From 58b3c1c2d7a27775af8c0b7c9d12dea08aa575fa Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 19 Jan 2021 10:37:45 +0100 Subject: build 'requesterId' for private-sector SP's based on hashed unique AppIds set 'requesterId' and 'providerName' to static value for any type of SP --- connector/src/main/resources/application.properties | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'connector/src') diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index b13b6c18..b92102ed 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -51,10 +51,23 @@ eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector #eidas.ms.auth.eIDAS.node_v2.forward.endpoint= eidas.ms.auth.eIDAS.node_v2.forward.method=POST eidas.ms.auth.eIDAS.node_v2.countrycode=AT +#eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=urn:publicid:gv.at:cdid\+.* eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.* -eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true + +## use SAML2 requestId as transactionIdentifier to mitigate problems with SAML2 relaystate eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true -eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true + +## use hashed version of unique SP-Identifier as requesterId +eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm=true + +## user static requesterId for all SP's in case of LU +eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll=true + + +## set provider name for all public SPs +eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=false + + eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high @@ -92,6 +105,10 @@ eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=false eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false + + + + ##without mandates eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true -- cgit v1.2.3 From 2fabf6cfdc78fceac1302d45c88d08214fe4e9e3 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 20 Jan 2021 14:32:37 +0100 Subject: add README.md, release and update informations, and full handbook --- README.md | 112 +++++++++++++++++++++ basicConfig/default_config.properties | 1 - connector/src/assembly/assembly_dir.xml | 2 + connector/src/assembly/assembly_zip.xml | 3 + .../src/main/resources/application.properties | 20 ++-- infos/handbook-work_in_progress.docx | Bin 0 -> 44486 bytes infos/readme_1.2.0.md | 59 +++++++++++ 7 files changed, 183 insertions(+), 14 deletions(-) create mode 100644 README.md create mode 100644 infos/handbook-work_in_progress.docx create mode 100644 infos/readme_1.2.0.md (limited to 'connector/src') diff --git a/README.md b/README.md new file mode 100644 index 00000000..e0914598 --- /dev/null +++ b/README.md @@ -0,0 +1,112 @@ +# Member-state specific eIDAS Application + +## Description + +The member-state specific eIDAS application (ms-specific eIDAS) implements the bridge between the eIDAS reference implementation provides by European commission and the national eID system. This application consists of two parts + +- **MS-specific Connector:** implements the bridge to connect a national service-provider to a foreign idenity-provider. + +- **MS-specific Proxy-Service:** implements the bridge to connect a foreign service-provider to national eID system (ID Austria). This feature is not implemented yet. + + + +### Building + +The application uses SpringBoot as core framework, but the default build-profile does not build an executable jar. There, the application has to be deployed into an application service, like Apache Tomcat + +The project can be build with : + +``` +mvn clean package +``` + +The resulting `war` file can be deployed into an application server + +Set Java System-Property _-Deidas.ms.configuration=/path/to/configuration..._ to set the configuration for this application + + + +If you like to build an executable SpringBoot application with embedded Tomcat then use: + +``` +mvn -P embbededTomcat clean package +``` + +The resulting `jar` file can be run with java: + +``` +java -jar ./connector/target/ms-connector.jar +``` + +But it is also directly executalbe + +``` +./connector/target/ms-connector.jar +``` + +In case of a executable application package, the configuration can be either set by Java System-Property _-Deidas.ms.configuration=/path/to/configuration..._ or by default SpringBoot configuration features. + + + +### Configuration + +A default configuration is located at _basicConfig/_ + + + +## Generate a BM.I Release Package + +The full release packages for BM.I infrastructure will be automatically assembled by maven build-process. Before release build, all release related information have to added into infos folder. To add release informations follow the steps outlined below. + +Add a file with release informations to: +``` +./infos/readme_{version}.txt +``` + +Add additional eIDAS Node related information into: + +``` +./infos/eIDAS_Ref_Impl/ +``` + +Add, remove, or update the application description in the handbook and store the handbook for the current release version as pdf. + +``` +modify: ./infos/handbook-work_in_progress.docx +store pdf to: ./infos/handbook/handbook-{version}.pdf +``` + +Generate a release package with: + + +``` +mvn clean package +``` + +The full release package will be located add +``` +./target/ms_specific_connector-{version}-dist.tar.gz +``` + + + +## Changelog + +**v1.2.0** + +- Anpassungen zur Anbindungen an das E-ID System +- Update auf eIDAS Ref. Impl. 2.5.0 mit Apache Ignite Cache + https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS-Node+version+2.5 +- TODO: + + + +**v1.1.0** + + - Update auf eIDAS Ref. Impl. 2.4.0 mit Apache Ignite Cache + https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS-Node+version+2.4 + - Statischer Service-Provider Name für öffentliche Applikationen + - Mindest LoA, welche für Requests an eIDAS Proxy-Services verwendet wird. + - Requested Attributes je Land konfigurierbar + - Neue Template-Engine mit i18n Unterstützung + - Neuer Algorithmus zur Generierung von Sessiontokens \ No newline at end of file diff --git a/basicConfig/default_config.properties b/basicConfig/default_config.properties index ad883284..725fac7c 100644 --- a/basicConfig/default_config.properties +++ b/basicConfig/default_config.properties @@ -1,6 +1,5 @@ ## Basic service configuration eidas.ms.context.url.prefix= -eidas.ms.context.url.request.validation=false eidas.ms.core.configRootDir=file:./ diff --git a/connector/src/assembly/assembly_dir.xml b/connector/src/assembly/assembly_dir.xml index 37e05390..59437be6 100644 --- a/connector/src/assembly/assembly_dir.xml +++ b/connector/src/assembly/assembly_dir.xml @@ -43,7 +43,9 @@ readme_${project.version}.txt + readme_${project.version}.md eIDAS_Ref_Impl/* + handbook/* diff --git a/connector/src/assembly/assembly_zip.xml b/connector/src/assembly/assembly_zip.xml index 579da2e1..43877283 100644 --- a/connector/src/assembly/assembly_zip.xml +++ b/connector/src/assembly/assembly_zip.xml @@ -43,6 +43,9 @@ readme_${project.version}.txt + readme_${project.version}.md + eIDAS_Ref_Impl/* + handbook/* diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index b92102ed..9a4ae54f 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -17,9 +17,9 @@ spring.boot.admin.client.enabled=false ############################################################################# ## MS-speccific eIDAS-Connector configuration -#proxy.context.url.prefix= +#eidas.ms.context.url.prefix= eidas.ms.context.url.request.validation=false -#proxy.configRootDir=file:/.../config/ +#eidas.ms.configRootDir=file:/.../config/ eidas.ms.context.use.clustermode=true eidas.ms.core.logging.level.info.errorcodes=auth.21 @@ -51,8 +51,7 @@ eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector #eidas.ms.auth.eIDAS.node_v2.forward.endpoint= eidas.ms.auth.eIDAS.node_v2.forward.method=POST eidas.ms.auth.eIDAS.node_v2.countrycode=AT -#eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=urn:publicid:gv.at:cdid\+.* -eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.* +eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=urn:publicid:gv.at:cdid\+.* ## use SAML2 requestId as transactionIdentifier to mitigate problems with SAML2 relaystate eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true @@ -106,9 +105,6 @@ eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=false eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false - - - ##without mandates eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true @@ -137,7 +133,7 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true #eidas.ms.pvp2.key.metadata.password=password #eidas.ms.pvp2.key.signing.alias=sig #eidas.ms.pvp2.key.signing.password=password -#eidas.ms.pvp2.metadata.validity=24 +eidas.ms.pvp2.metadata.validity=24 #eidas.ms.pvp2.metadata.organisation.name=JUnit #eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit @@ -158,8 +154,6 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true ##only for advanced config -eidas.ms.configuration.sp.disableRegistrationRequirement= -#eidas.ms.configuration.restrictions.baseID.spTransmission= -eidas.ms.configuration.auth.default.countrycode= -eidas.ms.configuration.pvp.scheme.validation= -eidas.ms.configuration.pvp.enable.entitycategories= \ No newline at end of file +eidas.ms.configuration.sp.disableRegistrationRequirement=false +eidas.ms.configuration.pvp.scheme.validation=true +eidas.ms.configuration.pvp.enable.entitycategories=false \ No newline at end of file diff --git a/infos/handbook-work_in_progress.docx b/infos/handbook-work_in_progress.docx new file mode 100644 index 00000000..d311fa80 Binary files /dev/null and b/infos/handbook-work_in_progress.docx differ diff --git a/infos/readme_1.2.0.md b/infos/readme_1.2.0.md new file mode 100644 index 00000000..98e18ccb --- /dev/null +++ b/infos/readme_1.2.0.md @@ -0,0 +1,59 @@ +# MS-Connector v1.2.0 Release vom xx.xx.2021 + +Der MS-Connector implementiert eine Bridge zwischen dem österreichischen E-ID System und dem eIDAS Framework um ausländischen Benutzern eine Anmeldung am österreichischen Service-Providern zu ermöglichen. + +### Änderungen in dieser Version + + - Erforderliche Anpassungen zur Integration in den ID Austria + + - Update auf eIDAS Ref. Impl. 2.5.0 (Implementiert eIDAS Spezifikation 1.2) + https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS-Node+version+2.5 + + - Codestabilisierung + + - Monitoring und HealthChecks Verbesserungen + + - Akutalisierung von Drittherstellerbibliotheken + + + + +### Durchführen eines Updates + +Nachfolgend finden Sie die erforderlichen Schritte für das Update eines bestehenden MS-specific eIDAS Connectors auf die aktuelle Version 1.2.0. Das vollständige Handbuch mit allen Konfigurationsparametern finden Sie im Releasepackage im Verzeichnis: _infos/handbook/_ + +### Ausgehend von einer bestehenden Version 1.1.0 + +1. Stoppen Sie die *MS-Connector* Applikation und fertigen Sie eine Sicherungskopie Ihrer Applikation inklusive Konfiguration an +2. Entpacken Sie das Releasepacket *ms_specific_connector-1.2.0-dist.zip* in ein temporäres Verzeichnis welches in weiterer Folge __MsConnectorPackage__ bezeichnet wird. +3. Kopieren sie die Applikation __MsConnectorPackage__/ms_connector.war nach in das Applikationsverzeichnis ihres Applikationsservers +4. Mit der Version 1.2.0 wurde die Konfiguration eine eine Minimalkonfiguration [`default_config.properties`](./../config/default_config.properties) und eine in den MS-Connectorintegrierte Defaultkonfiguration aufgteilt. Die nachfolgende Aufzählung umfasst die neuen oder geänderten Konfigurationsparameter, beschreibt jedoch keine Aufteilung einer bestehenden Konfiguration in Minimal- und Defaultteil. Eine vollständige Beschreibung aller Konfigurationswerte finden Sie **hier**. +5. Update bestehender Dateien . Die nachfolgenden Dateien wurden geändert und erfordern eine Anpassung oder eine Übernahme dem Releasepacket, sofern die Anpassung nicht bereits durchgeführt wurde + + * __MsConnectorPackage__/config/templates/error_message.html +6. Erstellung neuer Dateien + - _KeyStore für ID Austria AuthBlock:_ Erstellen eines KeyStore mit mit öffentlichem und privaten Schlüssel welcher für die JWS Signature des technischen ID Austria AuthBlocks verwendet werden soll. +7. Neue Konfigurationsparameter + - *Allgemeine Konfiguration* + - ```eidas.ms.core.configRootDir``` + - *ID Austria Umsetzung* + - ```eidas.ms.auth.eIDAS.authblock.keystore.type``` + - ```eidas.ms.auth.eIDAS.authblock.keystore.path``` + - ```eidas.ms.auth.eIDAS.authblock.keystore.password``` + - ```eidas.ms.auth.eIDAS.authblock.key.alias``` + - ```eidas.ms.auth.eIDAS.authblock.key.password``` + - *Service-Provider Konfiguration Konfiguration* + - ```eidas.ms.sp.x.newEidMode``` +8. Gelöschte Konfigurationsparameter + + - ```authhandler.modules.bindingservice.bpk.target``` +9. Neue optionale Konfigurationsparameter + - *Allgemeine Konfiguration* + - ```eidas.ms.core.logging.level.info.errorcodes``` + - *eIDAS Node Kommunikation* + * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm``` + * ```eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll``` + * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm``` + * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm``` + - *ID Austria Umsetzung* + - ```eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject``` -- cgit v1.2.3 From 811165262f7ef196c8586e42b838d7d7ba376e16 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 27 Jan 2021 11:19:29 +0100 Subject: fix problem in jUnit tests that depends on static Apache-Ignite holder in eIDAS Ref. implementation and occurin case of a start-up error --- .../specific/connector/test/FullStartUpAndProcessTest.java | 12 ++++++++++-- .../specific/connector/test/MainClassExecutableModeTest.java | 10 ++++++++-- .../specific/connector/test/MainClassWebAppModeTest.java | 7 +++++++ 3 files changed, 25 insertions(+), 4 deletions(-) (limited to 'connector/src') diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java index 77037415..fcb0e73a 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java @@ -6,6 +6,7 @@ import static org.powermock.api.mockito.PowerMockito.when; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.UnsupportedEncodingException; +import java.lang.reflect.Field; import java.net.URISyntaxException; import java.util.Map; import java.util.Timer; @@ -71,6 +72,7 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter; import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; +import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.light.ILightRequest; @@ -151,13 +153,19 @@ public class FullStartUpAndProcessTest { /** * Test shut-down. * - * @throws IOException In case of an error + * @throws Exception In case of an error */ @AfterClass - public static void closeIgniteNode() throws IOException { + public static void closeIgniteNode() throws Exception { System.out.println("Closiong Ignite Node ... "); Ignition.stopAll(true); + + //set Ignite-node holder to 'null' because static holders are shared between different tests + final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance"); + field.setAccessible(true); + field.set(null, null); + } /** diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java index 86df55df..708560b2 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java @@ -22,6 +22,7 @@ import org.junit.runners.BlockJUnit4ClassRunner; import at.asitplus.eidas.specific.connector.SpringBootApplicationInitializer; import at.gv.egiz.eaaf.core.impl.logging.DummyStatusMessager; import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory; +import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication; import lombok.extern.slf4j.Slf4j; @Slf4j @@ -50,17 +51,22 @@ public class MainClassExecutableModeTest { /** * Initializer. - * @throws InterruptedException In case of an error + * @throws Exception In case of an error * */ @AfterClass - public static void closeIgniteNode() throws InterruptedException { + public static void closeIgniteNode() throws Exception { System.out.println("Closing Ignite Node ... "); log.info("Stopping already running Apache Ignite nodes ... "); Ignition.stopAll(true); Thread.sleep(1000); + //set Ignite-node holder to 'null' because static holders are shared between different tests + final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance"); + field.setAccessible(true); + field.set(null, null); + } /** diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java index 07ef4968..79d062ae 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java @@ -22,6 +22,7 @@ import org.junit.runners.BlockJUnit4ClassRunner; import at.asitplus.eidas.specific.connector.SpringBootApplicationInitializer; import at.gv.egiz.eaaf.core.impl.logging.DummyStatusMessager; import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory; +import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication; @RunWith(BlockJUnit4ClassRunner.class) public class MainClassWebAppModeTest { @@ -68,6 +69,12 @@ public class MainClassWebAppModeTest { System.clearProperty("eidas.ms.configuration"); SpringBootApplicationInitializer.exit(); + + + //set Ignite-node holder to 'null' because static holders are shared between different tests + final Field field1 = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance"); + field1.setAccessible(true); + field1.set(null, null); } -- cgit v1.2.3 From 07318e70ea3a9d25ca945c391820149183c61ca0 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Mon, 8 Feb 2021 18:47:34 +0100 Subject: add Binding Public-Key into technical AuthBlock in case of an ID Austria process --- .../verification/AuthnRequestValidator.java | 114 +++++++++++++-------- .../test/utils/AuthnRequestValidatorTest.java | 5 + connector/src/test/resources/data/pvp2_authn_3.xml | 3 + .../specific/connector/MsEidasNodeConstants.java | 3 + .../eidas/v2/service/AuthBlockSigningService.java | 12 +++ .../tasks/CreateIdentityLinkTaskEidNewTest.java | 25 ++++- 6 files changed, 116 insertions(+), 46 deletions(-) (limited to 'connector/src') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java index a9eb06be..881eeb8a 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java @@ -75,7 +75,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { if (nameIdPolicy != null) { final String nameIdFormat = nameIdPolicy.getFormat(); if (nameIdFormat != null) { - if (!(NameIDType.TRANSIENT.equals(nameIdFormat) + if (!(NameIDType.TRANSIENT.equals(nameIdFormat) || NameIDType.PERSISTENT.equals(nameIdFormat))) { throw new NameIdFormatNotSupportedException(nameIdFormat); @@ -114,10 +114,10 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { // post-process requested LoA comparison-level pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setLoAMachtingMode( extractComparisonLevel(authnReq)); - - //extract information from requested attributes + + // extract information from requested attributes extractFromRequestedAttriutes(pendingReq, authnReq); - + } catch (final EaafStorageException e) { log.info("Can NOT store Authn. Req. data into pendingRequest.", e); throw new AuthnRequestValidatorException("internal.02", null, e); @@ -126,14 +126,14 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { } - private void extractFromRequestedAttriutes(IRequest pendingReq, AuthnRequest authnReq) - throws AuthnRequestValidatorException { + private void extractFromRequestedAttriutes(IRequest pendingReq, AuthnRequest authnReq) + throws AuthnRequestValidatorException, EaafStorageException { // validate and process requested attributes boolean sectorDetected = false; - + final ServiceProviderConfiguration spConfig = pendingReq.getServiceProviderConfiguration( ServiceProviderConfiguration.class); - + if (authnReq.getExtensions() != null) { final List requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects(); for (final XMLObject reqAttrObj : requestedAttributes) { @@ -143,77 +143,101 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { for (final EaafRequestedAttribute el : reqAttr.getAttributes()) { log.trace("Processing req. attribute '" + el.getName() + "' ... "); if (el.getName().equals(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) { - sectorDetected = extractBpkTargetIdentifier(el, spConfig); - + sectorDetected = extractBpkTargetIdentifier(el, spConfig); + } else if (el.getName().equals(ExtendedPvpAttributeDefinitions.EID_TRANSACTION_ID_NAME)) { extractUniqueTransactionId(el, pendingReq); - + + } else if (el.getName().equals(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME)) { + extractBindingPublicKey(el, pendingReq); + } else { log.debug("Ignore req. attribute: " + el.getName()); - + } } } else { log.debug("No requested Attributes in Authn. Request"); - + } } else { log.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString()); - + } } } - + if (!sectorDetected) { log.warn("Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information."); throw new AuthnRequestValidatorException("pvp2.22", new Object[] { "NO or NO VALID target-sector information" }); } - + + } + + private void extractBindingPublicKey(EaafRequestedAttribute el, IRequest pendingReq) + throws EaafStorageException { + if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { + final String bindingPubKey = el.getAttributeValues().get(0).getDOM().getTextContent(); + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey); + log.info("Find Binding Public-Key. eIDAS authentication will be used to create an ID Austria Binding"); + + } else { + log.warn( + "Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute", + el.getName()); + + } } /** * Extract unique transactionId from AuthnRequest. - * - * @param el Requested attribute from AuthnRequest - * @param pendingReq Current pendingRequest object (has to be of type {@link RequestImpl}) - * @return true if transactionId extraction was successful, otherwise false + * + * @param el Requested attribute from AuthnRequest + * @param pendingReq Current pendingRequest object (has to be of type + * {@link RequestImpl}) + * @return true if transactionId extraction was successful, + * otherwise false */ private boolean extractUniqueTransactionId(EaafRequestedAttribute el, IRequest pendingReq) { if (!(pendingReq instanceof RequestImpl)) { - log.warn("Can NOT set unique transactionId from AuthnRequest,because 'PendingRequest' is NOT from Type: {}", + log.warn( + "Can NOT set unique transactionId from AuthnRequest,because 'PendingRequest' is NOT from Type: {}", RequestImpl.class.getName()); - - } else { + + } else { if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { - final String transactionId = el.getAttributeValues().get(0).getDOM().getTextContent(); - ((RequestImpl)pendingReq).setUniqueTransactionIdentifier(transactionId); + final String transactionId = el.getAttributeValues().get(0).getDOM().getTextContent(); + ((RequestImpl) pendingReq).setUniqueTransactionIdentifier(transactionId); return true; } else { - log.warn("Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute", + log.warn( + "Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute", el.getName()); - + } - + } - + return false; } /** * Extract the bPK target from requested attribute. - * - * @param el Requested attribute from AuthnRequest + * + * @param el Requested attribute from AuthnRequest * @param spConfig Service-Provider configuration for current process - * @return true if bPK target extraction was successful, otherwise false + * @return true if bPK target extraction was successful, otherwise + * false */ - private boolean extractBpkTargetIdentifier(EaafRequestedAttribute el, ServiceProviderConfiguration spConfig) { + private boolean extractBpkTargetIdentifier(EaafRequestedAttribute el, + ServiceProviderConfiguration spConfig) { if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { - final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent(); + final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent(); try { spConfig.setBpkTargetIdentifier(sectorId); return true; @@ -227,16 +251,16 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { log.warn("Req. attribute '" + el.getName() + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute"); } - + return false; - + } - - private void postprocessLoaLevel(IRequest pendingReq, AuthnRequest authnReq) + + private void postprocessLoaLevel(IRequest pendingReq, AuthnRequest authnReq) throws AuthnRequestValidatorException { final List reqLoA = extractLoA(authnReq); - log.trace("SP requests LoA with: {}", String.join(", ",reqLoA)); - + log.trace("SP requests LoA with: {}", String.join(", ", reqLoA)); + LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration( MsEidasNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL, EaafConstants.EIDAS_LOA_HIGH)); @@ -246,15 +270,15 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { minimumLoAFromConfig = LevelOfAssurance.HIGH; } - + log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...", - minimumLoAFromConfig); + minimumLoAFromConfig); final List allowedLoA = new ArrayList<>(); for (final String loa : reqLoA) { try { final LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa); String selectedLoA = EaafConstants.EIDAS_LOA_HIGH; - if (intLoa != null + if (intLoa != null && intLoa.numericValue() <= minimumLoAFromConfig.numericValue()) { log.info("Client: {} requested LoA: {} will be upgraded to: {}", pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(), @@ -281,7 +305,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA( allowedLoA); - + } private String extractComparisonLevel(AuthnRequest authnReq) { @@ -335,7 +359,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { private String extractScopeRequsterId(AuthnRequest authnReq) { if (authnReq.getScoping() != null) { final Scoping scoping = authnReq.getScoping(); - if (scoping.getRequesterIDs() != null + if (scoping.getRequesterIDs() != null && scoping.getRequesterIDs().size() > 0) { if (scoping.getRequesterIDs().size() == 1) { return scoping.getRequesterIDs().get(0).getRequesterID(); diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java index 9aafb4b6..c57515a0 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java @@ -214,6 +214,11 @@ public class AuthnRequestValidatorTest { Assert.assertEquals("wrong transactionId", "transId_11223344556677aabbcc", pendingReq.getUniqueTransactionIdentifier()); + + Assert.assertEquals("wrong binding pubkey", "binding_pubKey_1144225247125dsfasfasdf", + pendingReq.getRawData(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, String.class)); + + } diff --git a/connector/src/test/resources/data/pvp2_authn_3.xml b/connector/src/test/resources/data/pvp2_authn_3.xml index 35e49b0f..5352c441 100644 --- a/connector/src/test/resources/data/pvp2_authn_3.xml +++ b/connector/src/test/resources/data/pvp2_authn_3.xml @@ -31,6 +31,9 @@ transId_11223344556677aabbcc + + binding_pubKey_1144225247125dsfasfasdf + diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java index 133f104d..027d0832 100644 --- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java @@ -169,6 +169,9 @@ public class MsEidasNodeConstants { public static final List COUNTRY_SELECTION_PARAM_WHITELIST = Arrays.asList(REQ_PARAM_SELECTED_COUNTRY, REQ_PARAM_SELECTED_ENVIRONMENT); + + public static final String EID_BINDING_PUBLIC_KEY_NAME = "urn:eidgvat:attributes.binding.pubkey"; + private MsEidasNodeConstants() { //hidden Constructor for class with static values only. } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java index 234d52dd..a2af4342 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java @@ -18,6 +18,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import com.fasterxml.jackson.annotation.JsonFormat; +import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; @@ -81,6 +82,14 @@ public class AuthBlockSigningService { authBlock.setTimestamp(LocalDateTime.now().truncatedTo(ChronoUnit.SECONDS)); authBlock.setUniqueId(pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class)); authBlock.setPiiTransactionId(pendingReq.getUniquePiiTransactionIdentifier()); + + //set Binding PublicKey if available + Object bindingPubKey = pendingReq.getRawData(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME); + if (bindingPubKey instanceof String) { + authBlock.setBindingPublicKey((String) bindingPubKey); + + } + String jwsPayload = mapper.writeValueAsString(authBlock); log.debug("Building and sign authBlock with data: {}", jwsPayload); @@ -172,6 +181,7 @@ public class AuthBlockSigningService { * */ @Data + @JsonInclude(JsonInclude.Include.NON_NULL) private static class EidasAuchBlock { @JsonProperty("challenge") @@ -189,6 +199,8 @@ public class AuthBlockSigningService { @JsonProperty("piiTransactionId") private String piiTransactionId; + @JsonProperty("bindingPublicKey") + private String bindingPublicKey; } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java index 2e6790c5..0621081a 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java @@ -221,6 +221,7 @@ public class CreateIdentityLinkTaskEidNewTest { Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText()); Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty()); Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty()); + Assert.assertFalse("binding pubKey", authBlockJson.has("bindingPublicKey")); // check vsz request @@ -312,9 +313,11 @@ public class CreateIdentityLinkTaskEidNewTest { signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10)); signContentResp.getOut().add(signContentEntry); when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp); - + String randomTestSp = RandomStringUtils.randomAlphabetic(10); + String bindingPubKey = RandomStringUtils.randomAlphabetic(10); pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey); //perform test task.execute(pendingReq, executionContext); @@ -329,8 +332,28 @@ public class CreateIdentityLinkTaskEidNewTest { Assert.assertNotNull("AuthProcessData", authProcessData); Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class)); + // check authblock signature String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class); Assert.assertNotNull("AuthBlock", authBlock); + final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT, + BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()])); + Pair keyStore = getKeyStore(); + X509Certificate[] trustedCerts = EaafKeyStoreUtils + .getPrivateKeyAndCertificates(keyStore.getFirst(), ALIAS, PW.toCharArray(), true, "junit").getSecond(); + JwsResult result = JoseUtils.validateSignature(authBlock, Arrays.asList(trustedCerts), constraints); + Assert.assertTrue("AuthBlock not valid", result.isValid()); + JsonNode authBlockJson = mapper.readTree(result.getPayLoad()); + Assert.assertNotNull("deserialized AuthBlock", authBlockJson); + + Assert.assertNotNull("no piiTransactionId in pendingRequesdt", + storedPendingReq.getUniquePiiTransactionIdentifier()); + Assert.assertEquals("piiTransactionId", storedPendingReq.getUniquePiiTransactionIdentifier(), + authBlockJson.get("piiTransactionId").asText()); + Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText()); + Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty()); + Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty()); + Assert.assertTrue("binding pubKey", authBlockJson.has("bindingPublicKey")); + Assert.assertEquals("binding PubKey", bindingPubKey, authBlockJson.get("bindingPublicKey").asText()); Assert.assertTrue("EID process", authProcessData.isEidProcess()); Assert.assertTrue("foreigner process", authProcessData.isForeigner()); -- cgit v1.2.3 From c5c6344931f67ccaba335ffa476b5e8117948020 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Wed, 10 Mar 2021 12:25:10 +0100 Subject: switch to EAAF-components 1.1.13-SNAPSHOT to add EID-IDENTITY-STATUS-LEVEL attribute into SAML2 response --- basicConfig/default_config.properties | 2 ++ .../builder/AuthenticationDataBuilder.java | 26 +++++++++++----- .../src/main/resources/application.properties | 2 ++ .../resources/specific_eIDAS_connector.beans.xml | 6 ++++ .../connector/test/FullStartUpAndProcessTest.java | 7 +++-- .../ProcessEngineSignalControllerTest.java | 2 +- .../test/utils/AuthenticationDataBuilderTest.java | 16 +++++++++- .../data/metadata_valid_without_encryption.xml | 1 + .../spring/SpringTest_connector.beans.xml | 6 ++++ .../specific/modules/auth/eidas/v2/Constants.java | 2 ++ .../eidas/v2/tasks/ReceiveAuthnResponseTask.java | 9 ++++-- .../test/tasks/ReceiveEidasResponseTaskTest.java | 34 +++++++++++++++++++-- infos/handbook-work_in_progress.docx | Bin 44486 -> 44445 bytes pom.xml | 2 +- 14 files changed, 98 insertions(+), 17 deletions(-) (limited to 'connector/src') diff --git a/basicConfig/default_config.properties b/basicConfig/default_config.properties index 725fac7c..2ea12b17 100644 --- a/basicConfig/default_config.properties +++ b/basicConfig/default_config.properties @@ -18,6 +18,8 @@ eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret ## eIDAS Ref. Implementation connector ### +eidas.ms.auth.eIDAS.eid.testidentity.default=false + eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector eidas.ms.auth.eIDAS.node_v2.forward.endpoint= diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java index c41660ce..3a93c1b8 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java @@ -30,6 +30,7 @@ import org.springframework.stereotype.Service; import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; @@ -37,8 +38,9 @@ import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper; import lombok.extern.slf4j.Slf4j; @Service("AuthenticationDataBuilder") @@ -47,9 +49,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder @Override protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException { - final IAuthProcessDataContainer authProcessData = - pendingReq.getSessionData(AuthProcessDataWrapper.class); - AuthenticationData authData = new AuthenticationData(); + final EidAuthProcessDataWrapper authProcessData = + pendingReq.getSessionData(EidAuthProcessDataWrapper.class); + EidAuthenticationData authData = new EidAuthenticationData(); //set basis infos super.generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData); @@ -58,6 +60,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder authData.setSsoSessionValidTo( new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); + authData.setEidStatus(authProcessData.isTestIdentity() + ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY); + return authData; } @@ -65,16 +70,21 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder @Override protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) throws EaafException { - if (authData instanceof AuthenticationData) { - ((AuthenticationData)authData).setGenericData( + if (authData instanceof EidAuthenticationData) { + ((EidAuthenticationData)authData).setGenericData( ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, pendingReq.getUniquePiiTransactionIdentifier()); log.trace("Inject piiTransactionId: {} into AuthData", pendingReq.getUniquePiiTransactionIdentifier()); // set specific informations - ((AuthenticationData)authData).setSsoSessionValidTo( + ((EidAuthenticationData)authData).setSsoSessionValidTo( new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); + //set E-ID status-level + final EidAuthProcessDataWrapper authProcessData = + pendingReq.getSessionData(EidAuthProcessDataWrapper.class); + ((EidAuthenticationData)authData).setEidStatus(authProcessData.isTestIdentity() + ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY); } else { throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: " @@ -86,7 +96,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder @Override protected IAuthData getAuthDataInstance(IRequest arg0) throws EaafException { - return new AuthenticationData(); + return new EidAuthenticationData(); } diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index 9a4ae54f..2411fde3 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -48,6 +48,8 @@ eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256 ## eIDAS Ref. Implementation connector ### eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector +eidas.ms.auth.eIDAS.eid.testidentity.default=false + #eidas.ms.auth.eIDAS.node_v2.forward.endpoint= eidas.ms.auth.eIDAS.node_v2.forward.method=POST eidas.ms.auth.eIDAS.node_v2.countrycode=AT diff --git a/connector/src/main/resources/specific_eIDAS_connector.beans.xml b/connector/src/main/resources/specific_eIDAS_connector.beans.xml index f6fdeefe..0f8511d5 100644 --- a/connector/src/main/resources/specific_eIDAS_connector.beans.xml +++ b/connector/src/main/resources/specific_eIDAS_connector.beans.xml @@ -49,6 +49,9 @@ + + + + + + + diff --git a/connector/src/test/resources/spring/SpringTest_connector.beans.xml b/connector/src/test/resources/spring/SpringTest_connector.beans.xml index ba385cb9..83acf445 100644 --- a/connector/src/test/resources/spring/SpringTest_connector.beans.xml +++ b/connector/src/test/resources/spring/SpringTest_connector.beans.xml @@ -41,6 +41,9 @@ + + + + + + spConfig = new HashMap<>(); spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); @@ -153,15 +154,44 @@ public class ReceiveEidasResponseTaskTest { IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); Assert.assertNotNull("pendingReq not stored", storedReq); - final AuthProcessDataWrapper authProcessData = storedReq.getSessionData(AuthProcessDataWrapper.class); + final EidAuthProcessDataWrapper authProcessData = storedReq.getSessionData(EidAuthProcessDataWrapper.class); Assert.assertEquals("LoA", eidasResponse.getLevelOfAssurance(), authProcessData.getQaaLevel()); Assert.assertNotNull("eIDAS response", authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE)); Assert.assertEquals("eIDAS response", eidasResponse, authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE)); + Assert.assertFalse("testIdentity flag", authProcessData.isTestIdentity()); } + @Test + public void successWithTestIdentity() throws URISyntaxException, TaskExecutionException, PendingReqIdValidationException { + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.eid.testidentity.default", "true"); + + @NotNull + AuthenticationResponse eidasResponse = buildDummyAuthResponse(Constants.SUCCESS_URI); + httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse); + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU"); + + //execute test + task.execute(pendingReq, executionContext); + + //validate state + IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + Assert.assertNotNull("pendingReq not stored", storedReq); + + final EidAuthProcessDataWrapper authProcessData = storedReq.getSessionData(EidAuthProcessDataWrapper.class); + Assert.assertEquals("LoA", eidasResponse.getLevelOfAssurance(), authProcessData.getQaaLevel()); + Assert.assertNotNull("eIDAS response", + authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE)); + Assert.assertEquals("eIDAS response", eidasResponse, + authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE)); + Assert.assertTrue("testIdentity flag", authProcessData.isTestIdentity()); + + } + + + @NotNull private AuthenticationResponse buildDummyAuthResponse(String statusCode) throws URISyntaxException { final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( diff --git a/infos/handbook-work_in_progress.docx b/infos/handbook-work_in_progress.docx index d311fa80..192db5d4 100644 Binary files a/infos/handbook-work_in_progress.docx and b/infos/handbook-work_in_progress.docx differ diff --git a/pom.xml b/pom.xml index 46d02706..808d71b9 100644 --- a/pom.xml +++ b/pom.xml @@ -22,7 +22,7 @@ 0.3 0.4 - 1.1.11 + 1.1.13-SNAPSHOT 2.4.1 2.3.1 -- cgit v1.2.3 From ddf39a5b497925204be868a77bcb746277bb2c8b Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 11 Mar 2021 17:30:18 +0100 Subject: update package names after refactoring of eaaf-components --- .../specific/connector/test/utils/AuthenticationDataBuilderTest.java | 4 ++-- .../specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'connector/src') diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java index 0df8638c..52932c8c 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java @@ -44,8 +44,8 @@ import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; import at.gv.egiz.eaaf.core.exceptions.EaafParserException; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder; import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData; -import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; @@ -169,7 +169,7 @@ public class AuthenticationDataBuilderTest { public void moaIdMode() throws EaafAuthenticationException, EaafBuilderException { //initialize state boolean isTestIdentity = RandomUtils.nextBoolean(); - pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); + pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(true); pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(false); IIdentityLink idl = buildDummyIdl(); pendingReq.getSessionData(AuthProcessDataWrapper.class).setIdentityLink(idl); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index b519354c..f4849b07 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -64,8 +64,8 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder; import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -- cgit v1.2.3 From 7a1196805baad8fe055f92cfa8746c67684749b9 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Fri, 12 Mar 2021 10:46:59 +0100 Subject: update StatusMessageProvider for better distiguish between internal and external errorCodes --- .../specific/connector/provider/StatusMessageProvider.java | 14 ++++++++++---- .../test/utils/AuthenticationDataBuilderTest.java | 2 +- 2 files changed, 11 insertions(+), 5 deletions(-) (limited to 'connector/src') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java index 073f7513..e83d9d49 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java @@ -28,6 +28,7 @@ import java.util.Locale; import java.util.MissingResourceException; import java.util.ResourceBundle; +import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; @@ -94,11 +95,10 @@ public class StatusMessageProvider implements IStatusMessenger { public String getResponseErrorCode(Throwable throwable) { String errorCode = IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; if (throwable instanceof EaafException) { - errorCode = mapInternalErrorToExternalError(((EaafException) throwable).getErrorId()); + errorCode = ((EaafException) throwable).getErrorId(); } - // TODO: maybe more internal switches are required - + return errorCode; } @@ -120,7 +120,13 @@ public class StatusMessageProvider implements IStatusMessenger { } else { try { - return externalError.getString(intErrorCode); + if (StringUtils.isNotEmpty(intErrorCode)) { + return externalError.getString(intErrorCode); + + } else { + return IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; + + } } catch (final MissingResourceException e2) { log.info(MessageFormat.format(ERROR_NO_EXTERNALERROR_CODE, new Object[] { intErrorCode })); diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java index 52932c8c..cea20f04 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java @@ -169,7 +169,7 @@ public class AuthenticationDataBuilderTest { public void moaIdMode() throws EaafAuthenticationException, EaafBuilderException { //initialize state boolean isTestIdentity = RandomUtils.nextBoolean(); - pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(true); + pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity); pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(false); IIdentityLink idl = buildDummyIdl(); pendingReq.getSessionData(AuthProcessDataWrapper.class).setIdentityLink(idl); -- cgit v1.2.3 From 291905eed9c187444c83657241b589d31d825149 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Wed, 12 May 2021 12:46:07 +0200 Subject: update third-party libs to latest versions --- basicConfig/templates/error_message.html | 10 +- connector/pom.xml | 14 +++ connector/src/main/resources/logback.xml | 107 +-------------------- .../resources/specific_eIDAS_connector.beans.xml | 3 + .../connector/test/FullStartUpAndProcessTest.java | 2 +- .../test/utils/AuthenticationDataBuilderTest.java | 2 +- .../spring/SpringTest_connector.beans.xml | 3 + eidas_modules/authmodule-eIDAS-v2/pom.xml | 4 + .../modules/auth/eidas/v2/test/SzrClientTest.java | 9 +- .../tasks/CreateIdentityLinkTaskEidNewTest.java | 2 +- .../v2/test/tasks/CreateIdentityLinkTaskTest.java | 2 +- infos/handbook-work_in_progress.docx | Bin 44445 -> 44928 bytes infos/readme_1.2.0.md | 7 +- pom.xml | 33 ++++--- 14 files changed, 63 insertions(+), 135 deletions(-) (limited to 'connector/src') diff --git a/basicConfig/templates/error_message.html b/basicConfig/templates/error_message.html index f9788f6a..b1367962 100644 --- a/basicConfig/templates/error_message.html +++ b/basicConfig/templates/error_message.html @@ -21,16 +21,12 @@

Error Information


-

Code :

+

Code :

Msg :

- -
-

fullError

-
- + - \ No newline at end of file + diff --git a/connector/pom.xml b/connector/pom.xml index 36a6d9df..6516e351 100644 --- a/connector/pom.xml +++ b/connector/pom.xml @@ -135,6 +135,20 @@ com.github.skjolber mockito-soap-cxf test + org.powermock diff --git a/connector/src/main/resources/logback.xml b/connector/src/main/resources/logback.xml index 7aa2d0cc..9679d9e4 100644 --- a/connector/src/main/resources/logback.xml +++ b/connector/src/main/resources/logback.xml @@ -8,96 +8,6 @@ - - - logs/eidas-ms-specific.log - - %5p | %d{dd HH:mm:ss,SSS} | %t | %m%n - - - 9999 - logs/eidas-ms-specific.log.%i - - - - 10000KB - - - - - logs/eIDAS_node.log - - %5p | %d{dd HH:mm:ss,SSS} | %t | %m%n - - - 9999 - logs/eIDAS_node.log.%i - - - - 10000KB - - - - - logs/eidas-ms-reversion.log - - %5p | %d{dd HH:mm:ss,SSS} | %t | %m%n - - - 9999 - logs/eidas-ms-reversion.log.%i - - - - 10000KB - - - - - logs/eidas-ms-statistic.log - - %m%n - - - 9999 - logs/eidas-ms-statistic.log.%i - - - - 10000KB - - - - - logs/console.log - - %5p | %d{dd HH:mm:ss,SSS} | %t | %m%n - - - 9999 - logs/console.log.%i - - - - 10000KB - - @@ -105,27 +15,16 @@ - + - + - - - - - - - + - diff --git a/connector/src/main/resources/specific_eIDAS_connector.beans.xml b/connector/src/main/resources/specific_eIDAS_connector.beans.xml index 0f8511d5..df2a9aa4 100644 --- a/connector/src/main/resources/specific_eIDAS_connector.beans.xml +++ b/connector/src/main/resources/specific_eIDAS_connector.beans.xml @@ -82,6 +82,9 @@ + + diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java index f50829c7..64e8272e 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java @@ -50,7 +50,7 @@ import org.springframework.web.context.WebApplicationContext; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; -import com.skjolberg.mockito.soap.SoapServiceRule; +import com.github.skjolber.mockito.soap.SoapServiceRule; import at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalController; import at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint; diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java index cea20f04..17ecb2ca 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java @@ -199,7 +199,7 @@ public class AuthenticationDataBuilderTest { Assert.assertEquals("FamilyName", idl.getFamilyName(), authData.getFamilyName()); Assert.assertEquals("GivenName", idl.getGivenName(), authData.getGivenName()); - Assert.assertEquals("DateOfBirth", idl.getDateOfBirth(), authData.getFormatedDateOfBirth()); + Assert.assertEquals("DateOfBirth", idl.getDateOfBirth(), authData.getDateOfBirth()); Assert.assertEquals("bPK", BpkBuilder.generateAreaSpecificPersonIdentifier( idl.getIdentificationValue(), EaafConstants.URN_PREFIX_CDID + "XX").getFirst(), diff --git a/connector/src/test/resources/spring/SpringTest_connector.beans.xml b/connector/src/test/resources/spring/SpringTest_connector.beans.xml index 83acf445..4d770570 100644 --- a/connector/src/test/resources/spring/SpringTest_connector.beans.xml +++ b/connector/src/test/resources/spring/SpringTest_connector.beans.xml @@ -74,6 +74,9 @@ + + diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml index 074a4205..78039e9c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/pom.xml +++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml @@ -102,6 +102,10 @@ org.springframework spring-webmvc + + org.apache.cxf + cxf-core + org.apache.cxf cxf-rt-frontend-jaxws diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java index cf4ed95c..786b10de 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java @@ -54,6 +54,8 @@ import org.junit.runner.RunWith; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.util.Base64Utils; @@ -63,7 +65,7 @@ import org.xml.sax.SAXException; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.JsonMappingException; import com.fasterxml.jackson.databind.ObjectMapper; -import com.skjolberg.mockito.soap.SoapServiceRule; +import com.github.skjolber.mockito.soap.SoapServiceRule; import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; @@ -96,6 +98,7 @@ import szrservices.TravelDocumentType; @ContextConfiguration(locations = { "/SpringTest-context_tasks_test.xml", "/SpringTest-context_basic_mapConfig.xml"}) +@DirtiesContext(classMode = ClassMode.AFTER_CLASS) public class SzrClientTest { private static final Logger log = LoggerFactory.getLogger(SzrClientTest.class); @@ -134,9 +137,11 @@ public class SzrClientTest { eidData.setPseudonym("1234sdgsdfg56789ABCDEF"); basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject", "false"); - + } + + @Test public void getStammzahlenEcryptedTest() throws JAXBException, SZRException_Exception, SzrCommunicationException { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java index 0621081a..175f95e6 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java @@ -40,7 +40,7 @@ import org.springframework.web.context.request.ServletRequestAttributes; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; -import com.skjolberg.mockito.soap.SoapServiceRule; +import com.github.skjolber.mockito.soap.SoapServiceRule; import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java index 8c7558dd..e880178f 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java @@ -28,7 +28,7 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; -import com.skjolberg.mockito.soap.SoapServiceRule; +import com.github.skjolber.mockito.soap.SoapServiceRule; import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; diff --git a/infos/handbook-work_in_progress.docx b/infos/handbook-work_in_progress.docx index 192db5d4..3f2c6afd 100644 Binary files a/infos/handbook-work_in_progress.docx and b/infos/handbook-work_in_progress.docx differ diff --git a/infos/readme_1.2.0.md b/infos/readme_1.2.0.md index 98e18ccb..5b25d3f9 100644 --- a/infos/readme_1.2.0.md +++ b/infos/readme_1.2.0.md @@ -1,4 +1,4 @@ -# MS-Connector v1.2.0 Release vom xx.xx.2021 +# MS-Connector v1.2.0 Release vom 12.05.2021 Der MS-Connector implementiert eine Bridge zwischen dem österreichischen E-ID System und dem eIDAS Framework um ausländischen Benutzern eine Anmeldung am österreichischen Service-Providern zu ermöglichen. @@ -27,7 +27,7 @@ Nachfolgend finden Sie die erforderlichen Schritte für das Update eines bestehe 1. Stoppen Sie die *MS-Connector* Applikation und fertigen Sie eine Sicherungskopie Ihrer Applikation inklusive Konfiguration an 2. Entpacken Sie das Releasepacket *ms_specific_connector-1.2.0-dist.zip* in ein temporäres Verzeichnis welches in weiterer Folge __MsConnectorPackage__ bezeichnet wird. 3. Kopieren sie die Applikation __MsConnectorPackage__/ms_connector.war nach in das Applikationsverzeichnis ihres Applikationsservers -4. Mit der Version 1.2.0 wurde die Konfiguration eine eine Minimalkonfiguration [`default_config.properties`](./../config/default_config.properties) und eine in den MS-Connectorintegrierte Defaultkonfiguration aufgteilt. Die nachfolgende Aufzählung umfasst die neuen oder geänderten Konfigurationsparameter, beschreibt jedoch keine Aufteilung einer bestehenden Konfiguration in Minimal- und Defaultteil. Eine vollständige Beschreibung aller Konfigurationswerte finden Sie **hier**. +4. Mit der Version 1.2.0 wurde die Konfiguration eine eine Minimalkonfiguration [`default_config.properties`](./../config/default_config.properties) und eine in den MS-Connectorintegrierte Defaultkonfiguration aufgteilt. Die nachfolgende Aufzählung umfasst die neuen oder geänderten Konfigurationsparameter, beschreibt jedoch keine Aufteilung einer bestehenden Konfiguration in Minimal- und Defaultteil. Eine vollständige Beschreibung aller Konfigurationswerte finden Sie im Handbuch zum AT MS-Connector. 5. Update bestehender Dateien . Die nachfolgenden Dateien wurden geändert und erfordern eine Anpassung oder eine Übernahme dem Releasepacket, sofern die Anpassung nicht bereits durchgeführt wurde * __MsConnectorPackage__/config/templates/error_message.html @@ -53,7 +53,6 @@ Nachfolgend finden Sie die erforderlichen Schritte für das Update eines bestehe - *eIDAS Node Kommunikation* * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm``` * ```eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll``` - * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm``` - * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm``` - *ID Austria Umsetzung* + - ```eidas.ms.auth.eIDAS.eid.testidentity.default``` - ```eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject``` diff --git a/pom.xml b/pom.xml index 808d71b9..2b557e9a 100644 --- a/pom.xml +++ b/pom.xml @@ -22,32 +22,32 @@ 0.3 0.4 - 1.1.13-SNAPSHOT + 1.1.13 - 2.4.1 - 2.3.1 - 5.3.2 - 3.0.11.RELEASE - 3.4.1 + 2.4.5 + 2.4.1 + 5.3.6 + 3.0.12.RELEASE + 3.3.5 2.5.0 - 3.11 + 3.12.0 1.9 4.4 - 30.0-jre - 2.10.8 + 30.1.1-jre + 2.10.10 1.7.30 - 2.12.0 + 2.12.3 2.0.1.Final 6.1.5.Final - 4.13.1 + 4.13.2 2.22.2 - 1.0.5 + 1.2.0 4.0.0 @@ -64,7 +64,7 @@ - 1.18.12 + 1.18.20 3.8.1 2.8.1 1.20 @@ -267,6 +267,11 @@ joda-time ${joda-time.version} + + org.apache.cxf + cxf-core + ${cxf.version} + org.apache.cxf cxf-rt-frontend-jaxws @@ -280,7 +285,7 @@ javax.servlet javax.servlet-api - 3.0.1 + 3.1.0 provided -- cgit v1.2.3 From 0b1973c22e8f9e799a57629f4653324395b73664 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 27 May 2021 17:19:01 +0200 Subject: fix broken language selection in GUI --- basicConfig/properties/messages.properties | 2 ++ .../connector/config/StaticResourceConfiguration.java | 17 +++++++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) (limited to 'connector/src') diff --git a/basicConfig/properties/messages.properties b/basicConfig/properties/messages.properties index ea604cda..0420d8b9 100644 --- a/basicConfig/properties/messages.properties +++ b/basicConfig/properties/messages.properties @@ -80,6 +80,8 @@ gui.countryselection.country.lu=Luxembourg gui.countryselection.country.lu.logo.alt=Luxembourg-eID gui.countryselection.country.mt=Malta gui.countryselection.country.mt.logo.alt=Malta-eID +gui.countryselection.country.no=Norway +gui.countryselection.country.no.logo.alt=Norway-eID gui.countryselection.country.ro=Romania gui.countryselection.country.ro.logo.alt=Romania-eID gui.countryselection.country.sk=Slovakia diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/StaticResourceConfiguration.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/StaticResourceConfiguration.java index a1e953f1..b4d58cdd 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/StaticResourceConfiguration.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/StaticResourceConfiguration.java @@ -33,9 +33,9 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.support.ReloadableResourceBundleMessageSource; -import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; +import org.springframework.web.servlet.i18n.CookieLocaleResolver; import org.thymeleaf.templateresolver.FileTemplateResolver; import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; @@ -50,7 +50,6 @@ import at.gv.egiz.eaaf.core.impl.utils.FileUtils; * */ @Configuration -@EnableWebMvc public class StaticResourceConfiguration implements WebMvcConfigurer { private static final Logger log = LoggerFactory.getLogger(StaticResourceConfiguration.class); private static final String[] CLASSPATH_RESOURCE_LOCATIONS = { @@ -159,6 +158,20 @@ public class StaticResourceConfiguration implements WebMvcConfigurer { } + /** + * Get a i18n resolver based on cookies. + * + * @return + */ + @Bean + public CookieLocaleResolver localeResolver() { + final CookieLocaleResolver localeResolver = new CookieLocaleResolver(); + localeResolver.setCookieName("currentLanguage"); + localeResolver.setCookieMaxAge(3600); + return localeResolver; + + } + /** * Get a Tyhmeleaf Template-Resolver with external configuration path. * -- cgit v1.2.3 From af013acbb41d98b39d5ede56dbd5227858688e33 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Fri, 25 Jun 2021 10:26:17 +0200 Subject: fix bug in combination with EidasNode v2.5 and DE Middleware # Conflicts: # connector/src/main/resources/application.properties --- .../src/main/resources/application.properties | 2 +- .../specific/modules/auth/eidas/v2/Constants.java | 2 + .../eidas/v2/tasks/GenerateAuthnRequestTask.java | 3 +- .../test/tasks/GenerateAuthnRequestTaskTest.java | 15 ++++-- infos/Handbuch_MS-eIDAS-Node.docx | Bin 64139 -> 58160 bytes infos/handbook-work_in_progress.docx | Bin 44928 -> 0 bytes infos/handbook/Handbuch_MS-eIDAS-Node.pdf | Bin 871397 -> 162244 bytes infos/readme_1.2.2.md | 60 +++++++++++++++++++++ 8 files changed, 76 insertions(+), 6 deletions(-) delete mode 100644 infos/handbook-work_in_progress.docx create mode 100644 infos/readme_1.2.2.md (limited to 'connector/src') diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index 2411fde3..73a83c13 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -69,7 +69,7 @@ eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll=true eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=false - +#eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat= eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high #eidas.ms.auth.eIDAS.szrclient.useTestService=true diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index d13dd00f..1732a61a 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -69,6 +69,8 @@ public class Constants { public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER = CONIG_PROPS_EIDAS_NODE + ".workarounds.useRequestIdAsTransactionIdentifier"; + public static final String CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT = + CONIG_PROPS_EIDAS_NODE + ".requested.nameIdFormat"; public static final String CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = CONIG_PROPS_EIDAS_NODE + ".staticProviderNameForPublicSPs"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java index 92f58877..9900fa98 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java @@ -106,7 +106,8 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { authnRequestBuilder.id(UUID.randomUUID().toString()); // set nameIDFormat - authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT); + authnRequestBuilder.nameIdFormat( + authConfig.getBasicConfiguration(Constants.CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT)); // set citizen country code for foreign uses authnRequestBuilder.citizenCountryCode(citizenCountryCode); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java index f796bd86..4edfe32d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java @@ -1,5 +1,7 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; +import static org.junit.Assert.assertNull; + import java.io.UnsupportedEncodingException; import java.util.HashMap; import java.util.Map; @@ -91,7 +93,8 @@ public class GenerateAuthnRequestTaskTest { "http://test/" + RandomStringUtils.randomAlphabetic(5)); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); - + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat"); + } @Test @@ -313,9 +316,8 @@ public class GenerateAuthnRequestTaskTest { Assert.assertEquals("ProviderName is not Static", "myNode", eidasReq.getProviderName()); Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType()); Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance()); - Assert.assertEquals("wrong CC", cc, eidasReq.getCitizenCountryCode()); - Assert.assertEquals("NameIdFormat", Constants.eIDAS_REQ_NAMEID_FORMAT, eidasReq.getNameIdFormat()); - + Assert.assertEquals("wrong CC", cc, eidasReq.getCitizenCountryCode()); + assertNull("NameIdPolicy not null", eidasReq.getNameIdFormat()); } @@ -337,6 +339,10 @@ public class GenerateAuthnRequestTaskTest { basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false"); + String nameIdFormat = RandomStringUtils.randomAlphabetic(10); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat", nameIdFormat); + String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint); @@ -363,6 +369,7 @@ public class GenerateAuthnRequestTaskTest { eidasReq.getLevelOfAssurance()); Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size()); + Assert.assertEquals("NameIdFormat", nameIdFormat, eidasReq.getNameIdFormat()); } diff --git a/infos/Handbuch_MS-eIDAS-Node.docx b/infos/Handbuch_MS-eIDAS-Node.docx index 7bb5c919..aacb3828 100644 Binary files a/infos/Handbuch_MS-eIDAS-Node.docx and b/infos/Handbuch_MS-eIDAS-Node.docx differ diff --git a/infos/handbook-work_in_progress.docx b/infos/handbook-work_in_progress.docx deleted file mode 100644 index 3f2c6afd..00000000 Binary files a/infos/handbook-work_in_progress.docx and /dev/null differ diff --git a/infos/handbook/Handbuch_MS-eIDAS-Node.pdf b/infos/handbook/Handbuch_MS-eIDAS-Node.pdf index dd79201f..1d4195bb 100644 Binary files a/infos/handbook/Handbuch_MS-eIDAS-Node.pdf and b/infos/handbook/Handbuch_MS-eIDAS-Node.pdf differ diff --git a/infos/readme_1.2.2.md b/infos/readme_1.2.2.md new file mode 100644 index 00000000..6e7abdd0 --- /dev/null +++ b/infos/readme_1.2.2.md @@ -0,0 +1,60 @@ +# MS-Connector v1.2.2 Release vom 26.06.2021 + +Der MS-Connector implementiert eine Bridge zwischen dem österreichischen E-ID System und dem eIDAS Framework um ausländischen Benutzern eine Anmeldung am österreichischen Service-Providern zu ermöglichen. + +### Änderungen in dieser Version + + - Bugfix + - Inkompatibilität zwischen AT MS-Connector, EidasNode v2.5 und Deutscher Middleware behoben + + + + +### Durchführen eines Updates + +Nachfolgend finden Sie die erforderlichen Schritte für das Update eines bestehenden MS-specific eIDAS Connectors auf die aktuelle Version 1.2.2. Das vollständige Handbuch mit allen Konfigurationsparametern finden Sie im Releasepackage im Verzeichnis: _infos/handbook/_ + +### Ausgehend von einer bestehenden Version 1.2.x + +1. Stoppen Sie die *MS-Connector* Applikation und fertigen Sie eine Sicherungskopie Ihrer Applikation inklusive Konfiguration an +2. Entpacken Sie das Releasepacket *ms_specific_connector-1.2.2-dist.zip* in ein temporäres Verzeichnis welches in weiterer Folge __MsConnectorPackage__ bezeichnet wird. +3. Kopieren sie die Applikation __MsConnectorPackage__/ms_connector.war nach in das Applikationsverzeichnis ihres Applikationsservers +4. Neue optionale Konfigurationsparameter + - *Allgemeine Konfiguration* + - ```eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat``` + +### Ausgehend von einer bestehenden Version 1.1.0 + +1. Stoppen Sie die *MS-Connector* Applikation und fertigen Sie eine Sicherungskopie Ihrer Applikation inklusive Konfiguration an +2. Entpacken Sie das Releasepacket *ms_specific_connector-1.2.2-dist.zip* in ein temporäres Verzeichnis welches in weiterer Folge __MsConnectorPackage__ bezeichnet wird. +3. Kopieren sie die Applikation __MsConnectorPackage__/ms_connector.war nach in das Applikationsverzeichnis ihres Applikationsservers +4. Mit der Version 1.2.0 wurde die Konfiguration eine eine Minimalkonfiguration [`default_config.properties`](./../config/default_config.properties) und eine in den MS-Connectorintegrierte Defaultkonfiguration aufgteilt. Die nachfolgende Aufzählung umfasst die neuen oder geänderten Konfigurationsparameter, beschreibt jedoch keine Aufteilung einer bestehenden Konfiguration in Minimal- und Defaultteil. Eine vollständige Beschreibung aller Konfigurationswerte finden Sie im Handbuch zum AT MS-Connector. +5. Update bestehender Dateien . Die nachfolgenden Dateien wurden geändert und erfordern eine Anpassung oder eine Übernahme dem Releasepacket, sofern die Anpassung nicht bereits durchgeführt wurde. Sofern die entsprechenden Datein an die bestehende Infrastruktur angepasst wurden so müssen diese Änderungen übernommen werden. + - __MsConnectorPackage__/config/templates/error_message.html + - __MsConnectorPackage__/config/eIDAS/igniteSpecificCommunication.xml + Hinweis: Siehe auch Update-Hinweise zur EIDAS-Node v2.5 +6. Erstellung neuer Dateien + - _KeyStore für ID Austria AuthBlock:_ Erstellen eines KeyStore mit mit öffentlichem und privaten Schlüssel welcher für die JWS Signature des technischen ID Austria AuthBlocks verwendet werden soll. +7. Neue Konfigurationsparameter + - *Allgemeine Konfiguration* + - ```eidas.ms.core.configRootDir``` + - *ID Austria Umsetzung* + - ```eidas.ms.auth.eIDAS.authblock.keystore.type``` + - ```eidas.ms.auth.eIDAS.authblock.keystore.path``` + - ```eidas.ms.auth.eIDAS.authblock.keystore.password``` + - ```eidas.ms.auth.eIDAS.authblock.key.alias``` + - ```eidas.ms.auth.eIDAS.authblock.key.password``` + - *Service-Provider Konfiguration Konfiguration* + - ```eidas.ms.sp.x.newEidMode``` +8. Gelöschte Konfigurationsparameter + + - ```authhandler.modules.bindingservice.bpk.target``` +9. Neue optionale Konfigurationsparameter + - *Allgemeine Konfiguration* + - ```eidas.ms.core.logging.level.info.errorcodes``` + - *eIDAS Node Kommunikation* + * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm``` + * ```eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll``` + - *ID Austria Umsetzung* + - ```eidas.ms.auth.eIDAS.eid.testidentity.default``` + - ```eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject``` -- cgit v1.2.3