] { "Application config containts NO " + + getApplicationSpecificKeyPrefix() + + MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX }); + + } + + // remove last slash + if (urlPrefixFromConfig.endsWith("/")) { + urlPrefixFromConfig = urlPrefixFromConfig.substring(0, urlPrefixFromConfig.length() - 1); + } + + if (getBasicConfigurationBoolean( + MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION, false)) { + if (url != null && url.toExternalForm().startsWith(urlPrefixFromConfig)) { + return urlPrefixFromConfig; + } + + log.info("URL: " + url + " does NOT match to allowed application prefix: " + urlPrefixFromConfig); + return null; + + } else { + return urlPrefixFromConfig; + + } + } + + @Override + public String getApplicationSpecificKeyPrefix() { + return MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PREFIX; + + } + + @Override + protected String getBackupConfigPath() { + return null; + + } + +} diff --git a/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/ServiceProviderConfiguration.java b/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/ServiceProviderConfiguration.java new file mode 100644 index 00000000..5ca1c8c5 --- /dev/null +++ b/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/ServiceProviderConfiguration.java @@ -0,0 +1,171 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.core.config; + +import java.util.Arrays; +import java.util.List; +import java.util.Map; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.idp.conf.SpConfigurationImpl; +import lombok.Getter; +import lombok.Setter; + +public class ServiceProviderConfiguration extends SpConfigurationImpl { + private static final long serialVersionUID = 1L; + private static final Logger log = LoggerFactory.getLogger(ServiceProviderConfiguration.class); + + private List minimumLoA = Arrays.asList(EaafConstants.EIDAS_LOA_HIGH); + private String bpkTargetIdentifier; + private String loaMachtingMode = EaafConstants.EIDAS_LOA_MATCHING_MINIMUM; + + @Setter + @Getter + private List mandateProfiles; + + @Getter + @Setter + private SpMandateModes mandateMode = SpMandateModes.NONE; + + public ServiceProviderConfiguration(Map spConfig, IConfiguration authConfig) { + super(spConfig, authConfig); + + } + + @Override + public boolean hasBaseIdInternalProcessingRestriction() { + return false; + + } + + + @Override + public boolean hasBaseIdTransferRestriction() { + final Boolean spConfigPolicy = isConfigurationValue( + MsEidasNodeConstants.PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION); + if (spConfigPolicy) { + return spConfigPolicy; + + } else { + log.trace("SP configuration defines no baseID transfer restriction. Enforce default policy ..."); + for (final String el : getTargetsWithNoBaseIdTransferRestriction()) { + if (this.bpkTargetIdentifier != null && this.bpkTargetIdentifier.startsWith(el)) { + log.debug("SP-Target: " + this.bpkTargetIdentifier + + " has NO baseID transfer restriction in default policy"); + return false; + + } + } + } + + log.debug("Default-policy defines baseID transfer restriction for SP-Target: " + + this.bpkTargetIdentifier); + return true; + } + + @Override + public List getRequiredLoA() { + return minimumLoA; + + } + + @Override + public String getLoAMatchingMode() { + return loaMachtingMode; + + } + + @Override + public String getAreaSpecificTargetIdentifier() { + return bpkTargetIdentifier; + } + + @Override + public String getFriendlyName() { + return getConfigurationValue( + MsEidasNodeConstants.PROP_CONFIG_SP_FRIENDLYNAME, + "NO FRIENDLYNAME SET"); + + } + + /** + * Set the minimum level of eIDAS authentication for this SP
+ * Default: http://eidas.europa.eu/LoA/high
+ * Info: In case of MINIMUM matching-mode, only one entry is allowed + * + * @param minimumLoA eIDAS LoA URIs + */ + + public void setRequiredLoA(List minimumLoA) { + this.minimumLoA = minimumLoA; + } + + /** + * Set the mode of operation for LoA matching for this SP. Default: + * minimum
+ * Info: Currently only 'minimum' and 'exact' are supported + * + * @param mode LoA matching mode according to SAML2 core specification + */ + public void setLoAMachtingMode(String mode) { + this.loaMachtingMode = mode; + } + + /** + * Set the bPK Target for this service provider. + * + * @param bpkTargetIdentifier Set the bPK sector + * @throws EAAFException If the bPKTargetIdentifier is NOT ALLOWED for this + * service provider + */ + public void setBpkTargetIdentifier(String bpkTargetIdentifier) throws EaafException { + final String allowedTargetIdentifierRegExPattern = getConfigurationValue( + MsEidasNodeConstants.PROP_CONFIG_SP_POLICY_ALLOWED_TARGETS, + MsEidasNodeConstants.POLICY_DEFAULT_ALLOWED_TARGETS); + log.trace("Use bPK-target regex pattern: " + allowedTargetIdentifierRegExPattern); + + final Pattern p = Pattern.compile(allowedTargetIdentifierRegExPattern); + final Matcher m = p.matcher(bpkTargetIdentifier); + if (m.matches()) { + log.debug("Requested bPK-target: " + bpkTargetIdentifier + " matches regex pattern"); + this.bpkTargetIdentifier = bpkTargetIdentifier; + + } else { + log.warn("Requested bPK-target: " + bpkTargetIdentifier + " does NOT match regex pattern."); + throw new EaafException("auth.37", new Object[] { bpkTargetIdentifier, getUniqueIdentifier() }); + + } + + } + +} diff --git a/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/SpringBootBasicConfigurationProvider.java b/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/SpringBootBasicConfigurationProvider.java new file mode 100644 index 00000000..f5492913 --- /dev/null +++ b/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/SpringBootBasicConfigurationProvider.java @@ -0,0 +1,122 @@ +package at.asitplus.eidas.specific.core.config; + +import java.net.URL; +import java.util.HashMap; +import java.util.Map; +import java.util.Map.Entry; + +import org.apache.commons.lang3.StringUtils; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.idp.conf.AbstractSpringBootConfigurationImpl; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class SpringBootBasicConfigurationProvider extends AbstractSpringBootConfigurationImpl { + + private final Map spConfigCache = new HashMap<>(); + + @Override + public ISpConfiguration getServiceProviderConfiguration(String entityId) throws EaafConfigurationException { + if (!spConfigCache.containsKey(entityId)) { + log.debug("SP: " + entityId + " is NOT cached. Starting load operation ... "); + final Map allSPs = getBasicConfigurationWithPrefix( + MsEidasNodeConstants.PROP_CONFIG_SP_LIST_PREFIX); + for (Entry entry : allSPs.entrySet()) { + if (entry.getKey().endsWith(MsEidasNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER) + && entry.getValue().equals(entityId)) { + final String listId = KeyValueUtils.getParentKey(entry.getKey()); + log.trace("Find SP configuration with list-Id: " + listId + + ". Extracting configuration elements ... "); + final Map spConfig = KeyValueUtils.getSubSetWithPrefix(allSPs, listId + + KeyValueUtils.KEY_DELIMITER); + spConfigCache.put(entityId, + new ServiceProviderConfiguration(spConfig, this)); + break; + } + } + + if (spConfigCache.containsKey(entityId)) { + log.info("SP: " + entityId + " is loaded. Continuing auth. process ... "); + } else { + log.warn("SP: " + entityId + " is NOT found in configuration. Stopping auth. process ... "); + return null; + + } + + } else { + log.trace("SP: " + entityId + " is already cached. Use configuration from there ... "); + } + + return spConfigCache.get(entityId); + } + + @Override + public T getServiceProviderConfiguration(String entityId, Class decorator) + throws EaafConfigurationException { + final ISpConfiguration spConfig = getServiceProviderConfiguration(entityId); + if (spConfig != null && decorator != null) { + if (decorator.isInstance(spConfig)) { + return (T) spConfig; + } else { + log.error("SPConfig: " + spConfig.getClass().getName() + " is NOT instance of: " + decorator + .getName()); + } + + } + + return null; + + } + + @Override + public String validateIdpUrl(URL url) throws EaafException { + log.trace("Validate requested URL: " + url); + String urlPrefixFromConfig = getBasicConfiguration( + MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX); + if (StringUtils.isEmpty(urlPrefixFromConfig)) { + log.warn("Application config containts NO URL prefix"); + throw new EaafConfigurationException("config.27", + new Object[] { "Application config containts NO " + + getApplicationSpecificKeyPrefix() + + MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX }); + + } + + // remove last slash + if (urlPrefixFromConfig.endsWith("/")) { + urlPrefixFromConfig = urlPrefixFromConfig.substring(0, urlPrefixFromConfig.length() - 1); + } + + if (getBasicConfigurationBoolean( + MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION, false)) { + if (url != null && url.toExternalForm().startsWith(urlPrefixFromConfig)) { + return urlPrefixFromConfig; + } + + log.info("URL: " + url + " does NOT match to allowed application prefix: " + urlPrefixFromConfig); + return null; + + } else { + return urlPrefixFromConfig; + + } + } + + @Override + public String getApplicationSpecificKeyPrefix() { + return MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PREFIX; + + } + + @Override + protected String getBackupConfigPath() { + return null; + + } + +} diff --git a/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/DefaultVelocityGuiBuilderImpl.java b/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/DefaultVelocityGuiBuilderImpl.java new file mode 100644 index 00000000..96d58def --- /dev/null +++ b/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/DefaultVelocityGuiBuilderImpl.java @@ -0,0 +1,77 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.core.gui; + +import java.io.InputStream; + +import javax.servlet.http.HttpServletRequest; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.http.MediaType; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.exceptions.GuiBuildException; +import at.gv.egiz.eaaf.core.impl.gui.AbstractVelocityGuiFormBuilderImpl; + +@Service("velocityGUIBuilderImpl") +public class DefaultVelocityGuiBuilderImpl extends AbstractVelocityGuiFormBuilderImpl { + private static final Logger log = LoggerFactory.getLogger(DefaultVelocityGuiBuilderImpl.class); + + private static final String CLASSPATH_HTMLTEMPLATES_DIR = "templates/"; + + public DefaultVelocityGuiBuilderImpl() throws GuiBuildException { + super(); + + } + + @Override + protected InputStream getInternalTemplate(IVelocityGuiBuilderConfiguration config) + throws GuiBuildException { + final String viewName = config.getViewName(); + log.debug("GUI template:" + viewName + " is not found in configuration directory. " + + " Load template from project library ... "); + final String pathLocation = getInternalClasspathTemplateDir(config, CLASSPATH_HTMLTEMPLATES_DIR) + + viewName; + try { + final InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(pathLocation); + return is; + + } catch (final Exception e1) { + log.error("GUI template:" + pathLocation + " is NOT loadable from classpath!", e1); + throw new GuiBuildException("GUI template:" + pathLocation + " is NOT loadable from classpath!", e1); + + } + } + + @Override + public String evaluateResponseContentType(HttpServletRequest httpReq, IGuiBuilderConfiguration config, + String loggerName) throws GuiBuildException { + return MediaType.TEXT_HTML_VALUE; + + } + +} diff --git a/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/GuiBuilderConfigurationFactory.java b/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/GuiBuilderConfigurationFactory.java new file mode 100644 index 00000000..62a0005d --- /dev/null +++ b/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/GuiBuilderConfigurationFactory.java @@ -0,0 +1,69 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.core.gui; + +import java.net.MalformedURLException; +import java.net.URI; + +import javax.annotation.Nonnull; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.ResourceLoader; +import org.springframework.stereotype.Service; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfigurationFactory; +import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; + +@Service("GUIBuilderConfigurationFactory") +public class GuiBuilderConfigurationFactory implements IGuiBuilderConfigurationFactory { + @Autowired(required = true) private IConfiguration basicConfig; + @Autowired(required = true) private ResourceLoader resourceLoader; + + @Override + public IGuiBuilderConfiguration getDefaultErrorGui(String authUrl) { + return new StaticGuiBuilderConfiguration(basicConfig, authUrl, MsEidasNodeConstants.TEMPLATE_HTML_ERROR, + null, resourceLoader); + } + + @Override + public IVelocityGuiBuilderConfiguration getSpSpecificSaml2PostConfiguration(IRequest pendingReq, + String viewName, URI configRootContextDir) + throws MalformedURLException { + return new StaticGuiBuilderConfiguration(basicConfig, pendingReq, + MsEidasNodeConstants.TEMPLATE_HTML_PVP_POSTBINDING, null, resourceLoader); + } + + @Override + public IGuiBuilderConfiguration getDefaultIFrameParentHopGui(IRequest pendingReq, + @Nonnull String endpoint, @Nonnull String errorId) { + //TODO: implement if iFrame to parent hop is needed + throw new RuntimeException("Operation not supported yet."); + + } + +} diff --git a/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/StaticGuiBuilderConfiguration.java b/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/StaticGuiBuilderConfiguration.java new file mode 100644 index 00000000..0fd85d3d --- /dev/null +++ b/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/StaticGuiBuilderConfiguration.java @@ -0,0 +1,148 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.core.gui; + +import java.io.IOException; +import java.io.InputStream; + +import org.apache.commons.text.StringEscapeUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.gui.GroupDefinition; +import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; + +public class StaticGuiBuilderConfiguration extends AbstractGuiFormBuilderConfiguration implements + IVelocityGuiBuilderConfiguration, ModifyableGuiBuilderConfiguration { + private static final Logger log = LoggerFactory.getLogger(StaticGuiBuilderConfiguration.class); + + private IRequest pendingReq = null; + private IConfiguration basicConfig = null; + private ResourceLoader resourceLoader; + + /** + * Static resource configuration for GUI Builder implementations. + * + * @param basicConfig basicConfig + * @param authUrl Public URL of the application + * @param viewName Name of the template + * @param formSubmitEndpoint Form Submit end-point, if template contains a form. + * @param resourceLoader Spring ResourceLoader implementation + */ + public StaticGuiBuilderConfiguration(IConfiguration basicConfig, String authUrl, String viewName, + String formSubmitEndpoint, ResourceLoader resourceLoader) { + super(authUrl, viewName, formSubmitEndpoint); + this.basicConfig = basicConfig; + this.resourceLoader = resourceLoader; + + } + + /** + * Static resource configuration for GUI Builder implementations. + * + * @param basicConfig Application configuration + * @param pendingReq Current pending request + * @param viewName Name of the template + * @param formSubmitEndpoint Form Submit end-point, if template contains a form. + * @param resourceLoader Spring ResourceLoader implementation + */ + public StaticGuiBuilderConfiguration(IConfiguration basicConfig, IRequest pendingReq, String viewName, + String formSubmitEndpoint, ResourceLoader resourceLoader) { + super(pendingReq.getAuthUrl(), viewName, formSubmitEndpoint); + this.pendingReq = pendingReq; + this.basicConfig = basicConfig; + this.resourceLoader = resourceLoader; + + } + + @Override + public String getClasspathTemplateDir() { + return MsEidasNodeConstants.CLASSPATH_TEMPLATE_DIR; + + } + + @Override + public String getDefaultContentType() { + return null; + + } + + @Override + public InputStream getTemplate(String viewName) { + final String templateUrl = MsEidasNodeConstants.FILESYSTEM_TEMPLATE_DIR + viewName; + try { + final String absUrl = FileUtils.makeAbsoluteUrl(templateUrl, this.basicConfig + .getConfigurationRootDirectory()); + log.debug("Load template URL for view: " + viewName + " from: " + absUrl); + Resource resource = resourceLoader.getResource(absUrl); + return resource.getInputStream(); + + } catch (IOException e) { + log.info("Can can build filesytem path to template: " + templateUrl + + " Reason: " + e.getMessage()); + + } + + return null; + } + + @Override + public void putCustomParameterWithOutEscaption(GroupDefinition group, String key, Object value) { + setViewParameter(getFromGroup(), key, value); + + } + + @Override + public void putCustomParameter(GroupDefinition group, String key, String value) { + setViewParameter(getFromGroup(), key, StringEscapeUtils.escapeHtml4(value)); + + } + + @Override + protected void putSpecificViewParameters() { + if (pendingReq != null) { + setViewParameter(getFromGroup(), PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml4(pendingReq + .getPendingRequestId())); + setViewParameter(getFromGroup(), PARAM_PENDINGREQUESTID_DEPRECATED, StringEscapeUtils.escapeHtml4( + pendingReq.getPendingRequestId())); + + } + + } + + @Override + protected GroupDefinition getFromGroup() { + return null; + + } + +} diff --git a/core_common_lib/src/test/java/at/asitplus/eidas/specific/connector/test/config/BasicConfigProviderTest.java b/core_common_lib/src/test/java/at/asitplus/eidas/specific/connector/test/config/BasicConfigProviderTest.java deleted file mode 100644 index d1623b00..00000000 --- a/core_common_lib/src/test/java/at/asitplus/eidas/specific/connector/test/config/BasicConfigProviderTest.java +++ /dev/null @@ -1,156 +0,0 @@ -package at.asitplus.eidas.specific.connector.test.config; - -import java.net.MalformedURLException; -import java.net.URL; -import java.util.Map; - -import org.apache.commons.lang3.RandomStringUtils; -import org.junit.Assert; -import org.junit.BeforeClass; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.annotation.DirtiesContext; -import org.springframework.test.annotation.DirtiesContext.ClassMode; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration; -import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; -import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration(locations = { - "/SpringTest-context_basic_realConfig.xml"}) -@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) -public class BasicConfigProviderTest { - - @Autowired private IConfigurationWithSP basicConfig; - - /** - * jUnit class initializer. - * - */ - @BeforeClass - public static void classInitializer() { - final String current = new java.io.File(".").toURI().toString(); - System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties"); - - } - - @Test - public void configPropInfos() { - Assert.assertEquals("size", 2, MsEidasNodeConstants.COUNTRY_SELECTION_PARAM_WHITELIST.size()); - - } - - @Test - public void loadSpNoExist() throws EaafConfigurationException { - ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration( - RandomStringUtils.randomAlphabetic(5)); - Assert.assertNull("spConfig", spConfig); - - } - - @Test - public void loadSpConfigBasicMode() throws EaafConfigurationException { - ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration("jUnitTest1"); - - Assert.assertNotNull("spConfig", spConfig); - Assert.assertEquals("uniqueId", "jUnitTest1", spConfig.getUniqueIdentifier()); - Assert.assertEquals("friendlyName", "NO FRIENDLYNAME SET", spConfig.getFriendlyName()); - Assert.assertEquals("pvp2.truststore", "", spConfig.getConfigurationValue("pvp2.metadata.truststore")); - String test = RandomStringUtils.randomAlphabetic(5); - Assert.assertEquals("pvp2.password", "1234pass", - spConfig.getConfigurationValue("pvp2.metadata.truststore.password", test)); - Assert.assertEquals("eidMode", true, spConfig.isConfigurationValue("newEidMode")); - Assert.assertEquals("notexistflag", false, spConfig.isConfigurationValue("notexist", false)); - Assert.assertNotNull("fullConfig", spConfig.getFullConfiguration()); - Assert.assertEquals("fullConfig", 4, spConfig.getFullConfiguration().size()); - - } - - @Test - public void loadSpConfigAdvancedMode() throws EaafConfigurationException { - ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration( - "jUnitTest2", ServiceProviderConfiguration.class); - - Assert.assertNotNull("spConfig", spConfig); - Assert.assertEquals("uniqueId", "jUnitTest2", spConfig.getUniqueIdentifier()); - Assert.assertEquals("friendlyName", "jUnit tester 2", spConfig.getFriendlyName()); - Assert.assertEquals("pvp2.truststore", "", spConfig.getConfigurationValue("pvp2.metadata.truststore")); - String test = RandomStringUtils.randomAlphabetic(5); - Assert.assertEquals("pvp2.password", test, - spConfig.getConfigurationValue("pvp2.metadata.truststore.notexist", test)); - Assert.assertEquals("eidMode", false, spConfig.isConfigurationValue("newEidMode")); - Assert.assertEquals("notexistflag", false, spConfig.isConfigurationValue("notexist", false)); - Assert.assertNotNull("fullConfig", spConfig.getFullConfiguration()); - Assert.assertEquals("fullConfig", 5, spConfig.getFullConfiguration().size()); - Assert.assertFalse("baseIdInternal", spConfig.hasBaseIdInternalProcessingRestriction()); - Assert.assertTrue("baseIdTransfer", spConfig.hasBaseIdTransferRestriction()); - - } - - @Test - public void loadSpConfigAdvancedModeWrongDecorator() throws EaafConfigurationException { - ISpConfiguration spConfig1 = basicConfig.getServiceProviderConfiguration( - "jUnitTest2", null); - Assert.assertNull("spConfig", spConfig1); - - String spConfig2 = basicConfig.getServiceProviderConfiguration( - "jUnitTest2", String.class); - Assert.assertNull("spConfig", spConfig2); - - } - - @Test - public void loadConfigValuesString() { - Assert.assertEquals("without default", "ownSpecificConnector", - basicConfig.getBasicConfiguration("auth.eIDAS.node_v2.entityId")); - - Assert.assertEquals("with default", "", - basicConfig.getBasicConfiguration("auth.eIDAS.szrclient.endpoint.prod", - RandomStringUtils.randomAlphabetic(5))); - - String rand1 = RandomStringUtils.randomAlphanumeric(5); - Assert.assertEquals("unknown with default", rand1, - basicConfig.getBasicConfiguration("notexist", rand1)); - - } - - @Test - public void loadConfigValuesBoolean() { - Assert.assertEquals("without default", true, - basicConfig.getBasicConfigurationBoolean("auth.eIDAS.szrclient.useTestService")); - - Assert.assertEquals("with default", false, - basicConfig.getBasicConfigurationBoolean("auth.notexist", - false)); - - Assert.assertEquals("unknown with default", false, - basicConfig.getBasicConfigurationBoolean("auth.eIDAS.szrclient.params.vkz", true)); - - } - - @Test - public void loadConfigMap() { - Map entries = basicConfig.getBasicConfigurationWithPrefix("auth.eIDAS.szrclient"); - Assert.assertEquals("wrong size", 16, entries.size()); - Assert.assertTrue("missing element", entries.containsKey("endpoint.test")); - Assert.assertEquals("wrong entry", "http://localhost:1234/demoszr", entries.get("endpoint.test")); - - } - - @Test - public void validateUrl() throws MalformedURLException, EaafException { - Assert.assertEquals("wrong URL", "http://localhost/test", - basicConfig.validateIdpUrl(new URL("http://localhost/test/" + RandomStringUtils.randomAlphabetic(5)))); - - Assert.assertNull("wrong URL", - basicConfig.validateIdpUrl(new URL("http://localhost/wrong/" + RandomStringUtils.randomAlphabetic(5)))); - - } -} diff --git a/core_common_lib/src/test/java/at/asitplus/eidas/specific/connector/test/config/ServiceProviderConfigurationTest.java b/core_common_lib/src/test/java/at/asitplus/eidas/specific/connector/test/config/ServiceProviderConfigurationTest.java deleted file mode 100644 index d95e2882..00000000 --- a/core_common_lib/src/test/java/at/asitplus/eidas/specific/connector/test/config/ServiceProviderConfigurationTest.java +++ /dev/null @@ -1,54 +0,0 @@ -package at.asitplus.eidas.specific.connector.test.config; - -import java.util.Arrays; -import java.util.HashMap; -import java.util.Map; - -import org.apache.commons.lang3.RandomStringUtils; -import org.junit.Assert; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.BlockJUnit4ClassRunner; - -import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafException; - -@RunWith(BlockJUnit4ClassRunner.class) -public class ServiceProviderConfigurationTest { - - - - @Test - public void spConfigLoad() throws EaafException { - IConfiguration authConfig = new MsConnectorDummyConfigMap(); - - Map map = new HashMap<>(); - map.put("uniqueID", RandomStringUtils.randomAlphabetic(10)); - map.put("policy.allowed.requested.targets", "urn:publicid:gv.at:cdid\\+.*"); - - ServiceProviderConfiguration spConfig = new ServiceProviderConfiguration(map, authConfig); - - spConfig.setRequiredLoA(Arrays.asList(EaafConstants.EIDAS_LOA_LOW)); - Assert.assertEquals("LoA", 1, spConfig.getRequiredLoA().size()); - Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/low", spConfig.getRequiredLoA().get(0)); - - spConfig.setLoAMachtingMode("exact"); - Assert.assertEquals("wrong machtingMode", "exact", spConfig.getLoAMatchingMode()); - - String bpkTarget = EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2); - spConfig.setBpkTargetIdentifier(bpkTarget); - Assert.assertEquals("wrong bPK", bpkTarget, spConfig.getAreaSpecificTargetIdentifier()); - - - try { - spConfig.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_WBPK + RandomStringUtils.randomAlphabetic(2)); - - } catch (EaafException e) { - Assert.assertEquals("ErrorId", "auth.37", e.getErrorId()); - } - - } -} diff --git a/core_common_lib/src/test/java/at/asitplus/eidas/specific/connector/test/config/SpringBootBasicConfigurationProviderTest.java b/core_common_lib/src/test/java/at/asitplus/eidas/specific/connector/test/config/SpringBootBasicConfigurationProviderTest.java deleted file mode 100644 index 4e7e7dd2..00000000 --- a/core_common_lib/src/test/java/at/asitplus/eidas/specific/connector/test/config/SpringBootBasicConfigurationProviderTest.java +++ /dev/null @@ -1,148 +0,0 @@ -package at.asitplus.eidas.specific.connector.test.config; - -import java.net.MalformedURLException; -import java.net.URL; -import java.util.Map; - -import org.apache.commons.lang3.RandomStringUtils; -import org.junit.Assert; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.annotation.DirtiesContext; -import org.springframework.test.annotation.DirtiesContext.ClassMode; -import org.springframework.test.context.ActiveProfiles; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.TestPropertySource; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration; -import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; -import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration(locations = { - "/SpringTest-context_basic_realConfig.xml"}) -@TestPropertySource(locations = { "/config/junit_config_1.properties" }) -@ActiveProfiles("springBoot") -@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) -public class SpringBootBasicConfigurationProviderTest { - - @Autowired private IConfigurationWithSP basicConfig; - - @Test - public void configPropInfos() { - Assert.assertEquals("size", 2, MsEidasNodeConstants.COUNTRY_SELECTION_PARAM_WHITELIST.size()); - - } - - @Test - public void loadSpNoExist() throws EaafConfigurationException { - ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration( - RandomStringUtils.randomAlphabetic(5)); - Assert.assertNull("spConfig", spConfig); - - } - - @Test - public void loadSpConfigBasicMode() throws EaafConfigurationException { - ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration("jUnitTest1"); - - Assert.assertNotNull("spConfig", spConfig); - Assert.assertEquals("uniqueId", "jUnitTest1", spConfig.getUniqueIdentifier()); - Assert.assertEquals("friendlyName", "NO FRIENDLYNAME SET", spConfig.getFriendlyName()); - Assert.assertEquals("pvp2.truststore", "", spConfig.getConfigurationValue("pvp2.metadata.truststore")); - String test = RandomStringUtils.randomAlphabetic(5); - Assert.assertEquals("pvp2.password", "1234pass", - spConfig.getConfigurationValue("pvp2.metadata.truststore.password", test)); - Assert.assertEquals("eidMode", true, spConfig.isConfigurationValue("newEidMode")); - Assert.assertEquals("notexistflag", false, spConfig.isConfigurationValue("notexist", false)); - Assert.assertNotNull("fullConfig", spConfig.getFullConfiguration()); - Assert.assertEquals("fullConfig", 4, spConfig.getFullConfiguration().size()); - - } - - @Test - public void loadSpConfigAdvancedMode() throws EaafConfigurationException { - ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration( - "jUnitTest2", ServiceProviderConfiguration.class); - - Assert.assertNotNull("spConfig", spConfig); - Assert.assertEquals("uniqueId", "jUnitTest2", spConfig.getUniqueIdentifier()); - Assert.assertEquals("friendlyName", "jUnit tester 2", spConfig.getFriendlyName()); - Assert.assertEquals("pvp2.truststore", "", spConfig.getConfigurationValue("pvp2.metadata.truststore")); - String test = RandomStringUtils.randomAlphabetic(5); - Assert.assertEquals("pvp2.password", test, - spConfig.getConfigurationValue("pvp2.metadata.truststore.notexist", test)); - Assert.assertEquals("eidMode", false, spConfig.isConfigurationValue("newEidMode")); - Assert.assertEquals("notexistflag", false, spConfig.isConfigurationValue("notexist", false)); - Assert.assertNotNull("fullConfig", spConfig.getFullConfiguration()); - Assert.assertEquals("fullConfig", 5, spConfig.getFullConfiguration().size()); - Assert.assertFalse("baseIdInternal", spConfig.hasBaseIdInternalProcessingRestriction()); - Assert.assertTrue("baseIdTransfer", spConfig.hasBaseIdTransferRestriction()); - - } - - @Test - public void loadSpConfigAdvancedModeWrongDecorator() throws EaafConfigurationException { - ISpConfiguration spConfig1 = basicConfig.getServiceProviderConfiguration( - "jUnitTest2", null); - Assert.assertNull("spConfig", spConfig1); - - String spConfig2 = basicConfig.getServiceProviderConfiguration( - "jUnitTest2", String.class); - Assert.assertNull("spConfig", spConfig2); - - } - - @Test - public void loadConfigValuesString() { - Assert.assertEquals("without default", "ownSpecificConnector", - basicConfig.getBasicConfiguration("auth.eIDAS.node_v2.entityId")); - - Assert.assertEquals("with default", "", - basicConfig.getBasicConfiguration("auth.eIDAS.szrclient.endpoint.prod", - RandomStringUtils.randomAlphabetic(5))); - - String rand1 = RandomStringUtils.randomAlphanumeric(5); - Assert.assertEquals("unknown with default", rand1, - basicConfig.getBasicConfiguration("notexist", rand1)); - - } - - @Test - public void loadConfigValuesBoolean() { - Assert.assertEquals("without default", true, - basicConfig.getBasicConfigurationBoolean("auth.eIDAS.szrclient.useTestService")); - - Assert.assertEquals("not exist with default", false, - basicConfig.getBasicConfigurationBoolean("auth.notexist", - false)); - - Assert.assertEquals("exist but empty with default", true, - basicConfig.getBasicConfigurationBoolean("auth.eIDAS.szrclient.params.vkz", true)); - - } - - @Test - public void loadConfigMap() { - Map entries = basicConfig.getBasicConfigurationWithPrefix("auth.eIDAS.szrclient"); - Assert.assertEquals("wrong size", 16, entries.size()); - Assert.assertTrue("missing element", entries.containsKey("endpoint.test")); - Assert.assertEquals("wrong entry", "http://localhost:1234/demoszr", entries.get("endpoint.test")); - - } - - @Test - public void validateUrl() throws MalformedURLException, EaafException { - Assert.assertEquals("wrong URL", "http://localhost/test", - basicConfig.validateIdpUrl(new URL("http://localhost/test/" + RandomStringUtils.randomAlphabetic(5)))); - - Assert.assertNull("wrong URL", - basicConfig.validateIdpUrl(new URL("http://localhost/wrong/" + RandomStringUtils.randomAlphabetic(5)))); - - } -} diff --git a/core_common_lib/src/test/java/at/asitplus/eidas/specific/connector/test/config/dummy/MsConnectorDummyConfigMap.java b/core_common_lib/src/test/java/at/asitplus/eidas/specific/connector/test/config/dummy/MsConnectorDummyConfigMap.java deleted file mode 100644 index 52ff990b..00000000 --- a/core_common_lib/src/test/java/at/asitplus/eidas/specific/connector/test/config/dummy/MsConnectorDummyConfigMap.java +++ /dev/null @@ -1,120 +0,0 @@ -package at.asitplus.eidas.specific.connector.test.config.dummy; - -import java.io.IOException; -import java.io.InputStream; -import java.net.URI; -import java.net.URISyntaxException; -import java.net.URL; -import java.util.Map; - -import org.apache.commons.lang3.StringUtils; - -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; -import lombok.Setter; - -/** - * MS-Connector specific dummy basic-config implementation. - * - * @author tlenz - * - */ -public class MsConnectorDummyConfigMap extends DummyAuthConfigMap { - - private static final String CONFIG_PREFIX = "eidas.ms."; - - @Setter - private String configRootDirSufix; - - /** - * Creates an emptry configuration. - * - */ - public MsConnectorDummyConfigMap() { - - } - - /** - * Dummy Application-configuration. - * - * @param configIs Property based configuration - * @throws IOException In case of an configuration read error - */ - public MsConnectorDummyConfigMap(final InputStream configIs) throws IOException { - super(configIs); - - } - - /** - * Dummy Application-configuration. - * - * @param path Path to property based configuration - * @throws IOException In case of an configuration read error - */ - public MsConnectorDummyConfigMap(final String path) throws IOException { - super(path); - - } - - - @Override - public String getBasicConfiguration(final String key) { - return super.getBasicConfiguration(addPrefixToKey(key)); - - } - - @Override - public String validateIdpUrl(final URL authReqUrl) throws EaafException { - return authReqUrl.toExternalForm(); - - } - - @Override - public Map getBasicConfigurationWithPrefix(final String prefix) { - return super.getBasicConfigurationWithPrefix(addPrefixToKey(prefix)); - - } - - @Override - public void putConfigValue(final String key, final String value) { - super.putConfigValue(addPrefixToKey(key), value); - } - - @Override - public void removeConfigValue(final String key) { - super.removeConfigValue(addPrefixToKey(key)); - - } - - @Override - public URI getConfigurationRootDirectory() { - URI basePath = super.getConfigurationRootDirectory(); - if (StringUtils.isNotEmpty(configRootDirSufix)) { - try { - return new URI(basePath.toString() + configRootDirSufix); - - } catch (URISyntaxException e) { - throw new RuntimeException("Wrong Dummyconfig", e); - - } - - } else { - return basePath; - - } - - - } - - private String addPrefixToKey(final String key) { - if (key.startsWith(CONFIG_PREFIX)) { - return key; - - } else { - return CONFIG_PREFIX + key; - - } - } - - -} diff --git a/core_common_lib/src/test/java/at/asitplus/eidas/specific/connector/test/config/dummy/MsConnectorDummySpConfiguration.java b/core_common_lib/src/test/java/at/asitplus/eidas/specific/connector/test/config/dummy/MsConnectorDummySpConfiguration.java deleted file mode 100644 index b379080d..00000000 --- a/core_common_lib/src/test/java/at/asitplus/eidas/specific/connector/test/config/dummy/MsConnectorDummySpConfiguration.java +++ /dev/null @@ -1,28 +0,0 @@ -package at.asitplus.eidas.specific.connector.test.config.dummy; - -import java.util.List; -import java.util.Map; - -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; -import lombok.Setter; - -public class MsConnectorDummySpConfiguration extends DummySpConfiguration { - - private static final long serialVersionUID = -3249018889871026127L; - - @Setter - private List loa; - - public MsConnectorDummySpConfiguration(Map spConfig, IConfiguration authConfig) { - super(spConfig, authConfig); - - } - - @Override - public List getRequiredLoA() { - return loa; - - } - -} diff --git a/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/BasicConfigProviderTest.java b/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/BasicConfigProviderTest.java new file mode 100644 index 00000000..224618b9 --- /dev/null +++ b/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/BasicConfigProviderTest.java @@ -0,0 +1,156 @@ +package at.asitplus.eidas.specific.core.test.config; + +import java.net.MalformedURLException; +import java.net.URL; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_basic_realConfig.xml"}) +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) +public class BasicConfigProviderTest { + + @Autowired private IConfigurationWithSP basicConfig; + + /** + * jUnit class initializer. + * + */ + @BeforeClass + public static void classInitializer() { + final String current = new java.io.File(".").toURI().toString(); + System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties"); + + } + + @Test + public void configPropInfos() { + Assert.assertEquals("size", 2, MsEidasNodeConstants.COUNTRY_SELECTION_PARAM_WHITELIST.size()); + + } + + @Test + public void loadSpNoExist() throws EaafConfigurationException { + ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration( + RandomStringUtils.randomAlphabetic(5)); + Assert.assertNull("spConfig", spConfig); + + } + + @Test + public void loadSpConfigBasicMode() throws EaafConfigurationException { + ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration("jUnitTest1"); + + Assert.assertNotNull("spConfig", spConfig); + Assert.assertEquals("uniqueId", "jUnitTest1", spConfig.getUniqueIdentifier()); + Assert.assertEquals("friendlyName", "NO FRIENDLYNAME SET", spConfig.getFriendlyName()); + Assert.assertEquals("pvp2.truststore", "", spConfig.getConfigurationValue("pvp2.metadata.truststore")); + String test = RandomStringUtils.randomAlphabetic(5); + Assert.assertEquals("pvp2.password", "1234pass", + spConfig.getConfigurationValue("pvp2.metadata.truststore.password", test)); + Assert.assertEquals("eidMode", true, spConfig.isConfigurationValue("newEidMode")); + Assert.assertEquals("notexistflag", false, spConfig.isConfigurationValue("notexist", false)); + Assert.assertNotNull("fullConfig", spConfig.getFullConfiguration()); + Assert.assertEquals("fullConfig", 4, spConfig.getFullConfiguration().size()); + + } + + @Test + public void loadSpConfigAdvancedMode() throws EaafConfigurationException { + ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration( + "jUnitTest2", ServiceProviderConfiguration.class); + + Assert.assertNotNull("spConfig", spConfig); + Assert.assertEquals("uniqueId", "jUnitTest2", spConfig.getUniqueIdentifier()); + Assert.assertEquals("friendlyName", "jUnit tester 2", spConfig.getFriendlyName()); + Assert.assertEquals("pvp2.truststore", "", spConfig.getConfigurationValue("pvp2.metadata.truststore")); + String test = RandomStringUtils.randomAlphabetic(5); + Assert.assertEquals("pvp2.password", test, + spConfig.getConfigurationValue("pvp2.metadata.truststore.notexist", test)); + Assert.assertEquals("eidMode", false, spConfig.isConfigurationValue("newEidMode")); + Assert.assertEquals("notexistflag", false, spConfig.isConfigurationValue("notexist", false)); + Assert.assertNotNull("fullConfig", spConfig.getFullConfiguration()); + Assert.assertEquals("fullConfig", 5, spConfig.getFullConfiguration().size()); + Assert.assertFalse("baseIdInternal", spConfig.hasBaseIdInternalProcessingRestriction()); + Assert.assertTrue("baseIdTransfer", spConfig.hasBaseIdTransferRestriction()); + + } + + @Test + public void loadSpConfigAdvancedModeWrongDecorator() throws EaafConfigurationException { + ISpConfiguration spConfig1 = basicConfig.getServiceProviderConfiguration( + "jUnitTest2", null); + Assert.assertNull("spConfig", spConfig1); + + String spConfig2 = basicConfig.getServiceProviderConfiguration( + "jUnitTest2", String.class); + Assert.assertNull("spConfig", spConfig2); + + } + + @Test + public void loadConfigValuesString() { + Assert.assertEquals("without default", "ownSpecificConnector", + basicConfig.getBasicConfiguration("auth.eIDAS.node_v2.entityId")); + + Assert.assertEquals("with default", "", + basicConfig.getBasicConfiguration("auth.eIDAS.szrclient.endpoint.prod", + RandomStringUtils.randomAlphabetic(5))); + + String rand1 = RandomStringUtils.randomAlphanumeric(5); + Assert.assertEquals("unknown with default", rand1, + basicConfig.getBasicConfiguration("notexist", rand1)); + + } + + @Test + public void loadConfigValuesBoolean() { + Assert.assertEquals("without default", true, + basicConfig.getBasicConfigurationBoolean("auth.eIDAS.szrclient.useTestService")); + + Assert.assertEquals("with default", false, + basicConfig.getBasicConfigurationBoolean("auth.notexist", + false)); + + Assert.assertEquals("unknown with default", false, + basicConfig.getBasicConfigurationBoolean("auth.eIDAS.szrclient.params.vkz", true)); + + } + + @Test + public void loadConfigMap() { + Map entries = basicConfig.getBasicConfigurationWithPrefix("auth.eIDAS.szrclient"); + Assert.assertEquals("wrong size", 16, entries.size()); + Assert.assertTrue("missing element", entries.containsKey("endpoint.test")); + Assert.assertEquals("wrong entry", "http://localhost:1234/demoszr", entries.get("endpoint.test")); + + } + + @Test + public void validateUrl() throws MalformedURLException, EaafException { + Assert.assertEquals("wrong URL", "http://localhost/test", + basicConfig.validateIdpUrl(new URL("http://localhost/test/" + RandomStringUtils.randomAlphabetic(5)))); + + Assert.assertNull("wrong URL", + basicConfig.validateIdpUrl(new URL("http://localhost/wrong/" + RandomStringUtils.randomAlphabetic(5)))); + + } +} diff --git a/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/ServiceProviderConfigurationTest.java b/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/ServiceProviderConfigurationTest.java new file mode 100644 index 00000000..99ea2a47 --- /dev/null +++ b/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/ServiceProviderConfigurationTest.java @@ -0,0 +1,54 @@ +package at.asitplus.eidas.specific.core.test.config; + +import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; + +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafException; + +@RunWith(BlockJUnit4ClassRunner.class) +public class ServiceProviderConfigurationTest { + + + + @Test + public void spConfigLoad() throws EaafException { + IConfiguration authConfig = new MsConnectorDummyConfigMap(); + + Map map = new HashMap<>(); + map.put("uniqueID", RandomStringUtils.randomAlphabetic(10)); + map.put("policy.allowed.requested.targets", "urn:publicid:gv.at:cdid\\+.*"); + + ServiceProviderConfiguration spConfig = new ServiceProviderConfiguration(map, authConfig); + + spConfig.setRequiredLoA(Arrays.asList(EaafConstants.EIDAS_LOA_LOW)); + Assert.assertEquals("LoA", 1, spConfig.getRequiredLoA().size()); + Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/low", spConfig.getRequiredLoA().get(0)); + + spConfig.setLoAMachtingMode("exact"); + Assert.assertEquals("wrong machtingMode", "exact", spConfig.getLoAMatchingMode()); + + String bpkTarget = EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2); + spConfig.setBpkTargetIdentifier(bpkTarget); + Assert.assertEquals("wrong bPK", bpkTarget, spConfig.getAreaSpecificTargetIdentifier()); + + + try { + spConfig.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_WBPK + RandomStringUtils.randomAlphabetic(2)); + + } catch (EaafException e) { + Assert.assertEquals("ErrorId", "auth.37", e.getErrorId()); + } + + } +} diff --git a/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/SpringBootBasicConfigurationProviderTest.java b/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/SpringBootBasicConfigurationProviderTest.java new file mode 100644 index 00000000..0dd34494 --- /dev/null +++ b/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/SpringBootBasicConfigurationProviderTest.java @@ -0,0 +1,148 @@ +package at.asitplus.eidas.specific.core.test.config; + +import java.net.MalformedURLException; +import java.net.URL; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ActiveProfiles; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_basic_realConfig.xml"}) +@TestPropertySource(locations = { "/config/junit_config_1.properties" }) +@ActiveProfiles("springBoot") +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) +public class SpringBootBasicConfigurationProviderTest { + + @Autowired private IConfigurationWithSP basicConfig; + + @Test + public void configPropInfos() { + Assert.assertEquals("size", 2, MsEidasNodeConstants.COUNTRY_SELECTION_PARAM_WHITELIST.size()); + + } + + @Test + public void loadSpNoExist() throws EaafConfigurationException { + ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration( + RandomStringUtils.randomAlphabetic(5)); + Assert.assertNull("spConfig", spConfig); + + } + + @Test + public void loadSpConfigBasicMode() throws EaafConfigurationException { + ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration("jUnitTest1"); + + Assert.assertNotNull("spConfig", spConfig); + Assert.assertEquals("uniqueId", "jUnitTest1", spConfig.getUniqueIdentifier()); + Assert.assertEquals("friendlyName", "NO FRIENDLYNAME SET", spConfig.getFriendlyName()); + Assert.assertEquals("pvp2.truststore", "", spConfig.getConfigurationValue("pvp2.metadata.truststore")); + String test = RandomStringUtils.randomAlphabetic(5); + Assert.assertEquals("pvp2.password", "1234pass", + spConfig.getConfigurationValue("pvp2.metadata.truststore.password", test)); + Assert.assertEquals("eidMode", true, spConfig.isConfigurationValue("newEidMode")); + Assert.assertEquals("notexistflag", false, spConfig.isConfigurationValue("notexist", false)); + Assert.assertNotNull("fullConfig", spConfig.getFullConfiguration()); + Assert.assertEquals("fullConfig", 4, spConfig.getFullConfiguration().size()); + + } + + @Test + public void loadSpConfigAdvancedMode() throws EaafConfigurationException { + ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration( + "jUnitTest2", ServiceProviderConfiguration.class); + + Assert.assertNotNull("spConfig", spConfig); + Assert.assertEquals("uniqueId", "jUnitTest2", spConfig.getUniqueIdentifier()); + Assert.assertEquals("friendlyName", "jUnit tester 2", spConfig.getFriendlyName()); + Assert.assertEquals("pvp2.truststore", "", spConfig.getConfigurationValue("pvp2.metadata.truststore")); + String test = RandomStringUtils.randomAlphabetic(5); + Assert.assertEquals("pvp2.password", test, + spConfig.getConfigurationValue("pvp2.metadata.truststore.notexist", test)); + Assert.assertEquals("eidMode", false, spConfig.isConfigurationValue("newEidMode")); + Assert.assertEquals("notexistflag", false, spConfig.isConfigurationValue("notexist", false)); + Assert.assertNotNull("fullConfig", spConfig.getFullConfiguration()); + Assert.assertEquals("fullConfig", 5, spConfig.getFullConfiguration().size()); + Assert.assertFalse("baseIdInternal", spConfig.hasBaseIdInternalProcessingRestriction()); + Assert.assertTrue("baseIdTransfer", spConfig.hasBaseIdTransferRestriction()); + + } + + @Test + public void loadSpConfigAdvancedModeWrongDecorator() throws EaafConfigurationException { + ISpConfiguration spConfig1 = basicConfig.getServiceProviderConfiguration( + "jUnitTest2", null); + Assert.assertNull("spConfig", spConfig1); + + String spConfig2 = basicConfig.getServiceProviderConfiguration( + "jUnitTest2", String.class); + Assert.assertNull("spConfig", spConfig2); + + } + + @Test + public void loadConfigValuesString() { + Assert.assertEquals("without default", "ownSpecificConnector", + basicConfig.getBasicConfiguration("auth.eIDAS.node_v2.entityId")); + + Assert.assertEquals("with default", "", + basicConfig.getBasicConfiguration("auth.eIDAS.szrclient.endpoint.prod", + RandomStringUtils.randomAlphabetic(5))); + + String rand1 = RandomStringUtils.randomAlphanumeric(5); + Assert.assertEquals("unknown with default", rand1, + basicConfig.getBasicConfiguration("notexist", rand1)); + + } + + @Test + public void loadConfigValuesBoolean() { + Assert.assertEquals("without default", true, + basicConfig.getBasicConfigurationBoolean("auth.eIDAS.szrclient.useTestService")); + + Assert.assertEquals("not exist with default", false, + basicConfig.getBasicConfigurationBoolean("auth.notexist", + false)); + + Assert.assertEquals("exist but empty with default", true, + basicConfig.getBasicConfigurationBoolean("auth.eIDAS.szrclient.params.vkz", true)); + + } + + @Test + public void loadConfigMap() { + Map entries = basicConfig.getBasicConfigurationWithPrefix("auth.eIDAS.szrclient"); + Assert.assertEquals("wrong size", 16, entries.size()); + Assert.assertTrue("missing element", entries.containsKey("endpoint.test")); + Assert.assertEquals("wrong entry", "http://localhost:1234/demoszr", entries.get("endpoint.test")); + + } + + @Test + public void validateUrl() throws MalformedURLException, EaafException { + Assert.assertEquals("wrong URL", "http://localhost/test", + basicConfig.validateIdpUrl(new URL("http://localhost/test/" + RandomStringUtils.randomAlphabetic(5)))); + + Assert.assertNull("wrong URL", + basicConfig.validateIdpUrl(new URL("http://localhost/wrong/" + RandomStringUtils.randomAlphabetic(5)))); + + } +} diff --git a/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/dummy/MsConnectorDummyConfigMap.java b/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/dummy/MsConnectorDummyConfigMap.java new file mode 100644 index 00000000..59ae5aff --- /dev/null +++ b/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/dummy/MsConnectorDummyConfigMap.java @@ -0,0 +1,120 @@ +package at.asitplus.eidas.specific.core.test.config.dummy; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URI; +import java.net.URISyntaxException; +import java.net.URL; +import java.util.Map; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; +import lombok.Setter; + +/** + * MS-Connector specific dummy basic-config implementation. + * + * @author tlenz + * + */ +public class MsConnectorDummyConfigMap extends DummyAuthConfigMap { + + private static final String CONFIG_PREFIX = "eidas.ms."; + + @Setter + private String configRootDirSufix; + + /** + * Creates an emptry configuration. + * + */ + public MsConnectorDummyConfigMap() { + + } + + /** + * Dummy Application-configuration. + * + * @param configIs Property based configuration + * @throws IOException In case of an configuration read error + */ + public MsConnectorDummyConfigMap(final InputStream configIs) throws IOException { + super(configIs); + + } + + /** + * Dummy Application-configuration. + * + * @param path Path to property based configuration + * @throws IOException In case of an configuration read error + */ + public MsConnectorDummyConfigMap(final String path) throws IOException { + super(path); + + } + + + @Override + public String getBasicConfiguration(final String key) { + return super.getBasicConfiguration(addPrefixToKey(key)); + + } + + @Override + public String validateIdpUrl(final URL authReqUrl) throws EaafException { + return authReqUrl.toExternalForm(); + + } + + @Override + public Map getBasicConfigurationWithPrefix(final String prefix) { + return super.getBasicConfigurationWithPrefix(addPrefixToKey(prefix)); + + } + + @Override + public void putConfigValue(final String key, final String value) { + super.putConfigValue(addPrefixToKey(key), value); + } + + @Override + public void removeConfigValue(final String key) { + super.removeConfigValue(addPrefixToKey(key)); + + } + + @Override + public URI getConfigurationRootDirectory() { + URI basePath = super.getConfigurationRootDirectory(); + if (StringUtils.isNotEmpty(configRootDirSufix)) { + try { + return new URI(basePath.toString() + configRootDirSufix); + + } catch (URISyntaxException e) { + throw new RuntimeException("Wrong Dummyconfig", e); + + } + + } else { + return basePath; + + } + + + } + + private String addPrefixToKey(final String key) { + if (key.startsWith(CONFIG_PREFIX)) { + return key; + + } else { + return CONFIG_PREFIX + key; + + } + } + + +} diff --git a/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/dummy/MsConnectorDummySpConfiguration.java b/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/dummy/MsConnectorDummySpConfiguration.java new file mode 100644 index 00000000..922a13b7 --- /dev/null +++ b/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/dummy/MsConnectorDummySpConfiguration.java @@ -0,0 +1,28 @@ +package at.asitplus.eidas.specific.core.test.config.dummy; + +import java.util.List; +import java.util.Map; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import lombok.Setter; + +public class MsConnectorDummySpConfiguration extends DummySpConfiguration { + + private static final long serialVersionUID = -3249018889871026127L; + + @Setter + private List loa; + + public MsConnectorDummySpConfiguration(Map spConfig, IConfiguration authConfig) { + super(spConfig, authConfig); + + } + + @Override + public List getRequiredLoA() { + return loa; + + } + +} diff --git a/core_common_lib/src/test/resources/SpringTest-context_basic_realConfig.xml b/core_common_lib/src/test/resources/SpringTest-context_basic_realConfig.xml index fbc4640a..66abbb39 100644 --- a/core_common_lib/src/test/resources/SpringTest-context_basic_realConfig.xml +++ b/core_common_lib/src/test/resources/SpringTest-context_basic_realConfig.xml @@ -13,13 +13,13 @@ + class="at.asitplus.eidas.specific.core.config.BasicConfigurationProvider"> + class="at.asitplus.eidas.specific.core.config.SpringBootBasicConfigurationProvider" /> \ No newline at end of file diff --git a/core_common_webapp/checks/spotbugs-exclude.xml b/core_common_webapp/checks/spotbugs-exclude.xml new file mode 100644 index 00000000..fbab3b53 --- /dev/null +++ b/core_common_webapp/checks/spotbugs-exclude.xml @@ -0,0 +1,12 @@ + + + + + + + + + + + + diff --git a/core_common_webapp/pom.xml b/core_common_webapp/pom.xml new file mode 100644 index 00000000..2f58cefb --- /dev/null +++ b/core_common_webapp/pom.xml @@ -0,0 +1,137 @@ + + 4.0.0 + + at.asitplus.eidas + ms_specific + 1.2.4-SNAPSHOT + + at.asitplus.eidas.ms_specific + core_common_webapp + WebApplication commons + + + + eIDASNode-local + local + file:${basedir}/../repository + + + + + + at.asitplus.eidas.ms_specific + core_common_lib + + + + at.gv.egiz.eaaf + eaaf-core + + + + + eu.eidas + eidas-jcache-ignite-specific-communication + + + org.springframework.boot + spring-boot-starter-actuator + + + org.thymeleaf + thymeleaf-spring5 + + + + javax.servlet + javax.servlet-api + provided + + + + + + junit + junit + test + + + org.springframework + spring-test + test + + + org.springframework.boot + spring-boot-starter-test + test + + + at.gv.egiz.eaaf + eaaf_core_utils + test + test-jar + + + at.gv.egiz.eaaf + eaaf-core + test + test-jar + + + at.gv.egiz.eaaf + eaaf_module_pvp2_sp + test + test-jar + + + at.gv.egiz.eaaf + eaaf_module_pvp2_idp + test + + + at.gv.egiz.eaaf + eaaf_module_pvp2_idp + test + test-jar + + + com.squareup.okhttp3 + mockwebserver + test + + + + + + + core_common_webapp + + + + + maven-surefire-plugin + + 1 + + + + org.apache.maven.surefire + surefire-junit47 + ${surefire.version} + + + + + + com.github.spotbugs + spotbugs-maven-plugin + ${spotbugs-maven-plugin.version} + + checks/spotbugs-exclude.xml + + + + + + + \ No newline at end of file diff --git a/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/SpringContextCloseHandler.java b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/SpringContextCloseHandler.java new file mode 100644 index 00000000..81f23841 --- /dev/null +++ b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/SpringContextCloseHandler.java @@ -0,0 +1,170 @@ +package at.asitplus.eidas.specific.core; + +import java.util.Iterator; +import java.util.Map; +import java.util.Map.Entry; + +import org.slf4j.Logger; +import org.springframework.beans.BeansException; +import org.springframework.beans.factory.config.BeanPostProcessor; +import org.springframework.context.ApplicationContext; +import org.springframework.context.ApplicationContextAware; +import org.springframework.context.ApplicationListener; +import org.springframework.context.event.ContextClosedEvent; +import org.springframework.context.event.EventListener; +import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor; +import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler; + +import at.gv.egiz.components.spring.api.IDestroyableObject; +import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication; + +/** + * SpringContext CloseHandler. + * + * @author tlenz + * + */ + +public class SpringContextCloseHandler + implements ApplicationListener, ApplicationContextAware, BeanPostProcessor { + + private static final Logger log = + org.slf4j.LoggerFactory.getLogger(SpringContextCloseHandler.class); + + private ApplicationContext context; + + /* + * (non-Javadoc) + * + * @see org.springframework.context.ApplicationListener#onApplicationEvent(org. + * springframework.context. ApplicationEvent) + */ + @Override + @EventListener + public void onApplicationEvent(final ContextClosedEvent arg0) { + log.info("MS-specific eIDAS-Node shutdown process started ..."); + + try { + log.debug("CleanUp objects with implements the IDestroyable interface ... "); + final Map objectsToDestroy = + context.getBeansOfType(IDestroyableObject.class); + internalIDestroyableObject(objectsToDestroy); + log.info("Object cleanUp complete"); + + log.debug("Stopping Spring Thread-Pools ... "); + // shut-down task schedulers + final Map schedulers = + context.getBeansOfType(ThreadPoolTaskScheduler.class); + internalThreadPoolTaskScheduler(schedulers); + + // shut-down task executors + final Map executers = + context.getBeansOfType(ThreadPoolTaskExecutor.class); + internalThreadPoolTaskExecutor(executers); + log.debug("Spring Thread-Pools stopped"); + + + //clean-up eIDAS node + Map nodeIgnite = + context.getBeansOfType(IgniteInstanceInitializerSpecificCommunication.class); + log.info("Find #{} Apache Ignite instances from eIDAS Ref. impl.", nodeIgnite.size()); + for (Entry el : nodeIgnite.entrySet()) { + if (el.getValue().getInstance() != null) { + el.getValue().getInstance().close(); + el.getValue().destroyInstance(); + log.debug("Shutdown Apache-Ignite: {}", el.getKey()); + + } + } + + log.info("MS-specific eIDAS-Node shutdown process finished"); + + } catch (final Exception e) { + log.warn("MS-specific eIDAS-Node shutdown process has an error.", e); + + } + + } + + /* + * (non-Javadoc) + * + * @see org.springframework.beans.factory.config.BeanPostProcessor# + * postProcessAfterInitialization(java. lang.Object, java.lang.String) + */ + @Override + public Object postProcessAfterInitialization(final Object arg0, final String arg1) + throws BeansException { + if (arg0 instanceof ThreadPoolTaskScheduler) { + ((ThreadPoolTaskScheduler) arg0).setWaitForTasksToCompleteOnShutdown(true); + } + if (arg0 instanceof ThreadPoolTaskExecutor) { + ((ThreadPoolTaskExecutor) arg0).setWaitForTasksToCompleteOnShutdown(true); + } + return arg0; + + } + + /* + * (non-Javadoc) + * + * @see org.springframework.beans.factory.config.BeanPostProcessor# + * postProcessBeforeInitialization(java .lang.Object, java.lang.String) + */ + @Override + public Object postProcessBeforeInitialization(final Object arg0, final String arg1) + throws BeansException { + return arg0; + + } + + /* + * (non-Javadoc) + * + * @see + * org.springframework.context.ApplicationContextAware#setApplicationContext(org + * .springframework. context.ApplicationContext) + */ + @Override + public void setApplicationContext(final ApplicationContext arg0) throws BeansException { + this.context = arg0; + + } + + private void internalThreadPoolTaskExecutor(final Map executers) { + for (final ThreadPoolTaskExecutor executor : executers.values()) { + executor.shutdown(); + log.debug("Executer {} with active {} work has killed", executor.getThreadNamePrefix(), + executor.getActiveCount()); + + } + + } + + // Not required at the moment + private void internalThreadPoolTaskScheduler( + final Map schedulers) { + log.trace("Stopping #{} task-schedulers", schedulers.size()); + + } + + private void internalIDestroyableObject(final Map objectsToDestroy) { + if (objectsToDestroy != null) { + final Iterator> interator = + objectsToDestroy.entrySet().iterator(); + while (interator.hasNext()) { + final Entry object = interator.next(); + try { + object.getValue().fullyDestroy(); + log.debug("Object with ID: {} is destroyed", object.getKey()); + + } catch (final Exception e) { + log.warn("Destroing object with ID: {} FAILED!", object.getKey(), null, e); + + } + } + } + + } + +} diff --git a/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/auth/AuthenticationManager.java b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/auth/AuthenticationManager.java new file mode 100644 index 00000000..6be1f0ba --- /dev/null +++ b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/auth/AuthenticationManager.java @@ -0,0 +1,60 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.core.auth; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.slo.ISloInformationContainer; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; + +@Service("AuthenticationManager") +public class AuthenticationManager extends AbstractAuthenticationManager { + private static final Logger log = LoggerFactory.getLogger(AuthenticationManager.class); + + @Override + public ISloInformationContainer performSingleLogOut(HttpServletRequest httpReq, + HttpServletResponse httpResp, + IRequest pendingReq, String internalSsoId) throws EaafException { + throw new RuntimeException("Single LogOut is NOT supported by this implementation"); + + } + + @Override + protected void populateExecutionContext(ExecutionContext executionContext, + RequestImpl pendingReq, HttpServletRequest httpReq) + throws EaafException { + log.trace("No implementation-specific population of execution-context required ... "); + + } + +} diff --git a/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java new file mode 100644 index 00000000..e5937b99 --- /dev/null +++ b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java @@ -0,0 +1,255 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.core.builder; + +import java.util.Date; +import java.util.Optional; +import java.util.Set; +import java.util.stream.Collectors; + +import org.springframework.stereotype.Service; + +import com.google.common.collect.Streams; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; +import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Triple; +import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper; +import lombok.extern.slf4j.Slf4j; + +@Service("AuthenticationDataBuilder") +@Slf4j +public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder { + + private static final String ERROR_B11 = "builder.11"; + + @Override + protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException { + final EidAuthProcessDataWrapper authProcessData = + pendingReq.getSessionData(EidAuthProcessDataWrapper.class); + final EidAuthenticationData authData = new EidAuthenticationData(); + + // set basis infos + super.generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData); + + // set specific informations + authData.setSsoSessionValidTo( + new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); + + authData.setEidStatus(authProcessData.isTestIdentity() + ? EidIdentityStatusLevelValues.TESTIDENTITY + : EidIdentityStatusLevelValues.IDENTITY); + + return authData; + + } + + @Override + protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) + throws EaafException { + if (authData instanceof EidAuthenticationData) { + ((EidAuthenticationData) authData).setGenericData( + ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, + pendingReq.getUniquePiiTransactionIdentifier()); + log.trace("Inject piiTransactionId: {} into AuthData", pendingReq.getUniquePiiTransactionIdentifier()); + + // set specific informations + ((EidAuthenticationData) authData).setSsoSessionValidTo( + new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); + + // set E-ID status-level + final EidAuthProcessDataWrapper authProcessData = + pendingReq.getSessionData(EidAuthProcessDataWrapper.class); + ((EidAuthenticationData) authData).setEidStatus(authProcessData.isTestIdentity() + ? EidIdentityStatusLevelValues.TESTIDENTITY + : EidIdentityStatusLevelValues.IDENTITY); + + // handle mandate informations + buildMandateInformation((EidAuthenticationData) authData, pendingReq, authProcessData); + + } else { + throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: " + + authData.getClass().getName()); + + } + + } + + @Override + protected IAuthData getAuthDataInstance(IRequest arg0) throws EaafException { + return new EidAuthenticationData(); + + } + + @Override + protected Pair buildOAspecificbPK(IRequest pendingReq, AuthenticationData authData) + throws EaafBuilderException { + return super.buildOAspecificbPK(pendingReq, authData); + + } + + @Override + protected Pair getEncryptedBpkFromPvpAttribute(IAuthProcessDataContainer arg0, + AuthenticationData arg1, ISpConfiguration arg2) throws EaafBuilderException { + return null; + + } + + @Override + protected Pair getbaseIdFromSzr(AuthenticationData arg0, String arg1, String arg2) { + return null; + + } + + private void buildMandateInformation(EidAuthenticationData authData, IRequest pendingReq, + EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException, + EaafStorageException { + authData.setUseMandate(authProcessData.isMandateUsed()); + if (authProcessData.isMandateUsed()) { + log.debug("Build mandate-releated authentication data ... "); + if (authProcessData.isForeigner()) { + buildMandateInformationForEidasIncoming(); + + } else { + buildMandateInformationForEidasOutgoing(authData, pendingReq, authProcessData); + + } + + // inject mandate information into authdata + final Set mandateAttributes = Streams.concat( + MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES.stream(), + MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES.stream()) + .map(el -> el.getFirst()) + .collect(Collectors.toSet()); + + authProcessData.getGenericSessionDataStream() + .filter(el -> mandateAttributes.contains(el.getKey())) + .forEach(el -> { + try { + authData.setGenericData(el.getKey(), el.getValue()); + + } catch (final EaafStorageException e) { + log.error("Can not store attribute: {} into session.", el.getKey(), e); + throw new RuntimeException(e); + + } + }); + } + } + + private void buildMandateInformationForEidasIncoming() { + log.debug("Find eIDAS incoming process. Generated mandate-information for ID-Austria system ... "); + + // TODO: implement IDA specific processing of foreign mandate + + } + + private void buildMandateInformationForEidasOutgoing(EidAuthenticationData authData, IRequest pendingReq, + EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException, + EaafStorageException { + log.debug("Find eIDAS outgoing process. Generated mandate-information for other country ... "); + if (authProcessData.getGenericDataFromSession( + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME) != null) { + final Optional> missingAttribute = + MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES.stream() + .filter(el -> authProcessData.getGenericDataFromSession(el.getFirst()) == null) + .findFirst(); + if (missingAttribute.isPresent()) { + log.error("ID-Austria response contains not all attributes for nat. person mandator. Missing: {}", + missingAttribute.get().getFirst()); + throw new EaafAuthenticationException(ERROR_B11, new Object[] { "Nat. person mandate" }); + + } else { + log.trace("Find nat. person mandate. Mandate can be used as it is "); + authData.setGenericData(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, + extractBpkFromResponse(authProcessData.getGenericDataFromSession( + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, String.class))); + + } + + } else { + final Optional> missingAttribute = + MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES.stream() + .filter(el -> authProcessData.getGenericDataFromSession(el.getFirst()) == null) + .findFirst(); + if (missingAttribute.isPresent()) { + log.error("ID-Austria response contains not all attributes for legal. person mandator. Missing: {}", + missingAttribute.get().getFirst()); + throw new EaafAuthenticationException(ERROR_B11, new Object[] { "Legal. person mandate" }); + + } else { + log.trace( + "Find jur. person mandate. Generate eIDAS identifier from legal-person sourcePin and type ... "); + final String sourcePin = authProcessData.getGenericDataFromSession( + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class); + final String sourcePinType = authProcessData.getGenericDataFromSession( + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class); + + // build leagl-person identifier for eIDAS out-going + final String[] splittedTarget = + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier().split("\\+"); + StringBuilder sb = new StringBuilder(); + sb.append(splittedTarget[1]) + .append("/") + .append(splittedTarget[2]) + .append("/") + .append(sourcePinType) + .append("+") + .append(sourcePin); + + log.debug("Use legal-person eIDAS identifer: {} from baseId: {} and baseIdType: {}", + sb.toString(), sourcePin, sourcePinType); + authData.setGenericData(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, sb.toString()); + + } + } + } + + private String extractBpkFromResponse(String pvpBpkAttrValue) { + final String[] split = pvpBpkAttrValue.split(":", 2); + if (split.length == 2) { + return split[1]; + + } else { + log.warn("PVP bPK attribute: {} has wrong format. Use it as it is.", pvpBpkAttrValue); + return pvpBpkAttrValue; + + } + } + +} diff --git a/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/config/StaticResourceConfiguration.java b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/config/StaticResourceConfiguration.java new file mode 100644 index 00000000..06377c3f --- /dev/null +++ b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/config/StaticResourceConfiguration.java @@ -0,0 +1,220 @@ +/* + * Copyright 2019 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.core.config; + +import java.net.MalformedURLException; +import java.util.List; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.support.ReloadableResourceBundleMessageSource; +import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; +import org.springframework.web.servlet.i18n.CookieLocaleResolver; +import org.thymeleaf.templateresolver.FileTemplateResolver; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; + +/** + * Spring configurator for Web resources. + * + * @author tlenz + * + */ +@Configuration +public class StaticResourceConfiguration implements WebMvcConfigurer { + private static final Logger log = LoggerFactory.getLogger(StaticResourceConfiguration.class); + private static final String[] CLASSPATH_RESOURCE_LOCATIONS = { + "/" + }; + + private static final String DEFAULT_MESSAGE_SOURCE = "classpath:properties/status_messages"; + + @Autowired + private IConfiguration basicConfig; + + @Override + public void addResourceHandlers(ResourceHandlerRegistry registry) { + final String staticResources = basicConfig.getBasicConfiguration( + MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_STATIC_PATH); + try { + if (StringUtils.isNotEmpty(staticResources)) { + String absPath = FileUtils.makeAbsoluteUrl(staticResources, basicConfig + .getConfigurationRootDirectory()); + if (!absPath.endsWith("/")) { + absPath += "/"; + } + + registry.addResourceHandler("/static/**").addResourceLocations(absPath); + log.info("Add Ressourcefolder: " + absPath + " for static Web content"); + + } else { + log.debug("No Ressourcefolder for static Web content"); + } + + } catch (final MalformedURLException e) { + log.warn("Can NOT initialize ressourcefolder for static Web content", e); + + } + + registry.addResourceHandler("/**").addResourceLocations(CLASSPATH_RESOURCE_LOCATIONS); + + } + + /** + * Get a message source with only internal message properties. + * + * @param ressourceLocations List of source-locations + * @return + */ + @Bean + public ReloadableResourceBundleMessageSource internalMessageSource( + @Autowired(required = false) final List ressourceLocations) { + final ReloadableResourceBundleMessageSource messageSource = + new ReloadableResourceBundleMessageSource(); + + // add default message source + messageSource.setBasename(DEFAULT_MESSAGE_SOURCE); + + if (ressourceLocations != null) { + // load more message sources + for (final IMessageSourceLocation el : ressourceLocations) { + if (el.getMessageSourceLocation() != null) { + for (final String source : el.getMessageSourceLocation()) { + messageSource.addBasenames(source); + log.debug("Add additional messageSources: {}", el.getMessageSourceLocation().toArray()); + + } + } + } + } + + messageSource.setDefaultEncoding("UTF-8"); + return messageSource; + + } + + /** + * Get full message source with internal and external message-properties files. + * + * @param ressourceLocations List of source-locations + * @return + */ + @Bean + public ReloadableResourceBundleMessageSource messageSource( + @Autowired(required = false) final List ressourceLocations) { + final ReloadableResourceBundleMessageSource messageSource = + new ReloadableResourceBundleMessageSource(); + messageSource.setDefaultEncoding("UTF-8"); + messageSource.setParentMessageSource(internalMessageSource(ressourceLocations)); + + final String staticResources = basicConfig + .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_PROPERTIES_PATH); + try { + if (StringUtils.isNotEmpty(staticResources)) { + final String absPath = + FileUtils.makeAbsoluteUrl(staticResources, basicConfig.getConfigurationRootDirectory()); + messageSource.setBasename(absPath); + + } else { + log.debug("No Ressourcefolder for dynamic Web content templates"); + + } + + } catch (final MalformedURLException e) { + log.warn("Can NOT initialize ressourcefolder for dynamic Web content templates", e); + + } + + return messageSource; + + } + + /** + * Get a i18n resolver based on cookies. + * + * @return + */ + @Bean + public CookieLocaleResolver localeResolver() { + final CookieLocaleResolver localeResolver = new CookieLocaleResolver(); + localeResolver.setCookieName("currentLanguage"); + localeResolver.setCookieMaxAge(3600); + return localeResolver; + + } + + /** + * Get a Tyhmeleaf Template-Resolver with external configuration path. + * + * @return + */ + @Bean(name = "templateResolver") + public FileTemplateResolver templateResolver() { + final String staticResources = basicConfig + .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH); + try { + if (StringUtils.isNotEmpty(staticResources)) { + String absPath = + FileUtils.makeAbsoluteUrl(staticResources, basicConfig.getConfigurationRootDirectory()); + if (!absPath.endsWith("/")) { + absPath += "/"; + + } + + if (absPath.startsWith("file:")) { + absPath = absPath.substring("file:".length()); + + } + + final FileTemplateResolver viewResolver = new FileTemplateResolver(); + viewResolver.setPrefix(absPath); + viewResolver.setSuffix(".html"); + viewResolver.setTemplateMode("HTML"); + viewResolver.setCacheable(false); + + log.info("Add Ressourcefolder: {} for dynamic Web content templates", absPath); + return viewResolver; + + } else { + log.debug("No Ressourcefolder for dynamic Web content templates"); + + } + + } catch (final MalformedURLException e) { + log.warn("Can NOT initialize ressourcefolder for dynamic Web content templates", e); + + } + + throw new RuntimeException("Can NOT initialize HTML template resolver"); + + } +} diff --git a/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/health/EidasNodeMetadataHealthIndicator.java b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/health/EidasNodeMetadataHealthIndicator.java new file mode 100644 index 00000000..754fe9ab --- /dev/null +++ b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/health/EidasNodeMetadataHealthIndicator.java @@ -0,0 +1,69 @@ +package at.asitplus.eidas.specific.core.health; + +import java.io.ByteArrayInputStream; + +import javax.xml.transform.TransformerFactoryConfigurationError; + +import org.apache.commons.lang3.StringUtils; +import org.apache.http.StatusLine; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.methods.HttpUriRequest; +import org.apache.http.client.utils.URIBuilder; +import org.apache.http.entity.ContentType; +import org.apache.http.impl.client.CloseableHttpClient; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.actuate.health.Health; +import org.springframework.boot.actuate.health.HealthIndicator; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.data.Triple; +import at.gv.egiz.eaaf.core.impl.http.HttpUtils; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class EidasNodeMetadataHealthIndicator implements HealthIndicator { + + @Autowired IConfiguration config; + @Autowired IHttpClientFactory httpClientFactory; + + @Override + public Health health() { + try { + final String urlString = config.getBasicConfiguration( + MsEidasNodeConstants.PROP_CONFIG_MONITORING_EIDASNODE_METADATAURL); + if (StringUtils.isEmpty(urlString)) { + log.trace("No eIDASNode metadata URL. Skipping test ... "); + return Health.unknown().build(); + + } + + // create HTTP client + CloseableHttpClient httpClient = httpClientFactory.getHttpClient(); + URIBuilder uriBuilder = new URIBuilder(urlString); + HttpUriRequest request = new HttpGet(uriBuilder.build()); + + final Triple respCode = httpClient.execute(request, + HttpUtils.bodyStatusCodeResponseHandler()); + if (respCode.getFirst().getStatusCode() != 200) { + log.warn("Monitoring: Get http StatusCode: {} from eIDAS-Node Metadata endpoint", + respCode.getFirst().getStatusCode()); + return Health.down().withDetail("http StatusCode", respCode.getFirst().getStatusCode()).build(); + + } + + // parse metadata + DomUtils.parseXmlNonValidating(respCode.getSecond()); + + return Health.up().build(); + + } catch (Exception | TransformerFactoryConfigurationError e) { + log.warn("Monitoring: Can not read SAML2 metadata from eIDAS-Node", e); + return Health.down().down(e).build(); + + } + } + +} diff --git a/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/health/IgniteClusterHealthIndicator.java b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/health/IgniteClusterHealthIndicator.java new file mode 100644 index 00000000..651f9125 --- /dev/null +++ b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/health/IgniteClusterHealthIndicator.java @@ -0,0 +1,52 @@ +package at.asitplus.eidas.specific.core.health; + +import org.apache.ignite.Ignite; +import org.springframework.boot.actuate.health.Health; +import org.springframework.boot.actuate.health.HealthIndicator; + +import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication; +import lombok.Setter; +import lombok.extern.slf4j.Slf4j; + +/** + * HealthCheck that validate Nodes in Apache-Ignite Cluster. + * + * @author tlenz + * + */ +@Slf4j +public class IgniteClusterHealthIndicator implements HealthIndicator { + + @Setter + protected IgniteInstanceInitializerSpecificCommunication igniteInstanceInitializerSpecificCommunication; + + @Override + public Health health() { + final Ignite instance = igniteInstanceInitializerSpecificCommunication.getInstance(); + + // check if Apache Ignite cluster is active + if (!instance.cluster().active()) { + return Health.outOfService().build(); + + } + + final Health.Builder healthBuilder; + // Status UP requires more than 1 node because MS-Connector and eIDAS-Node operations as + // micro-services + if (instance.cluster().nodes().size() > 1) { + healthBuilder = Health.up(); + + } else { + // Something looks wrong if only a single node was found because MS-Connector and eIDAS-Node + // operations as micro-services + healthBuilder = Health.outOfService(); + + } + + healthBuilder.withDetail("#Nodes", instance.cluster().nodes().size()); + log.trace("Ignite state. #Nodes: {}", instance.cluster().nodes().size()); + return healthBuilder.build(); + + } + +} diff --git a/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/interceptor/WebFrontEndSecurityInterceptor.java b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/interceptor/WebFrontEndSecurityInterceptor.java new file mode 100644 index 00000000..f665be51 --- /dev/null +++ b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/interceptor/WebFrontEndSecurityInterceptor.java @@ -0,0 +1,90 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.core.interceptor; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.web.servlet.HandlerInterceptor; +import org.springframework.web.servlet.ModelAndView; + +/** + * Spring interceptor to inject securtiy headers into http response. + * + * @author tlenz + * + */ +public class WebFrontEndSecurityInterceptor implements HandlerInterceptor { + + /* + * (non-Javadoc) + * + * @see + * org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet. + * http.HttpServletRequest, javax.servlet.http.HttpServletResponse, + * java.lang.Object) + */ + @Override + public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) + throws Exception { + + // set security headers + response.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT"); + response.setHeader("Pragma", "no-cache"); + response.setHeader("Cache-control", "no-store, no-cache, must-revalidate"); + + return true; + + } + + /* + * (non-Javadoc) + * + * @see + * org.springframework.web.servlet.HandlerInterceptor#postHandle(javax.servlet. + * http.HttpServletRequest, javax.servlet.http.HttpServletResponse, + * java.lang.Object, org.springframework.web.servlet.ModelAndView) + */ + @Override + public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, + ModelAndView modelAndView) throws Exception { + + } + + /* + * (non-Javadoc) + * + * @see + * org.springframework.web.servlet.HandlerInterceptor#afterCompletion(javax. + * servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, + * java.lang.Object, java.lang.Exception) + */ + @Override + public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, + Exception ex) + throws Exception { + + } + +} diff --git a/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/logger/RevisionLogger.java b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/logger/RevisionLogger.java new file mode 100644 index 00000000..03a56976 --- /dev/null +++ b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/logger/RevisionLogger.java @@ -0,0 +1,110 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.core.logger; + +import java.util.Date; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.components.eventlog.api.Event; +import at.gv.egiz.components.eventlog.api.EventConstants; +import at.gv.egiz.components.eventlog.api.EventLogFactory; +import at.gv.egiz.components.eventlog.api.EventLoggingException; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; + +public class RevisionLogger extends EventLogFactory implements IRevisionLogger { + private static final Logger log = LoggerFactory.getLogger(RevisionLogger.class); + + @Autowired + private IConfiguration basicConfig; + + @Override + public void logEvent(ISpConfiguration oaConfig, int eventCode, String message) { + logEvent(createNewEvent(new Date().getTime(), eventCode, message)); + + } + + @Override + public void logEvent(IRequest pendingRequest, int eventCode) { + logEvent(createNewEvent(new Date().getTime(), eventCode, + pendingRequest.getUniqueSessionIdentifier(), pendingRequest.getUniqueTransactionIdentifier())); + + } + + @Override + public void logEvent(IRequest pendingRequest, int eventCode, String message) { + logEvent(createNewEvent(new Date().getTime(), eventCode, message, + pendingRequest.getUniqueSessionIdentifier(), pendingRequest.getUniqueTransactionIdentifier())); + + } + + @Override + public void logEvent(int eventCode, String message) { + logEvent(createNewEvent(new Date().getTime(), eventCode, message)); + + } + + @Override + public void logEvent(String sessionID, String transactionID, int eventCode, String message) { + logEvent(createNewEvent(new Date().getTime(), eventCode, message, sessionID, transactionID)); + + } + + @Override + public void logEvent(String sessionID, String transactionID, int eventCode) { + logEvent(createNewEvent(new Date().getTime(), eventCode, sessionID, transactionID)); + + } + + private void logEvent(Event event) { + try { + if (event.getEventCode() >= 1100) { + if (event.getEventCode() == EventConstants.TRANSACTION_IP + && !basicConfig.getBasicConfigurationBoolean( + MsEidasNodeConstants.PROP_CONFIG_REVISIONLOG_LOG_IP_ADDRESS_OF_USER, true)) { + log.trace("Ignore Event: " + event.getEventCode() + " because IP adresse logging prohibited"); + return; + + } + + getEventLog().logEvent(event); + + } else { + log.trace("Ignore Event: " + event.getEventCode() + + " because session functionallity is not implemented"); + } + + } catch (final EventLoggingException e) { + log.warn("Event logging FAILED! Reason: " + e.getMessage()); + + } + + } +} diff --git a/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/logger/StatisticLogger.java b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/logger/StatisticLogger.java new file mode 100644 index 00000000..bdaf83f6 --- /dev/null +++ b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/logger/StatisticLogger.java @@ -0,0 +1,141 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.core.logger; + +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger; +import at.gv.egiz.eaaf.core.exceptions.EaafException; + +public class StatisticLogger implements IStatisticLogger { + + private static final Logger log = LoggerFactory.getLogger(StatisticLogger.class); + + private static final String DATEFORMATER = "yyyy.MM.dd-HH:mm:ss+z"; + private static final String STATUS_SUCCESS = "success"; + private static final String STATUS_ERROR = "error"; + + @Override + public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSsoSession) { + log.info(buildLogMessage( + protocolRequest.getUniqueTransactionIdentifier(), + protocolRequest.getSpEntityId(), + protocolRequest.getRawData(MsEidasNodeConstants.DATA_REQUESTERID), + protocolRequest.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), + authData.getCiticenCountryCode(), + STATUS_SUCCESS, + StringUtils.EMPTY, + StringUtils.EMPTY)); + + } + + @Override + public void logErrorOperation(Throwable throwable) { + String errorId = "TODO"; + if (throwable instanceof EaafException) { + errorId = ((EaafException) throwable).getErrorId(); + } + + log.info(buildLogMessage( + StringUtils.EMPTY, + StringUtils.EMPTY, + StringUtils.EMPTY, + StringUtils.EMPTY, + StringUtils.EMPTY, + STATUS_ERROR, + errorId, + throwable.getMessage())); + + } + + @Override + public void logErrorOperation(Throwable throwable, IRequest errorRequest) { + String errorId = "TODO"; + if (throwable instanceof EaafException) { + errorId = ((EaafException) throwable).getErrorId(); + } + + if (errorRequest != null) { + log.info(buildLogMessage( + errorRequest.getUniqueTransactionIdentifier(), + errorRequest.getSpEntityId(), + errorRequest.getRawData(MsEidasNodeConstants.DATA_REQUESTERID), + errorRequest.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), + StringUtils.EMPTY, + STATUS_ERROR, + errorId, + throwable.getMessage())); + } else { + log.info(buildLogMessage( + StringUtils.EMPTY, + StringUtils.EMPTY, + StringUtils.EMPTY, + StringUtils.EMPTY, + StringUtils.EMPTY, + STATUS_ERROR, + errorId, + throwable.getMessage())); + } + + } + + @Override + public void internalTesting() throws Exception { + log.trace("Not implemented for a File-based logger"); + + } + + private String buildLogMessage(String transId, String entityId, Object requesterId, String target, + String cc, + String status, String errorCode, String errorMsg) { + String logMsg = StringUtils.EMPTY; + + // data,tId,MOAID-Id,SP-Id,bPKTarget,CC,status,error-code,error-msg + + logMsg += DateTime.now().toString(DATEFORMATER) + ","; + logMsg += transId + ","; + logMsg += entityId + ","; + + if (requesterId instanceof String && StringUtils.isNotEmpty((String) requesterId)) { + logMsg += (String) requesterId + ","; + } else { + logMsg += StringUtils.EMPTY + ","; + } + + logMsg += target + ","; + logMsg += cc + ","; + + logMsg += status + ","; + logMsg += errorCode + ","; + logMsg += errorMsg; + + return logMsg; + } +} diff --git a/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/mapper/LoALevelMapper.java b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/mapper/LoALevelMapper.java new file mode 100644 index 00000000..e3ab5d45 --- /dev/null +++ b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/mapper/LoALevelMapper.java @@ -0,0 +1,60 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.core.mapper; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; + +@Service("LoALevelMapper") +public class LoALevelMapper implements ILoALevelMapper { + private static final Logger log = LoggerFactory.getLogger(LoALevelMapper.class); + + @Override + public String mapToSecClass(String loa) { + log.info("Mapping to PVP SecClass is NOT supported"); + return null; + } + + @Override + public String mapToEidasLoa(String loa) { + if (loa.startsWith(EaafConstants.EIDAS_LOA_PREFIX)) { + return loa; + } else { + log.info("Can NOT map '" + loa + "' to eIDAS LoA"); + } + + return null; + + } + + @Override + public String mapEidasQaaToStorkQaa(String eidasqaaLevel) { + return null; + } + +} diff --git a/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/provider/StatusMessageProvider.java b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/provider/StatusMessageProvider.java new file mode 100644 index 00000000..b47c0b63 --- /dev/null +++ b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/provider/StatusMessageProvider.java @@ -0,0 +1,182 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.core.provider; + +import java.text.MessageFormat; +import java.util.Locale; +import java.util.MissingResourceException; +import java.util.ResourceBundle; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.context.MessageSource; +import org.springframework.context.MessageSourceAware; +import org.springframework.context.NoSuchMessageException; +import org.springframework.context.i18n.LocaleContextHolder; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IStatusMessenger; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory; + +@Service("StatusMessageProvider") +public class StatusMessageProvider implements IStatusMessenger, MessageSourceAware { + private static final Logger log = LoggerFactory.getLogger(StatusMessageProvider.class); + + private static final String ERROR_MESSAGES_UNAVAILABLE = + "Error messages can NOT be load from application. Only errorCode: {0} is availabe"; + private static final String ERROR_NO_MESSAGE = "No errormesseage for error with number.={0}"; + + private static final String ERROR_EXTERNALERROR_CODES_UNAVAILABLE = + "External error-codes can NOT be load from application. Only internal errorCode: {0} is availabe"; + private static final String ERROR_NO_EXTERNALERROR_CODE = + "No external error for internal error with number.={0}"; + private static final String MSG_WARN_NO_SOURCE = "MessageCode: {} is NOT SET for locale: {}"; + private static final String MSG_INFO = "Use locale: {} as default"; + + // external error codes + private static final String DEFAULT_EXTERNALERROR_RESOURCES = "properties/external_statuscodes_map"; + private static final Locale DEFAULT_EXTERNALERROR_LOCALES = new Locale("en", "GB"); + private ResourceBundle externalError = null; + + //internal messanges + private MessageSource messageSource; + + @Override + public String getMessageWithoutDefault(final String messageId, final Object[] parameters) { + if (messageSource == null) { + return null; + + } else { + try { + final Locale locale = LocaleContextHolder.getLocale(); + return messageSource.getMessage(messageId, parameters, locale); + + } catch (final NoSuchMessageException e) { + log.info(MSG_WARN_NO_SOURCE, messageId, LocaleContextHolder.getLocale()); + log.debug(MSG_INFO, Locale.ENGLISH); + + try { + return messageSource.getMessage(messageId, parameters, Locale.ENGLISH); + + } catch (final NoSuchMessageException e2) { + log.info(MSG_WARN_NO_SOURCE, messageId, Locale.ENGLISH); + + } + + } catch (final MissingResourceException e2) { + log.warn("No message source", e2); + + } + } + + return null; + + } + + @Override + public String getMessage(final String messageId, final Object[] parameters) { + if (messageSource == null) { + return MessageFormat.format(ERROR_MESSAGES_UNAVAILABLE, new Object[]{messageId}); + + } else { + try { + final Locale locale = LocaleContextHolder.getLocale(); + return messageSource.getMessage(messageId, parameters, locale); + + } catch (final NoSuchMessageException e) { + log.info(MSG_WARN_NO_SOURCE, messageId, LocaleContextHolder.getLocale()); + log.debug(MSG_INFO, Locale.ENGLISH); + + try { + return messageSource.getMessage(messageId, parameters, Locale.ENGLISH); + + } catch (final NoSuchMessageException e2) { + return MessageFormat.format(ERROR_NO_MESSAGE, new Object[]{messageId}); + + } + + } catch (final MissingResourceException e2) { + return MessageFormat.format(ERROR_NO_MESSAGE, new Object[]{messageId}); + + } + } + } + + @Override + public String getResponseErrorCode(Throwable throwable) { + String errorCode = IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; + if (throwable instanceof EaafException) { + errorCode = ((EaafException) throwable).getErrorId(); + + } + + return errorCode; + + } + + @Override + public String mapInternalErrorToExternalError(String intErrorCode) { + // initialize messages + if (externalError == null) { + this.externalError = ResourceBundle.getBundle( + DEFAULT_EXTERNALERROR_RESOURCES, + DEFAULT_EXTERNALERROR_LOCALES); + + } + + // create the message + if (externalError == null) { + log.warn(MessageFormat.format(ERROR_EXTERNALERROR_CODES_UNAVAILABLE, new Object[] { intErrorCode })); + return IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; + + } else { + try { + if (StringUtils.isNotEmpty(intErrorCode)) { + return externalError.getString(intErrorCode); + + } else { + return IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; + + } + + } catch (final MissingResourceException e2) { + log.info(MessageFormat.format(ERROR_NO_EXTERNALERROR_CODE, new Object[] { intErrorCode })); + return IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; + + } + } + } + + @Override + public void setMessageSource(MessageSource messageSource) { + this.messageSource = messageSource; + + log.info("Injecting 'StatusMessanger' into 'LogMessageProviderFactory'"); + LogMessageProviderFactory.setStatusMessager(this); + + } + +} diff --git a/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/CacheWithEidasBackend.java b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/CacheWithEidasBackend.java new file mode 100644 index 00000000..0eeb35d9 --- /dev/null +++ b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/CacheWithEidasBackend.java @@ -0,0 +1,35 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.core.storage; + +import eu.eidas.auth.commons.cache.ConcurrentCacheService; +import eu.eidas.auth.commons.tx.AbstractCache; + +public class CacheWithEidasBackend extends AbstractCache { + + protected CacheWithEidasBackend(ConcurrentCacheService concurrentMapService) { + super(concurrentMapService); + } + +} diff --git a/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/EidasCacheTransactionStoreDecorator.java b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/EidasCacheTransactionStoreDecorator.java new file mode 100644 index 00000000..5a59a4e0 --- /dev/null +++ b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/EidasCacheTransactionStoreDecorator.java @@ -0,0 +1,180 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.core.storage; + +import java.util.Arrays; +import java.util.Date; +import java.util.List; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.actuate.health.Health; +import org.springframework.boot.actuate.health.HealthIndicator; + +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.utils.Random; + +public class EidasCacheTransactionStoreDecorator implements ITransactionStorage, HealthIndicator { + private static final Logger log = LoggerFactory.getLogger(EidasCacheTransactionStoreDecorator.class); + + @Autowired(required = true) + private CacheWithEidasBackend storage; + + @Override + public Health health() { + try { + final String key = Random.nextHexRandom16(); + final String value = Random.nextHexRandom16(); + + this.put(key, value, -1); + final String result = this.get(key, String.class); + this.remove(key); + + if (result != null && result.equals(value)) { + return Health.up().build(); + + } else { + log.warn("Montioring: TestValue: " + value + " does NOT match in Storage test"); + return Health.down().build(); + + } + + } catch (final EaafException e) { + log.warn("Montioring: Can not read/write to storage.", e); + return Health.down().down(e).build(); + + } + } + + @Override + public void changeKey(String oldKey, String newKey, Object value) throws EaafException { + if (containsKey(oldKey)) { + final TransactionStoreElement el = storage.get(oldKey); + el.setKey(newKey); + el.setData(value); + storage.put(newKey, el); + boolean delResult = storage.remove(oldKey); + log.trace("Object: {} removed from cache: {}", oldKey, delResult); + + } else { + throw new EaafStorageException("No element in TransactionStorage with key: " + oldKey); + } + + } + + @Override + public List clean(Date now, long dataTimeOut) { + log.info("Clean is NOT implemented, because its not needed"); + return Arrays.asList(); + + } + + @Override + public boolean containsKey(String key) { + return storage.containsKey(key); + + } + + @Override + public Object get(String key) throws EaafException { + if (key != null && containsKey(key)) { + final TransactionStoreElement element = storage.get(key); + return element.getData(); + + } else { + return null; + } + } + + @Override + public T get(String key, Class type) throws EaafException { + return get(key, type, -1); + + } + + @Override + public T get(String key, Class type, long dataTimeOut) throws EaafException { + if (key != null && containsKey(key)) { + final TransactionStoreElement value = storage.get(key); + + if (dataTimeOut > -1) { + final long now = new Date().getTime(); + if (now - value.getCreated().getTime() > dataTimeOut) { + log.info("Transaction-Data with key: " + key + " is out of time."); + throw new EaafStorageException("Transaction-Data with key: " + key + " is out of time."); + + } + } + + if (type.isAssignableFrom(value.getData().getClass())) { + return (T) value.getData(); + + } else { + log.warn("Can NOT cast '" + value.getClass() + "' to '" + type + "'"); + } + + } + + return null; + } + + @Override + public Object getRaw(String key) throws EaafException { + return storage.get(key); + + } + + @Override + public void put(String key, Object value, int dataTimeOut) throws EaafException { + final TransactionStoreElement element = new TransactionStoreElement(); + element.setKey(key); + element.setData(value); + storage.put(key, element); + + } + + @Override + public void putRaw(String key, Object value) throws EaafException { + if (value instanceof TransactionStoreElement) { + storage.put(((TransactionStoreElement) value).getKey(), (TransactionStoreElement) value); + } else { + log.info(value.getClass().getName() + " is NOT a RAW element of " + ITransactionStorage.class + .getName()); + } + + } + + @Override + public void remove(String key) { + if (containsKey(key)) { + log.trace("Remove element with key: " + key + " from " + ITransactionStorage.class.getName()); + boolean delResult = storage.remove(key); + log.trace("Object: {} removed from cache: {}", key, delResult); + + } + } +} diff --git a/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/SimpleInMemoryTransactionStorage.java b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/SimpleInMemoryTransactionStorage.java new file mode 100644 index 00000000..a3a8af0f --- /dev/null +++ b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/SimpleInMemoryTransactionStorage.java @@ -0,0 +1,169 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.core.storage; + +import java.util.ArrayList; +import java.util.Date; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.concurrent.ConcurrentHashMap; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; + +public class SimpleInMemoryTransactionStorage implements ITransactionStorage { + private static final Logger log = LoggerFactory.getLogger(SimpleInMemoryTransactionStorage.class); + + private final Map storage = + new ConcurrentHashMap<>(); + + @Override + public void changeKey(String oldKey, String newKey, Object value) throws EaafException { + if (containsKey(oldKey)) { + final TransactionStoreElement el = storage.get(oldKey); + el.setKey(newKey); + storage.put(newKey, el); + storage.remove(oldKey); + + } else { + throw new EaafStorageException("No element in TransactionStorage with key: " + oldKey); + } + + } + + @Override + public List clean(Date now, long dataTimeOut) { + final List result = new ArrayList<>(); + final Iterator> iterator = storage.entrySet().iterator(); + while (iterator.hasNext()) { + final Entry key = iterator.next(); + synchronized (storage) { + if (storage.containsKey(key.getKey())) { + final TransactionStoreElement element = key.getValue(); + if (now.getTime() - element.getCreated().getTime() > dataTimeOut) { + result.add(key.getKey()); + } + } + } + } + + return result; + + } + + @Override + public boolean containsKey(String key) { + if (key != null) { + return storage.containsKey(key); + } else { + return false; + } + + } + + @Override + public Object get(String key) throws EaafException { + if (key != null && containsKey(key)) { + final TransactionStoreElement element = storage.get(key); + return element.getData(); + + } else { + return null; + } + } + + @Override + public T get(String key, Class type) throws EaafException { + return get(key, type, -1); + + } + + @Override + public T get(String key, Class type, long dataTimeOut) throws EaafException { + if (key != null && containsKey(key)) { + final TransactionStoreElement value = storage.get(key); + + if (dataTimeOut > -1) { + final long now = new Date().getTime(); + if (now - value.getCreated().getTime() > dataTimeOut) { + log.info("Transaction-Data with key: " + key + " is out of time."); + throw new EaafStorageException("Transaction-Data with key: " + key + " is out of time."); + + } + } + + if (type.isAssignableFrom(value.getData().getClass())) { + return (T) value.getData(); + + } else { + log.warn("Can NOT cast '" + value.getClass() + "' to '" + type + "'"); + } + + } + + return null; + } + + @Override + public Object getRaw(String key) throws EaafException { + return storage.get(key); + + } + + @Override + public void put(String key, Object value, int dataTimeOut) throws EaafException { + final TransactionStoreElement element = new TransactionStoreElement(); + element.setKey(key); + element.setData(value); + storage.put(key, element); + + } + + @Override + public void putRaw(String key, Object value) throws EaafException { + if (value instanceof TransactionStoreElement) { + storage.put(((TransactionStoreElement) value).getKey(), (TransactionStoreElement) value); + } else { + log.info(value.getClass().getName() + " is NOT a RAW element of " + ITransactionStorage.class + .getName()); + } + + } + + @Override + public void remove(String key) { + if (containsKey(key)) { + log.debug("Remove element with key: " + key + " from " + ITransactionStorage.class.getName()); + storage.remove(key); + + } + } + +} diff --git a/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/TransactionStoreElement.java b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/TransactionStoreElement.java new file mode 100644 index 00000000..48668d4b --- /dev/null +++ b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/TransactionStoreElement.java @@ -0,0 +1,70 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.core.storage; + +import java.io.Serializable; +import java.util.Date; + +public class TransactionStoreElement implements Serializable { + + private static final long serialVersionUID = 1L; + private String key = null; + private Object data = null; + private Date created; + + public String getKey() { + return key; + } + + public void setKey(String key) { + this.key = key; + } + + public Object getData() { + return data; + } + + public void setData(Object data) { + this.data = data; + } + + public Date getCreated() { + return copyOrNull(created); + } + + public void setCreated(Date created) { + this.created = copyOrNull(created); + } + + private Date copyOrNull(Date in) { + if (in != null) { + return new Date(in.getTime()); + + } + + return null; + + } + +} diff --git a/core_common_webapp/src/main/resources/specific_eIDAS_core.beans.xml b/core_common_webapp/src/main/resources/specific_eIDAS_core.beans.xml new file mode 100644 index 00000000..f37dc451 --- /dev/null +++ b/core_common_webapp/src/main/resources/specific_eIDAS_core.beans.xml @@ -0,0 +1,61 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/core_common_webapp/src/main/resources/specific_eIDAS_core_storage.beans.xml b/core_common_webapp/src/main/resources/specific_eIDAS_core_storage.beans.xml new file mode 100644 index 00000000..259f5605 --- /dev/null +++ b/core_common_webapp/src/main/resources/specific_eIDAS_core_storage.beans.xml @@ -0,0 +1,39 @@ + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/health/EidasNodeMetadataHealthIndicatorNoEndpointTest.java b/core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/health/EidasNodeMetadataHealthIndicatorNoEndpointTest.java new file mode 100644 index 00000000..06ce8abe --- /dev/null +++ b/core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/health/EidasNodeMetadataHealthIndicatorNoEndpointTest.java @@ -0,0 +1,70 @@ +package at.asitplus.eidas.specific.core.test.health; + +import java.io.IOException; + +import org.apache.commons.io.IOUtils; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.actuate.health.Health; +import org.springframework.http.MediaType; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.web.WebAppConfiguration; + +import at.asitplus.eidas.specific.core.health.EidasNodeMetadataHealthIndicator; +import okhttp3.mockwebserver.MockResponse; +import okhttp3.mockwebserver.MockWebServer; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/spring/SpringTest-context_healthcheck.xml" }) +@TestPropertySource(locations = {"classpath:/config/junit_config_2_springboot.properties"}) +@WebAppConfiguration +public class EidasNodeMetadataHealthIndicatorNoEndpointTest { + + @Autowired EidasNodeMetadataHealthIndicator health; + + private static MockWebServer mockWebServer = null; + + /** + * Testclass initializer. + * + * @throws IOException In case of an error + */ + @BeforeClass + public static void classInitializer() throws IOException { + mockWebServer = new MockWebServer(); + mockWebServer.start(40900); + mockWebServer.url("/mockup"); + + } + + @AfterClass + public static void resetTestEnviroment() throws NoSuchFieldException, SecurityException, + IllegalArgumentException, IllegalAccessException, IOException { + mockWebServer.shutdown(); + + } + + @Test + public void noEndpointInConfiguration() throws IOException { + //set-up status + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody(IOUtils.toString(EidasNodeMetadataHealthIndicatorNoEndpointTest.class + .getResourceAsStream("/config/log4j.properties"), "UTF-8")) + .setHeader("Content-Type", MediaType.APPLICATION_XML)); + + //perform test + Health status = health.health(); + + //validate state + Assert.assertEquals("wrong healthState", Health.unknown().build().getStatus(), status.getStatus()); + + } + +} diff --git a/core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/health/EidasNodeMetadataHealthIndicatorTest.java b/core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/health/EidasNodeMetadataHealthIndicatorTest.java new file mode 100644 index 00000000..e8bc7817 --- /dev/null +++ b/core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/health/EidasNodeMetadataHealthIndicatorTest.java @@ -0,0 +1,102 @@ +package at.asitplus.eidas.specific.core.test.health; + +import java.io.IOException; + +import org.apache.commons.io.IOUtils; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.actuate.health.Health; +import org.springframework.http.MediaType; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.web.WebAppConfiguration; + +import at.asitplus.eidas.specific.core.health.EidasNodeMetadataHealthIndicator; +import okhttp3.mockwebserver.MockResponse; +import okhttp3.mockwebserver.MockWebServer; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/spring/SpringTest-context_healthcheck.xml" }) +@TestPropertySource(locations = {"classpath:/config/junit_config_1_springboot.properties"}) +@WebAppConfiguration +public class EidasNodeMetadataHealthIndicatorTest { + + @Autowired EidasNodeMetadataHealthIndicator health; + + private static MockWebServer mockWebServer = null; + + /** + * Testclass initializer. + * + * @throws IOException In case of an error + */ + @BeforeClass + public static void classInitializer() throws IOException { + mockWebServer = new MockWebServer(); + mockWebServer.start(40900); + mockWebServer.url("/mockup"); + + } + + @AfterClass + public static void resetTestEnviroment() throws NoSuchFieldException, SecurityException, + IllegalArgumentException, IllegalAccessException, IOException { + mockWebServer.shutdown(); + + } + + @Test + public void httpStatusCode500() throws IOException { + //set-up status + mockWebServer.enqueue(new MockResponse().setResponseCode(500) + .setBody(IOUtils.toString(EidasNodeMetadataHealthIndicatorTest.class + .getResourceAsStream("/data/metadata_valid.xml"), "UTF-8")) + .setHeader("Content-Type", MediaType.APPLICATION_XML)); + + //perform test + Health status = health.health(); + + //validate state + Assert.assertEquals("wrong healthState", Health.down().build().getStatus(), status.getStatus()); + + } + + @Test + public void httpStatusCode200() throws IOException { + //set-up status + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody(IOUtils.toString(EidasNodeMetadataHealthIndicatorTest.class + .getResourceAsStream("/data/metadata_valid.xml"), "UTF-8")) + .setHeader("Content-Type", MediaType.APPLICATION_XML)); + + //perform test + Health status = health.health(); + + //validate state + Assert.assertEquals("wrong healthState", Health.up().build().getStatus(), status.getStatus()); + + } + + @Test + public void noXmlResponse() throws IOException { + //set-up status + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody(IOUtils.toString(EidasNodeMetadataHealthIndicatorTest.class + .getResourceAsStream("/config/log4j.properties"), "UTF-8")) + .setHeader("Content-Type", MediaType.APPLICATION_XML)); + + //perform test + Health status = health.health(); + + //validate state + Assert.assertEquals("wrong healthState", Health.down().build().getStatus(), status.getStatus()); + + } + +} diff --git a/core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/utils/AuthenticationDataBuilderTest.java b/core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/utils/AuthenticationDataBuilderTest.java new file mode 100644 index 00000000..586749cb --- /dev/null +++ b/core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/utils/AuthenticationDataBuilderTest.java @@ -0,0 +1,635 @@ +package at.asitplus.eidas.specific.core.test.utils; + +import static at.asitplus.eidas.specific.core.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; + +import java.io.IOException; +import java.security.PublicKey; +import java.util.Date; +import java.util.HashMap; +import java.util.Map; + +import javax.xml.transform.TransformerException; + +import org.apache.commons.lang3.RandomStringUtils; +import org.apache.commons.lang3.RandomUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.config.InitializationException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.i18n.LocaleContextHolder; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ActiveProfiles; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.web.WebAppConfiguration; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; +import org.w3c.dom.Element; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.builder.AuthenticationDataBuilder; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EaafParserException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder; +import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import net.shibboleth.utilities.java.support.component.ComponentInitializationException; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ "/spring/SpringTest_core_config.beans.xml", "/spring/SpringTest_core.beans.xml", "/eaaf_core.beans.xml", + "/eaaf_pvp.beans.xml", "/spring/SpringTest-context_simple_storage.xml" }) +@ActiveProfiles(profiles = {"deprecatedConfig"}) +@WebAppConfiguration +public class AuthenticationDataBuilderTest { + + @Autowired + private AuthenticationDataBuilder authenticationDataBuilder; + + @Autowired(required = true) + private IConfiguration basicConfig; + + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + private TestRequestImpl pendingReq; + + private DummySpConfiguration oaParam; + private Map spConfig; + + private String eidasBind; + private String authBlock; + + @BeforeClass + public static void classInitializer() throws InitializationException, ComponentInitializationException { + final String current = new java.io.File(".").toURI().toString(); + System.setProperty("eidas.ms.configuration", current + + "src/test/resources/config/junit_config_3.properties"); + + EaafOpenSaml3xInitializer.eaafInitialize(); + } + + @Before + public void initialize() throws EaafStorageException { + httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); + spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); + spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true"); + oaParam = new DummySpConfiguration(spConfig, basicConfig); + + pendingReq = new TestRequestImpl(); + pendingReq.setAuthUrl("https://localhost/ms_connector"); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setSpConfig(oaParam); + authBlock = RandomStringUtils.randomAlphanumeric(20); + eidasBind = RandomStringUtils.randomAlphanumeric(20); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setQaaLevel(EaafConstants.EIDAS_LOA_PREFIX + RandomStringUtils.randomAlphabetic(5)); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, + RandomStringUtils.randomAlphabetic(2).toUpperCase()); + + LocaleContextHolder.resetLocaleContext(); + + } + + @Test + public void eidasProxyMode() throws EaafAuthenticationException, EaafStorageException { + // initialize state + boolean isTestIdentity = RandomUtils.nextBoolean(); + pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); + + String givenName = RandomStringUtils.randomAlphabetic(10); + String familyName = RandomStringUtils.randomAlphabetic(10); + String dateOfBirth = "1956-12-08"; + String bpk = RandomStringUtils.randomAlphanumeric(10); + String cc = pendingReq.getSessionData(AuthProcessDataWrapper.class) + .getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class); + String spC = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + + spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + cc + "+" + spC); + + pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setForeigner(false); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.GIVEN_NAME_NAME, givenName); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, familyName); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.BIRTHDATE_NAME, dateOfBirth); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, bpk); + + //set LoA level attribute instead of explicit session-data + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, + pendingReq.getSessionData(AuthProcessDataWrapper.class).getQaaLevel()); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setQaaLevel(null); + + + + // execute test + IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); + + + // validate state + Assert.assertNotNull("AuthData null", authData); + Assert.assertNull("authBlock null", authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class)); + Assert.assertNull("eidasBind null", authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class)); + + Assert.assertEquals("LoA", pendingReq.getSessionData(AuthProcessDataWrapper.class) + .getGenericDataFromSession(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, String.class), + authData.getEidasQaaLevel()); + Assert.assertEquals("CitizenCountry", cc, authData.getCiticenCountryCode()); + Assert.assertEquals("familyName", familyName, authData.getFamilyName()); + Assert.assertEquals("givenName", givenName, authData.getGivenName()); + Assert.assertEquals("DateOfBirth", dateOfBirth, authData.getDateOfBirth()); + + Assert.assertEquals("bPK", pendingReq.getSessionData(AuthProcessDataWrapper.class) + .getGenericDataFromSession(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class), + authData.getGenericData(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class)); + + Assert.assertEquals("testIdentity flag", + isTestIdentity ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY, + ((EidAuthenticationData)authData).getEidStatus()); + assertFalse("mandate flag", ((EidAuthenticationData)authData).isUseMandate()); + + } + + @Test + public void eidasProxyModeWithJurMandate() throws EaafAuthenticationException, EaafStorageException { + // initialize state + injectRepresentativeInfosIntoSession(); + + String commonMandate = RandomStringUtils.randomAlphabetic(10); + + // set constant country-code and sourcePin to check hashed eIDAS identifier + String sourcePinMandate = "asfdsadfsadfsafsdafsadfasr"; + spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+EE"); + + // set nat. person mandate information + pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, commonMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, + EaafConstants.URN_PREFIX_BASEID + "+XFN"); + + // execute test + IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); + + + // validate state + Assert.assertNotNull("AuthData null", authData); + assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate()); + + //check mandate informations + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, commonMandate); + checkGenericAttribute(authData, MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, + "AT/EE/urn:publicid:gv.at:baseid+XFN+asfdsadfsadfsafsdafsadfasr"); + + } + + @Test + public void eidasProxyModeWithJurMandateMissingAttribute() throws EaafAuthenticationException, EaafStorageException { + // initialize state + injectRepresentativeInfosIntoSession(); + + // set constant country-code and sourcePin to check hashed eIDAS identifier + String sourcePinMandate = "asfdsadfsadfsafsdafsadfasr"; + spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+EE"); + + // set nat. person mandate information + pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, + EaafConstants.URN_PREFIX_BASEID + "+XFN"); + + // execute test + // execute test + EaafAuthenticationException error = assertThrows(EaafAuthenticationException.class, + () -> authenticationDataBuilder.buildAuthenticationData(pendingReq)); + Assert.assertEquals("wrong errorId", "builder.11", error.getErrorId()); + + } + + @Test + public void eidasProxyModeWithNatMandate() throws EaafAuthenticationException, EaafStorageException { + // initialize state + injectRepresentativeInfosIntoSession(); + + String givenNameMandate = RandomStringUtils.randomAlphabetic(10); + String familyNameMandate = RandomStringUtils.randomAlphabetic(10); + String dateOfBirthMandate = "1957-09-15"; + String bpkMandate = RandomStringUtils.randomAlphanumeric(10); + + // set nat. person mandate information + pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, "AT+XX:" + bpkMandate); + + // execute test + IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); + + + // validate state + Assert.assertNotNull("AuthData null", authData); + assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate()); + + //check mandate informations + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1957-09-15"); + checkGenericAttribute(authData, MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, bpkMandate); + + } + + @Test + public void eidasProxyModeWithNatMandateWrongBpkFormat() throws EaafAuthenticationException, EaafStorageException { + // initialize state + injectRepresentativeInfosIntoSession(); + + String givenNameMandate = RandomStringUtils.randomAlphabetic(10); + String familyNameMandate = RandomStringUtils.randomAlphabetic(10); + String dateOfBirthMandate = "1957-09-15"; + String bpkMandate = RandomStringUtils.randomAlphanumeric(10); + + // set nat. person mandate information + pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate); + + // execute test + IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); + + + // validate state + Assert.assertNotNull("AuthData null", authData); + assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate()); + + //check mandate informations + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1957-09-15"); + checkGenericAttribute(authData, MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, bpkMandate); + + } + + @Test + public void eidasProxyModeWithNatMandateMissingAttribute() throws EaafAuthenticationException, EaafStorageException { + // initialize state + injectRepresentativeInfosIntoSession(); + + String familyNameMandate = RandomStringUtils.randomAlphabetic(10); + String dateOfBirthMandate = "1957-09-15"; + String bpkMandate = RandomStringUtils.randomAlphanumeric(10); + + // set nat. person mandate information + pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate); + + // execute test + EaafAuthenticationException error = assertThrows(EaafAuthenticationException.class, + () -> authenticationDataBuilder.buildAuthenticationData(pendingReq)); + Assert.assertEquals("wrong errorId", "builder.11", error.getErrorId()); + + } + + @Test + public void eidMode() throws EaafAuthenticationException, EaafStorageException { + // initialize state + boolean isTestIdentity = RandomUtils.nextBoolean(); + pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, authBlock); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, eidasBind); + + // execute + IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); + + // validate state + Assert.assertNotNull("AuthData null", authData); + Assert.assertNotNull("authBlock null", authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class)); + Assert.assertNotNull("eidasBind null", authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class)); + Assert.assertNotNull("LoA null", authData.getEidasQaaLevel()); + Assert.assertEquals("testIdentity flag", + isTestIdentity ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY, + ((EidAuthenticationData)authData).getEidStatus()); + + String authBlock = authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class); + String eidasBind = authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class); + + Assert.assertEquals("authBlock not equal", this.authBlock, authBlock); + Assert.assertEquals("eidasBind not equal", this.eidasBind, eidasBind); + Assert.assertEquals("piiTransactionId", + authData.getGenericData(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, String.class), + this.pendingReq.getUniquePiiTransactionIdentifier()); + Assert.assertNotNull("assertion validTo", authData.getSsoSessionValidTo()); + Assert.assertEquals("LoA", pendingReq.getSessionData(AuthProcessDataWrapper.class).getQaaLevel(), + authData.getEidasQaaLevel()); + Assert.assertEquals("EID-ISSUING-NATION", + pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession( + PvpAttributeDefinitions.EID_ISSUING_NATION_NAME), + authData.getCiticenCountryCode()); + + Assert.assertNull("bPK", authData.getBpk()); + Assert.assertNull("bPKType", authData.getBpkType()); + Assert.assertNull("FamilyName", authData.getFamilyName()); + Assert.assertNull("GivenName", authData.getGivenName()); + Assert.assertNull("DateOfBirth", authData.getDateOfBirth()); + Assert.assertNull("baseId", authData.getIdentificationValue()); + Assert.assertNull("baseIdType", authData.getIdentificationType()); + Assert.assertNull("IDL", authData.getIdentityLink()); + + } + + @Test + public void moaIdMode() throws EaafAuthenticationException, EaafBuilderException { + //initialize state + boolean isTestIdentity = RandomUtils.nextBoolean(); + pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(false); + IIdentityLink idl = buildDummyIdl(); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setIdentityLink(idl); + + //execute + IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); + + //validate state + Assert.assertNotNull("AuthData null", authData); + Assert.assertNull("authBlock null", authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class)); + Assert.assertNull("eidasBind null", authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class)); + Assert.assertNull("piiTransactionId", + authData.getGenericData(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, String.class)); + + Assert.assertEquals("testIdentity flag", + isTestIdentity ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY, + ((EidAuthenticationData)authData).getEidStatus()); + + Assert.assertNotNull("assertion validTo", authData.getSsoSessionValidTo()); + Assert.assertNotNull("LoA null", authData.getEidasQaaLevel()); + Assert.assertEquals("LoA", pendingReq.getSessionData(AuthProcessDataWrapper.class).getQaaLevel(), + authData.getEidasQaaLevel()); + Assert.assertEquals("EID-ISSUING-NATION", + pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession( + PvpAttributeDefinitions.EID_ISSUING_NATION_NAME), + authData.getCiticenCountryCode()); + + Assert.assertEquals("FamilyName", idl.getFamilyName(), authData.getFamilyName()); + Assert.assertEquals("GivenName", idl.getGivenName(), authData.getGivenName()); + Assert.assertEquals("DateOfBirth", idl.getDateOfBirth(), authData.getDateOfBirth()); + Assert.assertEquals("bPK", + BpkBuilder.generateAreaSpecificPersonIdentifier( + idl.getIdentificationValue(), EaafConstants.URN_PREFIX_CDID + "XX").getFirst(), + authData.getBpk()); + Assert.assertEquals("bPKType", EaafConstants.URN_PREFIX_CDID + "XX", authData.getBpkType()); + Assert.assertNotNull("IDL", authData.getIdentityLink()); + + + } + + private void injectRepresentativeInfosIntoSession() throws EaafStorageException { + boolean isTestIdentity = RandomUtils.nextBoolean(); + pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); + + String givenName = RandomStringUtils.randomAlphabetic(10); + String familyName = RandomStringUtils.randomAlphabetic(10); + String dateOfBirth = "1956-12-08"; + String bpk = RandomStringUtils.randomAlphanumeric(10); + String cc = pendingReq.getSessionData(AuthProcessDataWrapper.class) + .getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class); + String spC = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + cc + "+" + spC); + + pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setForeigner(false); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.GIVEN_NAME_NAME, givenName); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, familyName); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.BIRTHDATE_NAME, dateOfBirth); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, bpk); + + //set LoA level attribute instead of explicit session-data + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, + pendingReq.getSessionData(AuthProcessDataWrapper.class).getQaaLevel()); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setQaaLevel(null); + + } + + private void checkGenericAttribute(IAuthData authData, String attrName, String expected) { + assertEquals("Wrong: " + attrName, expected, authData.getGenericData(attrName, String.class)); + + } + + private IIdentityLink buildDummyIdl() { + return new IIdentityLink() { + + String familyName = RandomStringUtils.randomAlphabetic(10); + String givenName = RandomStringUtils.randomAlphabetic(10); + String dateOfBirth = "1955-02-03"; + String baseId = RandomStringUtils.randomAlphanumeric(20); + String saml2Serialized = RandomStringUtils.randomAlphanumeric(150); + + + + @Override + public void setSamlAssertion(Element arg0) throws TransformerException, IOException { + + } + + @Override + public void setPublicKey(PublicKey[] arg0) { + // TODO Auto-generated method stub + + } + + @Override + public void setPrPerson(Element arg0) { + // TODO Auto-generated method stub + + } + + @Override + public void setIssueInstant(String arg0) { + // TODO Auto-generated method stub + + } + + @Override + public void setIdentificationValue(String arg0) { + // TODO Auto-generated method stub + + } + + @Override + public void setIdentificationType(String arg0) { + // TODO Auto-generated method stub + + } + + @Override + public void setGivenName(String arg0) { + // TODO Auto-generated method stub + + } + + @Override + public void setFamilyName(String arg0) { + // TODO Auto-generated method stub + + } + + @Override + public void setDsigReferenceTransforms(Element[] arg0) { + // TODO Auto-generated method stub + + } + + @Override + public void setDateOfBirth(String arg0) { + // TODO Auto-generated method stub + + } + + @Override + public String getSerializedSamlAssertion() { + return this.saml2Serialized; + } + + @Override + public Element getSamlAssertion() { + IIdentityLink fullIdl; + try { + fullIdl = new SimpleIdentityLinkAssertionParser( + AuthenticationDataBuilderTest.class.getResourceAsStream("/data/test_idl_1.xml")).parseIdentityLink(); + return fullIdl.getSamlAssertion(); + + } catch (EaafParserException e) { + e.printStackTrace(); + } + + return null; + + } + + @Override + public PublicKey[] getPublicKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Element getPrPerson() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Date getIssueInstantDate() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getIssueInstant() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getIdentificationValue() { + return this.baseId; + } + + @Override + public String getIdentificationType() { + return EaafConstants.URN_PREFIX_BASEID; + } + + @Override + public String getGivenName() { + return this.givenName; + } + + @Override + public String getFamilyName() { + return this.familyName; + } + + @Override + public Element[] getDsigReferenceTransforms() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDateOfBirth() { + return this.dateOfBirth; + + } + }; + } + +} diff --git a/core_common_webapp/src/test/resources/config/junit_config_1_springboot.properties b/core_common_webapp/src/test/resources/config/junit_config_1_springboot.properties new file mode 100644 index 00000000..991036fe --- /dev/null +++ b/core_common_webapp/src/test/resources/config/junit_config_1_springboot.properties @@ -0,0 +1,113 @@ +## embbeded Tomcat +tomcat.workingdir=./target/work +tomcat.ajp.enabled=true +tomcat.ajp.port=8009 +tomcat.ajp.networkAddress=127.0.0.1 +tomcat.ajp.additionalAttributes.secretrequired=true +tomcat.ajp.additionalAttributes.secret=junit + +## Basic service configuration +eidas.ms.context.url.prefix=http://localhost +eidas.ms.core.configRootDir=file:./src/test/resources/config/ + +eidas.ms.context.use.clustermode=true + +##Monitoring +eidas.ms.monitoring.eIDASNode.metadata.url=http://localhost:40900/mockup + +## extended validation of pending-request Id's +eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret + +## eIDAS Ref. Implementation connector ### +eidas.ms.auth.eIDAS.node_v2.forward.endpoint=http://eidas.node/junit + +eidas.ms.auth.eIDAS.szrclient.useTestService=true +eidas.ms.auth.eIDAS.szrclient.endpoint.prod= +eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/junit.jks +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password=password +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password= + +#tech. AuthBlock signing for E-ID process +eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s +eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair +eidas.ms.auth.eIDAS.authblock.keystore.path=keys/teststore.jks +eidas.ms.auth.eIDAS.authblock.keystore.type=jks +eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair +eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s + + +#Raw eIDAS Id data storage +eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true +eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false + + +## PVP2 S-Profile end-point configuration +eidas.ms.pvp2.keystore.type=jks +eidas.ms.pvp2.keystore.path=keys/junit.jks +eidas.ms.pvp2.keystore.password=password +eidas.ms.pvp2.key.metadata.alias=meta +eidas.ms.pvp2.key.metadata.password=password +eidas.ms.pvp2.key.signing.alias=sig +eidas.ms.pvp2.key.signing.password=password +eidas.ms.pvp2.metadata.validity=24 + +eidas.ms.pvp2.metadata.organisation.name=JUnit +eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.pvp2.metadata.organisation.url=http://junit.test +eidas.ms.pvp2.metadata.contact.givenname=Max +eidas.ms.pvp2.metadata.contact.surname=Mustermann +eidas.ms.pvp2.metadata.contact.email=max@junit.test + +## Service Provider configuration +eidas.ms.sp.0.uniqueID=https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata +eidas.ms.sp.0.pvp2.metadata.truststore=keys/junit.jks +eidas.ms.sp.0.pvp2.metadata.truststore.password=password +eidas.ms.sp.0.friendlyName=jUnit test +eidas.ms.sp.0.newEidMode=true + +#eidas.ms.sp.0.pvp2.metadata.url= +#eidas.ms.sp.0.policy.allowed.requested.targets=.* +#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false + +## Service Provider configuration +eidas.ms.sp.1.uniqueID=https://demo.egiz.gv.at/junit_test +eidas.ms.sp.1.pvp2.metadata.truststore=keys/junit.jks +eidas.ms.sp.1.pvp2.metadata.truststore.password=password +eidas.ms.sp.1.friendlyName=jUnit test +eidas.ms.sp.1.pvp2.metadata.url=http://junit.test/metadata +eidas.ms.sp.1.policy.allowed.requested.targets=test +eidas.ms.sp.1.policy.hasBaseIdTransferRestriction=true + + + +#### eIDAS ms-specific Proxy-Service configuration +eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy +eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://eidas.proxy/endpoint + + +## PVP2 S-Profile communication with ID Austria System +# EntityId and optional metadata of ID Austria System +eidas.ms.modules.idaustriaauth.idp.entityId=http://junit.idaustria.at/idp +#eidas.ms.modules.idaustriaauth.idp.metadataUrl=http://junit.idaustria.at/idp/metadata + +# SAML2 client configuration +eidas.ms.modules.idaustriaauth.keystore.type=jks +#eidas.ms.modules.idaustriaauth.keystore.name= +eidas.ms.modules.idaustriaauth.keystore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaauth.keystore.password=password +eidas.ms.modules.idaustriaauth.metadata.sign.alias=meta +eidas.ms.modules.idaustriaauth.metadata.sign.password=password +eidas.ms.modules.idaustriaauth.request.sign.alias=sig +eidas.ms.modules.idaustriaauth.request.sign.password=password +eidas.ms.modules.idaustriaauth.response.encryption.alias=enc +eidas.ms.modules.idaustriaauth.response.encryption.password=password + +# TrustStore to validate SAML2 metadata from ID Austria +eidas.ms.modules.idaustriaauth.truststore.type=jks +eidas.ms.modules.idaustriaauth.truststore.name= +eidas.ms.modules.idaustriaauth.truststore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaauth.truststore.password=password + + diff --git a/core_common_webapp/src/test/resources/config/junit_config_2_springboot.properties b/core_common_webapp/src/test/resources/config/junit_config_2_springboot.properties new file mode 100644 index 00000000..de887fe6 --- /dev/null +++ b/core_common_webapp/src/test/resources/config/junit_config_2_springboot.properties @@ -0,0 +1,113 @@ +## embbeded Tomcat +tomcat.workingdir=./target/work +tomcat.ajp.enabled=true +tomcat.ajp.port=8009 +tomcat.ajp.networkAddress=127.0.0.1 +tomcat.ajp.additionalAttributes.secretrequired=true +tomcat.ajp.additionalAttributes.secret=junit + +## Basic service configuration +eidas.ms.context.url.prefix=http://localhost +eidas.ms.core.configRootDir=file:./src/test/resources/config/ + +eidas.ms.context.use.clustermode=true + +##Monitoring +eidas.ms.monitoring.eIDASNode.metadata.url= + +## extended validation of pending-request Id's +eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret + +## eIDAS Ref. Implementation connector ### +eidas.ms.auth.eIDAS.node_v2.forward.endpoint=http://eidas.node/junit + +eidas.ms.auth.eIDAS.szrclient.useTestService=true +eidas.ms.auth.eIDAS.szrclient.endpoint.prod= +eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/junit.jks +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password=password +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password= + +#tech. AuthBlock signing for E-ID process +eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s +eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair +eidas.ms.auth.eIDAS.authblock.keystore.path=keys/teststore.jks +eidas.ms.auth.eIDAS.authblock.keystore.type=jks +eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair +eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s + + +#Raw eIDAS Id data storage +eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true +eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false + + + +## PVP2 S-Profile end-point configuration +eidas.ms.pvp2.keystore.type=jks +eidas.ms.pvp2.keystore.path=keys/junit.jks +eidas.ms.pvp2.keystore.password=password +eidas.ms.pvp2.key.metadata.alias=meta +eidas.ms.pvp2.key.metadata.password=password +eidas.ms.pvp2.key.signing.alias=sig +eidas.ms.pvp2.key.signing.password=password +eidas.ms.pvp2.metadata.validity=24 + +eidas.ms.pvp2.metadata.organisation.name=JUnit +eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.pvp2.metadata.organisation.url=http://junit.test +eidas.ms.pvp2.metadata.contact.givenname=Max +eidas.ms.pvp2.metadata.contact.surname=Mustermann +eidas.ms.pvp2.metadata.contact.email=max@junit.test + +## Service Provider configuration +eidas.ms.sp.0.uniqueID=https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata +eidas.ms.sp.0.pvp2.metadata.truststore=keys/junit.jks +eidas.ms.sp.0.pvp2.metadata.truststore.password=password +eidas.ms.sp.0.friendlyName=jUnit test +eidas.ms.sp.0.newEidMode=true + +#eidas.ms.sp.0.pvp2.metadata.url= +#eidas.ms.sp.0.policy.allowed.requested.targets=.* +#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false + +## Service Provider configuration +eidas.ms.sp.1.uniqueID=https://demo.egiz.gv.at/junit_test +eidas.ms.sp.1.pvp2.metadata.truststore=keys/junit.jks +eidas.ms.sp.1.pvp2.metadata.truststore.password=password +eidas.ms.sp.1.friendlyName=jUnit test +eidas.ms.sp.1.pvp2.metadata.url=http://junit.test/metadata +eidas.ms.sp.1.policy.allowed.requested.targets=test +eidas.ms.sp.1.policy.hasBaseIdTransferRestriction=true + + + +#### eIDAS ms-specific Proxy-Service configuration +eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy +eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://eidas.proxy/endpoint + + +## PVP2 S-Profile communication with ID Austria System +# EntityId and optional metadata of ID Austria System +eidas.ms.modules.idaustriaauth.idp.entityId=http://junit.idaustria.at/idp +#eidas.ms.modules.idaustriaauth.idp.metadataUrl=http://junit.idaustria.at/idp/metadata + +# SAML2 client configuration +eidas.ms.modules.idaustriaauth.keystore.type=jks +#eidas.ms.modules.idaustriaauth.keystore.name= +eidas.ms.modules.idaustriaauth.keystore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaauth.keystore.password=password +eidas.ms.modules.idaustriaauth.metadata.sign.alias=meta +eidas.ms.modules.idaustriaauth.metadata.sign.password=password +eidas.ms.modules.idaustriaauth.request.sign.alias=sig +eidas.ms.modules.idaustriaauth.request.sign.password=password +eidas.ms.modules.idaustriaauth.response.encryption.alias=enc +eidas.ms.modules.idaustriaauth.response.encryption.password=password + +# TrustStore to validate SAML2 metadata from ID Austria +eidas.ms.modules.idaustriaauth.truststore.type=jks +eidas.ms.modules.idaustriaauth.truststore.name= +eidas.ms.modules.idaustriaauth.truststore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaauth.truststore.password=password + diff --git a/core_common_webapp/src/test/resources/config/junit_config_3.properties b/core_common_webapp/src/test/resources/config/junit_config_3.properties new file mode 100644 index 00000000..b4de5aa9 --- /dev/null +++ b/core_common_webapp/src/test/resources/config/junit_config_3.properties @@ -0,0 +1,148 @@ +## Basic service configuration +eidas.ms.context.url.prefix= +eidas.ms.context.url.request.validation=false +eidas.ms.core.configRootDir=file:./src/test/resources/config/ + +eidas.ms.context.use.clustermode=true + +##Monitoring +eidas.ms.monitoring.eIDASNode.metadata.url= + + +##Specific logger configuration +eidas.ms.technicallog.write.MDS.into.techlog=true +eidas.ms.revisionlog.write.MDS.into.revisionlog=true +eidas.ms.revisionlog.logIPAddressOfUser=true + +##Directory for static Web content +eidas.ms.webcontent.static.directory=webcontent/ +eidas.ms.webcontent.templates=templates/ +eidas.ms.webcontent.properties=properties/messages +eidas.ms.webcontent.templates.countryselection=countrySelection.html + +## extended validation of pending-request Id's +eidas.ms.core.pendingrequestid.maxlifetime=300 +eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256 +eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret + +## eIDAS Ref. Implementation connector ### +eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector +eidas.ms.auth.eIDAS.node_v2.forward.endpoint= +eidas.ms.auth.eIDAS.node_v2.forward.method=POST +eidas.ms.auth.eIDAS.node_v2.countrycode=AT +eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.* +eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true +eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true +eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true + +eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/substantial + +eidas.ms.auth.eIDAS.szrclient.useTestService=true +eidas.ms.auth.eIDAS.szrclient.endpoint.prod= +eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/junit.jks +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password=password +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password= +eidas.ms.auth.eIDAS.szrclient.timeout.connection=15 +eidas.ms.auth.eIDAS.szrclient.timeout.response=30 +eidas.ms.auth.eIDAS.szrclient.params.vkz= + +eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false + + +#Raw eIDAS Id data storage +eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true + +eidas.ms.auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true +eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true + +eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true +eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=true + +##without mandates +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.3=DateOfBirth,true + +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.4=PlaceOfBirth,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.5=BirthName,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.6=Gender,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.7=CurrentAddress,false + +##with mandates ---- NOT FULLY SUPPORTED AT THE MOMENT ----- +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.3=DateOfBirth,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true + + +## PVP2 S-Profile end-point configuration +eidas.ms.pvp2.keystore.type=jks +eidas.ms.pvp2.keystore.path=keys/junit.jks +eidas.ms.pvp2.keystore.password=password +eidas.ms.pvp2.key.metadata.alias= +eidas.ms.pvp2.key.metadata.password= +eidas.ms.pvp2.key.signing.alias= +eidas.ms.pvp2.key.signing.password= +eidas.ms.pvp2.metadata.validity=24 + +eidas.ms.pvp2.metadata.organisation.name=JUnit +eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.pvp2.metadata.organisation.url=http://junit.test +eidas.ms.pvp2.metadata.contact.givenname=Max +eidas.ms.pvp2.metadata.contact.surname=Mustermann +eidas.ms.pvp2.metadata.contact.email=max@junit.test + +## Service Provider configuration +eidas.ms.sp.0.uniqueID= +eidas.ms.sp.0.pvp2.metadata.truststore=keys/junit.jks +eidas.ms.sp.0.pvp2.metadata.truststore.password=password +eidas.ms.sp.0.newEidMode=true + +#eidas.ms.sp.0.friendlyName= +#eidas.ms.sp.0.pvp2.metadata.url= +#eidas.ms.sp.0.policy.allowed.requested.targets=.* +#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false + + + +#### eIDAS ms-specific Proxy-Service configuration +eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy +eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://eidas.proxy/endpoint + + +## PVP2 S-Profile communication with ID Austria System +# EntityId and optional metadata of ID Austria System +eidas.ms.modules.idaustriaauth.idp.entityId=http://junit.idaustria.at/idp +#eidas.ms.modules.idaustriaauth.idp.metadataUrl=http://junit.idaustria.at/idp/metadata + +# SAML2 client configuration +eidas.ms.modules.idaustriaauth.keystore.type=jks +#eidas.ms.modules.idaustriaauth.keystore.name= +eidas.ms.modules.idaustriaauth.keystore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaauth.keystore.password=password +eidas.ms.modules.idaustriaauth.metadata.sign.alias=meta +eidas.ms.modules.idaustriaauth.metadata.sign.password=password +eidas.ms.modules.idaustriaauth.request.sign.alias=sig +eidas.ms.modules.idaustriaauth.request.sign.password=password +eidas.ms.modules.idaustriaauth.response.encryption.alias=enc +eidas.ms.modules.idaustriaauth.response.encryption.password=password + +# TrustStore to validate SAML2 metadata from ID Austria +eidas.ms.modules.idaustriaauth.truststore.type=jks +eidas.ms.modules.idaustriaauth.truststore.name= +eidas.ms.modules.idaustriaauth.truststore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaauth.truststore.password=password + + + +##only for advanced config +eidas.ms.configuration.sp.disableRegistrationRequirement= +eidas.ms.configuration.restrictions.baseID.spTransmission= +eidas.ms.configuration.auth.default.countrycode= +eidas.ms.configuration.pvp.scheme.validation= +eidas.ms.configuration.pvp.enable.entitycategories= \ No newline at end of file diff --git a/core_common_webapp/src/test/resources/config/log4j.properties b/core_common_webapp/src/test/resources/config/log4j.properties new file mode 100644 index 00000000..4426ea7e --- /dev/null +++ b/core_common_webapp/src/test/resources/config/log4j.properties @@ -0,0 +1,54 @@ +# commons-logging setup +org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory + +# define log4j root loggers +log4j.rootLogger=warn,stdout, console + +log4j.logger.at.gv.egiz.eidas.specific=info, msnode +log4j.logger.at.gv.egiz.eidas.specific.connector.logger.RevisionLogger=info, reversion +log4j.logger.at.gv.egiz.eidas.specific.connector.logger.StatisticLogger=info, statistic +log4j.logger.eu.eidas=info, EIDASNODE + +log4j.additivity.at.gv.egiz.eidas.specific=false +log4j.additivity.at.gv.egiz.eidas.specific.connector.logger.RevisionLogger=false +log4j.additivity.at.gv.egiz.eidas.specific.connector.logger.StatisticLogger=false +log4j.additivity.eu.eidas=false + +log4j.appender.console=org.apache.log4j.ConsoleAppender +log4j.appender.console.layout=org.apache.log4j.PatternLayout +log4j.appender.console.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n + +log4j.appender.stdout=org.apache.log4j.RollingFileAppender +log4j.appender.stdout.File=${catalina.base}/logs/console.log +log4j.appender.stdout.MaxFileSize=10000KB +log4j.appender.stdout.MaxBackupIndex=9999 +log4j.appender.stdout.layout=org.apache.log4j.PatternLayout +log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n + +log4j.appender.msnode=org.apache.log4j.RollingFileAppender +log4j.appender.msnode.File=${catalina.base}/logs/eidas-ms-reversion.log +log4j.appender.msnode.MaxFileSize=10000KB +log4j.appender.msnode.MaxBackupIndex=9999 +log4j.appender.msnode.layout=org.apache.log4j.PatternLayout +log4j.appender.msnode.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n + +log4j.appender.reversion=org.apache.log4j.RollingFileAppender +log4j.appender.reversion.File=${catalina.base}/logs/eidas-ms-reversion.log +log4j.appender.reversion.MaxFileSize=10000KB +log4j.appender.reversion.MaxBackupIndex=9999 +log4j.appender.reversion.layout=org.apache.log4j.PatternLayout +log4j.appender.reversion.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n + +log4j.appender.statistic=org.apache.log4j.RollingFileAppender +log4j.appender.statistic.File=${catalina.base}/logs/eidas-ms-statistic.log +log4j.appender.statistic.MaxFileSize=10000KB +log4j.appender.statistic.MaxBackupIndex=9999 +log4j.appender.statistic.layout=org.apache.log4j.PatternLayout +log4j.appender.statistic.layout.ConversionPattern=%m%n + +log4j.appender.EIDASNODE=org.apache.log4j.RollingFileAppender +log4j.appender.EIDASNODE.File=${catalina.base}/logs/eIDAS_node.log +log4j.appender.EIDASNODE.MaxFileSize=10000KB +log4j.appender.EIDASNODE.MaxBackupIndex=9999 +log4j.appender.EIDASNODE.layout=org.apache.log4j.PatternLayout +log4j.appender.EIDASNODE.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n \ No newline at end of file diff --git a/core_common_webapp/src/test/resources/data/metadata_valid.xml b/core_common_webapp/src/test/resources/data/metadata_valid.xml new file mode 100644 index 00000000..06e1e785 --- /dev/null +++ b/core_common_webapp/src/test/resources/data/metadata_valid.xml @@ -0,0 +1,106 @@ + + + + + + + + + + + + + 00SaL0XjeknOb/DttutP50lTyAux1jaRPJIVdSupWvU= + + + PfEBmLMX/ZgL6ViXghyWtal5MaMoW8k3zjw+54+WK1OAtVsVgOsIDRJE0M/a/VXBbMSifgY6J1gN23xhr61jkrjRQEkbDzLpWZLzWAJ65YqqUQo8wsKI2Gz0j12yY5D8/GOamKOH9KDi5ba1veXR/fnxRINoy7nZo4tcUWZChdl8BWkMN5ugr6dORNIQg/Ym3GabQ/hR5z+9FmveAKphdH63MC6qW3EgM9EMvOVkrLBTP92sNMAAJeaawui9tlxi9anVQ0OqwZsgKLvI7fyV4CM/0sd/ELjeReIlWlHk07Nz4eltMq3eOx3q1YurYvhE8XapHiQMehOtCS+Fzh10sw== + + + MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH +SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W +ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w +CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ +RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq +UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ +M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F +Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt +1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq +nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC +VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq +itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc +2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O +fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy +4jpXrp77JXFRSDWddb0yePc= + + + + + + + + MIIBbTCCARKgAwIBAgIEXjF+qTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJBVDEN +MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw +HhcNMjAwMTI5MTI0NjMzWhcNMjcwMTI4MTI0NjMzWjA+MQswCQYDVQQGEwJBVDEN +MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASRt7gZRrr4rSEE7Q922oKQJF+mlkwC +LZnv8ZzHtH54s4VdyQFIBjQF1PPf9PTn+5tid8QJehZPndcoeD7J8fPJMAoGCCqG +SM49BAMCA0kAMEYCIQDFUO0owvqMVRO2FmD+vb8mqJBpWCE6Cl5pEHaygTa5LwIh +ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L + + + + + + + MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH +SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W +ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w +CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ +RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq +UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ +M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F +Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt +1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq +nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC +VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq +itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc +2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O +fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy +4jpXrp77JXFRSDWddb0yePc= + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + + + + Default Service + + + + + + + + + + + + + + + + + + EGIZ + E-Government Innovationszentrum + http://www.egiz.gv.at + + + E-Government Innovationszentrum + Lenz + Thomas + thomas.lenz@egiz.gv.at + +43 316 873 5525 + + diff --git a/core_common_webapp/src/test/resources/data/test_idl_1.xml b/core_common_webapp/src/test/resources/data/test_idl_1.xml new file mode 100644 index 00000000..8151468b --- /dev/null +++ b/core_common_webapp/src/test/resources/data/test_idl_1.xml @@ -0,0 +1,46 @@ + + + + + urn:oasis:names:tc:SAML:1.0:cm:sender-vouches + + AT/CZ/xWE0vFWarzpzSL4LYlpst9b6vg0=urn:publicid:gv.at:eidasid+AT+CZXXXMaria-Theresia KunigundaXXXHabsburg-Lothringen1980-02-29 + + + + 1BFOitiQUc1lAHDGksneXWZGKGaFBcu03HEiIFsjHjNt/IfRZ4IzqHotUKItxnCdNtsFc1MkMJg+ +g0AXHsuU6MNgcbcXPaPfmHp+8+BJh+amDF3FnAN4ceG8oFAGVEZteOgfdWk1r5RQ2SK+0PuXPuLp +Tee7IzXtksReZkVEadUCxn/hiRXZa0dABgkFe3kSXbDr5tKXOF0FCtLKhZBI9z+NbX+aTSKOmAOq +4jyymoo5EP3L+iPecrUwHijD0Bm89h1JjxP521fkYe3Si+0J40okrmCCQHBr+IzB1uX98pKhvs7X +6rPjOJ6lBwP7XjK7D128P/cg4eH6v58cCfbLcQ==AQAB + +E+BXH0C2F6EYHjdJrOUKr+DsKT8=Hvj40m9ridp2HOz81MTAqzf0q+sZC5YeKpJP43eK5G1HNH1/DNGU/r/6IVPibU9Y +YGYJoXpznxRFibEQ6dFCHAaNPyADmdGHyJSWryI5ypAap4Y8MJnaUGSWY49IZbht +PjfKWB2jUNzj1T2u6ebIifAThAK8ZqIE+e5uaR+qrrLicxIhXcSZoyScbKxMuT1Q +p6zNsNBOHujbVAfKFUE8WmGInyvuoDgerUrA0XstWWg2M9ghytcDJwZpTYwXvmmo +GV47ue0ITrtM+QqWVbt+dHO8369JFnGQ9h/6h/4j9iyNuxfG7u/EyHQiSuy0+FP8 +1lkLsg1YX+2pN0HElyXVqw==MIIEqzCCBBSgAwIBAgIHANux81oNezANBgkqhkiG9w0BAQUFADBAMSIwIAYDVQQD +ExlJQUlLIFRlc3QgSW50ZXJtZWRpYXRlIENBMQ0wCwYDVQQKEwRJQUlLMQswCQYD +VQQGEwJBVDAeFw0xMzA5MjcwNTMzMzdaFw0yMzA5MjcwNTMzMzdaMIHkMQswCQYD +VQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5 +IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJ +bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEUMBIGA1UE +BBMLTU9BLVNTIFRlc3QxGDAWBgNVBCoTD0VHSVogVGVzdHBvcnRhbDEkMCIGA1UE +AxMbRUdJWiBUZXN0cG9ydGFsIE1PQS1TUyBUZXN0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAuDjOyf+mY+oQL2FQzzuaiC8C23vVKbq/n2Zi7BqSibZH +mtqMJfmj4pT+hWSNHvVvWsaxFcx4KeNqdCMzwnw1r4P3Sf+2o5uFku5KHEMLMokR +yYQG9VqY/KkB94ye7Pv6zT8gvKqxGFg96UamECep4swPaSZrA8AOER5WAtyGDzKI +Tz+a5zfFaTXDoba7f98PCWR96yKiFjVOhzp38WVz4VJgz+b8ZSY7Xsv5Kn7DXjOL +STX4MevFLki3rFPup3+4vGToaMBW3PEj67HXBdqR855Le6+E6rVxORqsXqlVwhsI +6nuS0CO2LWYmBNR1IB0mXteeYH/HfxvuZc+7yDjdPQIDAQABo4IBhDCCAYAwDgYD +VR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEmcH6VY4BG1EAGB +TLoNR9vH/g6yMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9jcmxzL0lBSUtUZXN0X0ludGVybWVkaWF0ZUNBLmNybDCBqgYI +KwYBBQUHAQEEgZ0wgZowSgYIKwYBBQUHMAGGPmh0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9PQ1NQP2NhPUlBSUtUZXN0X0ludGVybWVkaWF0ZUNBMEwGCCsG +AQUFBzAChkBodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY2Fwc28vY2VydHMvSUFJ +S1Rlc3RfSW50ZXJtZWRpYXRlQ0EuY2VyMCEGA1UdEQQaMBiBFnRob21hcy5sZW56 +QGVnaXouZ3YuYXQwHwYDVR0jBBgwFoAUaKJeEdreL4BrRES/jfplNoEkp28wDQYJ +KoZIhvcNAQEFBQADgYEAlFGjUxXLs7SAT8NtXSrv2WrjlklaRnHTFHLQwyVo8JWb +gvRkHHDUv2o8ofXUY2R2WJ38dxeDoccgbXrJb/Qhi8IY7YhCwv/TuIZDisyAqo8W +ORKSip/6HWlGCSR/Vgoet1GtCmF0FoUxFUIGSAuQ2yyt4fIzt5GJrU1X5ujjI1w= \ No newline at end of file diff --git a/core_common_webapp/src/test/resources/spring/SpringTest-context_basic_test.xml b/core_common_webapp/src/test/resources/spring/SpringTest-context_basic_test.xml new file mode 100644 index 00000000..bf2c78ac --- /dev/null +++ b/core_common_webapp/src/test/resources/spring/SpringTest-context_basic_test.xml @@ -0,0 +1,22 @@ + + + + + + + + + + + + \ No newline at end of file diff --git a/core_common_webapp/src/test/resources/spring/SpringTest-context_healthcheck.xml b/core_common_webapp/src/test/resources/spring/SpringTest-context_healthcheck.xml new file mode 100644 index 00000000..5a37b98f --- /dev/null +++ b/core_common_webapp/src/test/resources/spring/SpringTest-context_healthcheck.xml @@ -0,0 +1,22 @@ + + + + + + + + + + + + \ No newline at end of file diff --git a/core_common_webapp/src/test/resources/spring/SpringTest-context_simple_storage.xml b/core_common_webapp/src/test/resources/spring/SpringTest-context_simple_storage.xml new file mode 100644 index 00000000..966d317a --- /dev/null +++ b/core_common_webapp/src/test/resources/spring/SpringTest-context_simple_storage.xml @@ -0,0 +1,15 @@ + + + + + + \ No newline at end of file diff --git a/core_common_webapp/src/test/resources/spring/SpringTest_core.beans.xml b/core_common_webapp/src/test/resources/spring/SpringTest_core.beans.xml new file mode 100644 index 00000000..e66ac987 --- /dev/null +++ b/core_common_webapp/src/test/resources/spring/SpringTest_core.beans.xml @@ -0,0 +1,70 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/core_common_webapp/src/test/resources/spring/SpringTest_core_config.beans.xml b/core_common_webapp/src/test/resources/spring/SpringTest_core_config.beans.xml new file mode 100644 index 00000000..2da610f0 --- /dev/null +++ b/core_common_webapp/src/test/resources/spring/SpringTest_core_config.beans.xml @@ -0,0 +1,25 @@ + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml index 7d1f9d5b..f16edb2d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/pom.xml +++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml @@ -144,7 +144,7 @@ at.asitplus.eidas.ms_specific - connector_lib + core_common_lib test test-jar diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 4c184d16..a554bf57 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -181,11 +181,6 @@ public class Constants { // Default values for SZR communication public static final String SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE = "ELEKTR_DOKUMENT"; - // AuthBlock - public static final String SZR_AUTHBLOCK = "authData_AUTHBLOCK"; - public static final String EIDAS_BIND = "authData_EIDAS_BIND"; - - // TODO remove!!! public static final String SZR_CONSTANTS_DEFAULT_ISSUING_DATE = "2014-01-01"; public static final String SZR_CONSTANTS_DEFAULT_ISSUING_AUTHORITY = "ms-specific eIDAS-Node for AT"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationModulImpl.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationModulImpl.java index 9a2d49f3..85f0873e 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationModulImpl.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationModulImpl.java @@ -27,7 +27,7 @@ import java.io.Serializable; import org.apache.commons.lang3.StringUtils; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java index 5421bb5c..098e76ce 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java @@ -28,7 +28,7 @@ import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateTimeDeserializer; import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateTimeSerializer; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index f4849b07..6b1b96de 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -44,8 +44,8 @@ import org.xml.sax.SAXException; import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; -import at.asitplus.eidas.specific.connector.MsConnectorEventCodes; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.MsConnectorEventCodes; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; @@ -161,12 +161,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { authBlockSigner.getBase64EncodedPublicKey(), EID_STATUS, eidData); revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_EIDASBIND_RECEIVED); - authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind); + authProcessData.setGenericDataToSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, signedEidasBind); //get signed AuthBlock String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq); revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.TECH_AUCHBLOCK_CREATED); - authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature); + authProcessData.setGenericDataToSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, jwsSignature); //inject personal-data into session authProcessData.setEidProcess(true); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java index d1e69e84..b43c1bc2 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java @@ -35,9 +35,9 @@ import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Component; import org.springframework.web.util.UriComponentsBuilder; -import at.asitplus.eidas.specific.connector.MsConnectorEventCodes; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.asitplus.eidas.specific.connector.gui.StaticGuiBuilderConfiguration; +import at.asitplus.eidas.specific.core.MsConnectorEventCodes; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java index c51add39..8d5df99f 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java @@ -29,8 +29,8 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.asitplus.eidas.specific.connector.MsConnectorEventCodes; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.MsConnectorEventCodes; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasAuthenticationModulImplTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasAuthenticationModulImplTest.java index 088c835c..86af87ad 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasAuthenticationModulImplTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasAuthenticationModulImplTest.java @@ -18,7 +18,7 @@ import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasAuthenticationModulImpl; import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasSignalServletTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasSignalServletTest.java index 62d5c556..0d9d4fb8 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasSignalServletTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasSignalServletTest.java @@ -1,6 +1,6 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test; -import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; +import static at.asitplus.eidas.specific.core.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; import java.io.IOException; import java.net.URISyntaxException; @@ -25,8 +25,8 @@ import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import org.springframework.web.servlet.config.annotation.EnableWebMvc; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummySpConfiguration; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummySpConfiguration; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java index 786b10de..4d9ae035 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java @@ -67,7 +67,7 @@ import com.fasterxml.jackson.databind.JsonMappingException; import com.fasterxml.jackson.databind.ObjectMapper; import com.github.skjolber.mockito.soap.SoapServiceRule; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java index 175f95e6..e1a29137 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java @@ -1,6 +1,6 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; -import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; +import static at.asitplus.eidas.specific.core.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; @@ -42,8 +42,8 @@ import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.github.skjolber.mockito.soap.SoapServiceRule; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; @@ -189,9 +189,9 @@ public class CreateIdentityLinkTaskEidNewTest { //check data in session final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); Assert.assertNotNull("AuthProcessData", authProcessData); - Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class)); + Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class)); - String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class); + String authBlock = authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class); Assert.assertNotNull("AuthBlock", authBlock); Assert.assertTrue("EID process", authProcessData.isEidProcess()); @@ -330,10 +330,10 @@ public class CreateIdentityLinkTaskEidNewTest { //check data in session final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); Assert.assertNotNull("AuthProcessData", authProcessData); - Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class)); + Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class)); // check authblock signature - String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class); + String authBlock = authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class); Assert.assertNotNull("AuthBlock", authBlock); final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT, BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()])); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java index e880178f..d6485158 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java @@ -1,6 +1,6 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; -import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; +import static at.asitplus.eidas.specific.core.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; import static org.mockito.ArgumentMatchers.any; import java.net.URISyntaxException; @@ -30,8 +30,8 @@ import org.springframework.web.context.request.ServletRequestAttributes; import com.github.skjolber.mockito.soap.SoapServiceRule; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; @@ -158,9 +158,9 @@ public class CreateIdentityLinkTaskTest { //check data in session final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); Assert.assertNotNull("AuthProcessData", authProcessData); - Assert.assertNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class)); + Assert.assertNull("eidasBind", authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class)); - String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class); + String authBlock = authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class); Assert.assertNull("AuthBlock", authBlock); Assert.assertFalse("EID process", authProcessData.isEidProcess()); @@ -210,9 +210,9 @@ public class CreateIdentityLinkTaskTest { //check data in session final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); Assert.assertNotNull("AuthProcessData", authProcessData); - Assert.assertNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class)); + Assert.assertNull("eidasBind", authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class)); - String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class); + String authBlock = authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class); Assert.assertNull("AuthBlock", authBlock); Assert.assertFalse("EID process", authProcessData.isEidProcess()); @@ -253,9 +253,9 @@ public class CreateIdentityLinkTaskTest { //check data in session final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); Assert.assertNotNull("AuthProcessData", authProcessData); - Assert.assertNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class)); + Assert.assertNull("eidasBind", authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class)); - String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class); + String authBlock = authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class); Assert.assertNull("AuthBlock", authBlock); Assert.assertFalse("EID process", authProcessData.isEidProcess()); @@ -361,9 +361,9 @@ public class CreateIdentityLinkTaskTest { //check data in session final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); Assert.assertNotNull("AuthProcessData", authProcessData); - Assert.assertNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class)); + Assert.assertNull("eidasBind", authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class)); - String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class); + String authBlock = authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class); Assert.assertNull("AuthBlock", authBlock); Assert.assertFalse("EID process", authProcessData.isEidProcess()); @@ -400,9 +400,9 @@ public class CreateIdentityLinkTaskTest { //check data in session final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); Assert.assertNotNull("AuthProcessData", authProcessData); - Assert.assertNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class)); + Assert.assertNull("eidasBind", authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class)); - String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class); + String authBlock = authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class); Assert.assertNull("AuthBlock", authBlock); Assert.assertFalse("EID process", authProcessData.isEidProcess()); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java index 624700f9..5ebe8225 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java @@ -21,8 +21,8 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java index 0e56e2b3..53a49bac 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java @@ -1,6 +1,6 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; -import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; +import static at.asitplus.eidas.specific.core.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; import java.net.URISyntaxException; import java.util.Arrays; @@ -23,9 +23,9 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummySpConfiguration; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummySpConfiguration; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java index 4a03fac1..9ee38296 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java @@ -37,7 +37,7 @@ import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService; import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasResponseValidatorTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasResponseValidatorTest.java index e0f15c8c..b1f1b164 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasResponseValidatorTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasResponseValidatorTest.java @@ -1,6 +1,6 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.validation; -import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; +import static at.asitplus.eidas.specific.core.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; import java.net.URISyntaxException; import java.util.Arrays; @@ -20,8 +20,8 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import com.google.common.collect.ImmutableSet; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummySpConfiguration; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummySpConfiguration; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasValidationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_mapConfig.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_mapConfig.xml index 3a9214fb..fe9ff441 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_mapConfig.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_mapConfig.xml @@ -12,7 +12,7 @@ + class="at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap"> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_realConfig.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_realConfig.xml index d4474056..79695f69 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_realConfig.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_realConfig.xml @@ -20,6 +20,6 @@ --> + class="at.asitplus.eidas.specific.core.config.SpringBootBasicConfigurationProvider" /> \ No newline at end of file diff --git a/eidas_modules/authmodule_id-austria/pom.xml b/eidas_modules/authmodule_id-austria/pom.xml index 748f0e43..1afa71df 100644 --- a/eidas_modules/authmodule_id-austria/pom.xml +++ b/eidas_modules/authmodule_id-austria/pom.xml @@ -65,13 +65,11 @@ org.powermock powermock-module-junit4 - 2.0.7 test org.powermock powermock-api-mockito2 - 2.0.7 test @@ -81,7 +79,7 @@ at.asitplus.eidas.ms_specific - connector_lib + core_common_lib test test-jar diff --git a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/IdAustriaAuthConstants.java b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/IdAustriaAuthConstants.java index afe7f962..57e5c706 100644 --- a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/IdAustriaAuthConstants.java +++ b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/IdAustriaAuthConstants.java @@ -6,6 +6,7 @@ import java.util.List; import java.util.Set; import java.util.stream.Collectors; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.impl.data.Triple; @@ -77,37 +78,7 @@ public class IdAustriaAuthConstants { */ public static final String CONFIG_PROPS_APPSPECIFIC_IDAUSTRIA_NODE_URL = "auth.idaustria.entityId"; - - public static final List> DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES = - Collections.unmodifiableList(new ArrayList>() { - private static final long serialVersionUID = 1L; - { - add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, - PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false)); - add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, - PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false)); - add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, - PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false)); - add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, - PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false)); - - } - }); - - public static final List> DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES = - Collections.unmodifiableList(new ArrayList>() { - private static final long serialVersionUID = 1L; - { - add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, - PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false)); - add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, - PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false)); - add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, - PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false)); - - } - }); - + public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES = Collections.unmodifiableList(new ArrayList>() { private static final long serialVersionUID = 1L; @@ -137,8 +108,8 @@ public class IdAustriaAuthConstants { PvpAttributeDefinitions.MANDATE_TYPE_FRIENDLY_NAME, false)); add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_TYPE_OID_NAME, PvpAttributeDefinitions.MANDATE_TYPE_OID_FRIENDLY_NAME, false)); - addAll(DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES); - addAll(DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES); + addAll(MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES); + addAll(MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES); } }); diff --git a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java index bd735a9d..e486b851 100644 --- a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java +++ b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java @@ -16,11 +16,11 @@ import org.opensaml.saml.saml2.core.StatusCode; import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; import org.springframework.beans.factory.annotation.Autowired; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants; import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider; import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthMetadataProvider; import at.asitplus.eidas.specific.modules.auth.idaustria.utils.Utils; -import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; @@ -309,7 +309,7 @@ public class ReceiveFromIdAustriaSystemTask extends AbstractAuthServletTask { log.debug("Inject attribute: {} into AuthSession", attrName); if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) { log.trace("Find bPK attribute. Extract eIDAS identifier ... "); - session.setGenericDataToSession(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + session.setGenericDataToSession(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, extractBpkFromResponse(attrValue)); } else { diff --git a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java index 797e4063..66aadde6 100644 --- a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java +++ b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java @@ -14,7 +14,7 @@ import org.opensaml.saml.saml2.core.Attribute; import org.opensaml.saml.saml2.metadata.EntityDescriptor; import org.springframework.beans.factory.annotation.Autowired; -import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration; +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants; import at.asitplus.eidas.specific.modules.auth.idaustria.config.IdAustriaAuthRequestBuilderConfiguration; import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider; diff --git a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthMetadataControllerFirstTest.java b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthMetadataControllerFirstTest.java index b8d8bd83..0df74f7b 100644 --- a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthMetadataControllerFirstTest.java +++ b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthMetadataControllerFirstTest.java @@ -29,7 +29,7 @@ import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.web.servlet.config.annotation.EnableWebMvc; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants; import at.asitplus.eidas.specific.modules.auth.idaustria.controller.IdAustriaAuthMetadataController; import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider; diff --git a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java index 25525c0d..c452fe22 100644 --- a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java +++ b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java @@ -36,13 +36,13 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; -import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants; import at.asitplus.eidas.specific.modules.auth.idaustria.tasks.ReceiveFromIdAustriaSystemTask; import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider; import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthMetadataProvider; -import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePendingRequest; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; @@ -549,7 +549,7 @@ public class ReceiveAuthnResponseTaskTest { checkAttributeInSession(session,PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT"); //pre-generated eIDAS identifer - checkAttributeInSession(session,MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcM4UcyhDTNGYmVdrIoY="); + checkAttributeInSession(session, MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcM4UcyhDTNGYmVdrIoY="); } @@ -587,7 +587,7 @@ public class ReceiveAuthnResponseTaskTest { checkAttributeInSession(session,PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01"); checkAttributeInSession(session,PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT"); - checkAttributeInSession(session,MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcM4UcyhDTNGYmVdrIoY="); + checkAttributeInSession(session,MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcM4UcyhDTNGYmVdrIoY="); } @@ -625,7 +625,7 @@ public class ReceiveAuthnResponseTaskTest { checkAttributeInSession(session,PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT"); //pre-generated eIDAS identifer - checkAttributeInSession(session,MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcasfasfsafsafdM4UcyhDTNGYmVdrIoY="); + checkAttributeInSession(session,MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcasfasfsafsafdM4UcyhDTNGYmVdrIoY="); } @@ -663,7 +663,7 @@ public class ReceiveAuthnResponseTaskTest { checkAttributeInSession(session,PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT"); //pre-generated eIDAS identifer - checkAttributeInSession(session,MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcasfasfsafsafdM4UcyhDTNGYmVdrIoY="); + checkAttributeInSession(session,MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcasfasfsafsafdM4UcyhDTNGYmVdrIoY="); } @@ -708,7 +708,7 @@ public class ReceiveAuthnResponseTaskTest { checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, "urn:publicid:gv.at:baseid+XERSB"); //pre-generated eIDAS identifer - checkAttributeInSession(session, MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcM4UcyhDTNGYmVdrIoY="); + checkAttributeInSession(session, MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcM4UcyhDTNGYmVdrIoY="); assertNull("find nat. person bpk for mandator", session.getGenericDataFromSession( PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, String.class)); @@ -758,7 +758,7 @@ public class ReceiveAuthnResponseTaskTest { //pre-generated eIDAS identifer - checkAttributeInSession(session, MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + checkAttributeInSession(session, MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcM4UcyhDTNGYmVdrIoY="); diff --git a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java index abdc7462..54b019eb 100644 --- a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java +++ b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java @@ -32,8 +32,8 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; -import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants; import at.asitplus.eidas.specific.modules.auth.idaustria.tasks.RequestIdAustriaSystemTask; import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthMetadataProvider; diff --git a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthCredentialProviderTest.java b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthCredentialProviderTest.java index 99a00089..a0d6c988 100644 --- a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthCredentialProviderTest.java +++ b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthCredentialProviderTest.java @@ -17,7 +17,7 @@ import com.google.common.base.Predicates; import com.google.common.base.Throwables; import com.google.common.collect.FluentIterable; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants; import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; diff --git a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthMetadataProviderFirstTest.java b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthMetadataProviderFirstTest.java index ef1b7cf1..d9e73db1 100644 --- a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthMetadataProviderFirstTest.java +++ b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthMetadataProviderFirstTest.java @@ -21,7 +21,7 @@ import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.w3c.dom.Element; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthMetadataProvider; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; diff --git a/eidas_modules/authmodule_id-austria/src/test/resources/spring/SpringTest-context_basic_mapConfig.xml b/eidas_modules/authmodule_id-austria/src/test/resources/spring/SpringTest-context_basic_mapConfig.xml index 3a9214fb..fe9ff441 100644 --- a/eidas_modules/authmodule_id-austria/src/test/resources/spring/SpringTest-context_basic_mapConfig.xml +++ b/eidas_modules/authmodule_id-austria/src/test/resources/spring/SpringTest-context_basic_mapConfig.xml @@ -12,7 +12,7 @@ + class="at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap"> diff --git a/eidas_modules/eidas_proxy-sevice/pom.xml b/eidas_modules/eidas_proxy-sevice/pom.xml index 2cf9cf6c..55a6974c 100644 --- a/eidas_modules/eidas_proxy-sevice/pom.xml +++ b/eidas_modules/eidas_proxy-sevice/pom.xml @@ -98,7 +98,7 @@ at.asitplus.eidas.ms_specific - connector_lib + core_common_lib test test-jar diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java index bf71ba64..f6a88aa3 100644 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java +++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java @@ -2,8 +2,6 @@ package at.asitplus.eidas.specific.modules.msproxyservice; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder; /** * Constants for MS-specific eIDAS Proxy-Service. @@ -16,15 +14,6 @@ public class MsProxyServiceConstants { // general constants public static final String TEMPLATE_SP_UNIQUE_ID = "eidasProxyAuth_from_{0}_type_{1}"; - public static final String ATTR_EIDAS_PERSONAL_IDENTIFIER = - AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + PvpAttributeDefinitions.BPK_NAME; - - public static final String ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER = - AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME; - public static final String ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER = - AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER - + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME; - // configuration constants public static final String CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID = Constants.CONIG_PROPS_EIDAS_NODE + ".proxy.entityId"; diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java index 8957d7db..e24c753e 100644 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java +++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java @@ -23,8 +23,8 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.common.collect.ImmutableSortedSet; -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java index 33d9fdc0..15524005 100644 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java +++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java @@ -15,7 +15,8 @@ import org.springframework.context.ApplicationContext; import org.springframework.core.io.ResourceLoader; import org.springframework.web.util.UriComponentsBuilder; -import at.asitplus.eidas.specific.connector.gui.StaticGuiBuilderConfiguration; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; @@ -227,7 +228,7 @@ public class ProxyServiceAuthenticationAction implements IAction { private void injectMandatorInformation( ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) { String natMandatorId = eidAuthData.getGenericData( - MsProxyServiceConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, String.class); + MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, String.class); if (StringUtils.isNotEmpty(natMandatorId)) { log.debug("Injecting natural mandator informations ... "); @@ -258,7 +259,7 @@ public class ProxyServiceAuthenticationAction implements IAction { attributeMap.put(commonName, eidAuthData.getGenericData( PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, String.class)); attributeMap.put(legalPersonId, eidAuthData.getGenericData( - MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class)); + MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class)); } } @@ -275,7 +276,7 @@ public class ProxyServiceAuthenticationAction implements IAction { Constants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH).first(); attributeMap.put(attrDefPersonalId, - eidAuthData.getGenericData(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class)); + eidAuthData.getGenericData(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class)); attributeMap.put(attrDefFamilyName, eidAuthData.getFamilyName()); attributeMap.put(attrDefGivenName, eidAuthData.getGivenName()); @@ -308,7 +309,7 @@ public class ProxyServiceAuthenticationAction implements IAction { private ImmutableAttributeMap buildAttributesWithoutMandate(IAuthData eidAuthData) { //TODO: throw an error in case of SZR Date with month or day = "00" return buildAttributesWithoutMandate( - eidAuthData.getGenericData(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class), + eidAuthData.getGenericData(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class), eidAuthData.getFamilyName(), eidAuthData.getGivenName(), eidAuthData.getDateOfBirth()); @@ -366,7 +367,7 @@ public class ProxyServiceAuthenticationAction implements IAction { private boolean isLegalPersonMandateAvailable(IAuthData authData) { return StringUtils.isNoneEmpty(authData.getGenericData( - MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class)); + MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class)); } diff --git a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java index d3a4881d..55958d9e 100644 --- a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java +++ b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java @@ -35,8 +35,8 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc; import com.google.common.collect.ImmutableSortedSet; -import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; diff --git a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java index a5c76773..52cc01d4 100644 --- a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java +++ b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java @@ -1,6 +1,6 @@ package at.asitplus.eidas.specific.modules.auth.idaustria.test.protocol; -import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; +import static at.asitplus.eidas.specific.core.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; @@ -36,12 +36,12 @@ import org.springframework.web.context.request.ServletRequestAttributes; import com.google.common.collect.ImmutableSortedSet; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummySpConfiguration; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummySpConfiguration; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; -import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServiceAuthenticationAction; import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePendingRequest; import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; @@ -135,7 +135,7 @@ public class ProxyServiceAuthenticationActionTest { @Test public void missingForwardUrl() { Map attr = new HashMap<>(); - attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false); @@ -150,7 +150,7 @@ public class ProxyServiceAuthenticationActionTest { @Test public void responseWithoutMandate() throws EaafException, SpecificCommunicationException { Map attr = new HashMap<>(); - attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false); @@ -164,7 +164,7 @@ public class ProxyServiceAuthenticationActionTest { ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); assertEquals("wrong attr. size", 4, respAttr.size()); checkAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER, - (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); + (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName()); checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName()); checkAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH, @@ -175,10 +175,10 @@ public class ProxyServiceAuthenticationActionTest { @Test public void responseWithNatMandate() throws EaafException, SpecificCommunicationException { Map attr = new HashMap<>(); - attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - attr.put(MsProxyServiceConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, + attr.put(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, RandomStringUtils.randomAlphabetic(10)); @@ -200,13 +200,13 @@ public class ProxyServiceAuthenticationActionTest { ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); assertEquals("wrong attr. size", 8, respAttr.size()); checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, - (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); + (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName()); checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName()); checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth()); checkAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER, - (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER)); + (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER)); checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME, (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME)); checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME, @@ -219,12 +219,12 @@ public class ProxyServiceAuthenticationActionTest { @Test public void responseWithJurMandate() throws EaafException, SpecificCommunicationException { Map attr = new HashMap<>(); - attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); - attr.put(MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, + attr.put(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, RandomStringUtils.randomAlphabetic(10)); @@ -238,13 +238,13 @@ public class ProxyServiceAuthenticationActionTest { ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); assertEquals("wrong attr. size", 6, respAttr.size()); checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, - (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); + (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName()); checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName()); checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth()); checkAttrValue(respAttr, Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER, - (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER)); + (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER)); checkAttrValue(respAttr, Constants.eIDAS_ATTR_LEGALNAME, (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)); @@ -272,10 +272,10 @@ public class ProxyServiceAuthenticationActionTest { Map attr = new HashMap<>(); - attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - attr.put(MsProxyServiceConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, + attr.put(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, RandomStringUtils.randomAlphabetic(10)); @@ -313,12 +313,12 @@ public class ProxyServiceAuthenticationActionTest { pendingReq.setEidasRequest(eidasRequestBuilder.build()); Map attr = new HashMap<>(); - attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); - attr.put(MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, + attr.put(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, RandomStringUtils.randomAlphabetic(10)); @@ -332,7 +332,7 @@ public class ProxyServiceAuthenticationActionTest { ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); assertEquals("wrong attr. size", 10, respAttr.size()); checkAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER, - (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); + (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName()); checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName()); checkAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH, authData.getDateOfBirth()); @@ -352,12 +352,12 @@ public class ProxyServiceAuthenticationActionTest { pendingReq.setEidasRequest(eidasRequestBuilder.build()); Map attr = new HashMap<>(); - attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); - attr.put(MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, + attr.put(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, RandomStringUtils.randomAlphabetic(10)); diff --git a/eidas_modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig.xml b/eidas_modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig.xml index 3a9214fb..fe9ff441 100644 --- a/eidas_modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig.xml +++ b/eidas_modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig.xml @@ -12,7 +12,7 @@ + class="at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap"> diff --git a/pom.xml b/pom.xml index b439da0f..9cbaf234 100644 --- a/pom.xml +++ b/pom.xml @@ -123,6 +123,7 @@ connector eidas_modules build_reporting + core_common_webapp @@ -190,6 +191,11 @@ core_common_lib ${egiz.eidas.version} + + at.asitplus.eidas.ms_specific + core_common_webapp + ${egiz.eidas.version} + @@ -498,11 +504,18 @@ at.asitplus.eidas.ms_specific - connector_lib + core_common_lib ${egiz.eidas.version} test test-jar + + at.asitplus.eidas.ms_specific + core_common_webapp + ${egiz.eidas.version} + test + test-jar + at.asitplus.eidas.ms_specific.modules authmodule-eIDAS-v2 -- cgit v1.2.3