From 58b3c1c2d7a27775af8c0b7c9d12dea08aa575fa Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 19 Jan 2021 10:37:45 +0100 Subject: build 'requesterId' for private-sector SP's based on hashed unique AppIds set 'requesterId' and 'providerName' to static value for any type of SP --- connector/src/main/resources/application.properties | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'connector/src') diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index b13b6c18..b92102ed 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -51,10 +51,23 @@ eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector #eidas.ms.auth.eIDAS.node_v2.forward.endpoint= eidas.ms.auth.eIDAS.node_v2.forward.method=POST eidas.ms.auth.eIDAS.node_v2.countrycode=AT +#eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=urn:publicid:gv.at:cdid\+.* eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.* -eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true + +## use SAML2 requestId as transactionIdentifier to mitigate problems with SAML2 relaystate eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true -eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true + +## use hashed version of unique SP-Identifier as requesterId +eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm=true + +## user static requesterId for all SP's in case of LU +eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll=true + + +## set provider name for all public SPs +eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=false + + eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high @@ -92,6 +105,10 @@ eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=false eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false + + + + ##without mandates eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true -- cgit v1.2.3 From 2fabf6cfdc78fceac1302d45c88d08214fe4e9e3 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 20 Jan 2021 14:32:37 +0100 Subject: add README.md, release and update informations, and full handbook --- connector/src/assembly/assembly_dir.xml | 2 ++ connector/src/assembly/assembly_zip.xml | 3 +++ connector/src/main/resources/application.properties | 20 +++++++------------- 3 files changed, 12 insertions(+), 13 deletions(-) (limited to 'connector/src') diff --git a/connector/src/assembly/assembly_dir.xml b/connector/src/assembly/assembly_dir.xml index 37e05390..59437be6 100644 --- a/connector/src/assembly/assembly_dir.xml +++ b/connector/src/assembly/assembly_dir.xml @@ -43,7 +43,9 @@ readme_${project.version}.txt + readme_${project.version}.md eIDAS_Ref_Impl/* + handbook/* diff --git a/connector/src/assembly/assembly_zip.xml b/connector/src/assembly/assembly_zip.xml index 579da2e1..43877283 100644 --- a/connector/src/assembly/assembly_zip.xml +++ b/connector/src/assembly/assembly_zip.xml @@ -43,6 +43,9 @@ readme_${project.version}.txt + readme_${project.version}.md + eIDAS_Ref_Impl/* + handbook/* diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index b92102ed..9a4ae54f 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -17,9 +17,9 @@ spring.boot.admin.client.enabled=false ############################################################################# ## MS-speccific eIDAS-Connector configuration -#proxy.context.url.prefix= +#eidas.ms.context.url.prefix= eidas.ms.context.url.request.validation=false -#proxy.configRootDir=file:/.../config/ +#eidas.ms.configRootDir=file:/.../config/ eidas.ms.context.use.clustermode=true eidas.ms.core.logging.level.info.errorcodes=auth.21 @@ -51,8 +51,7 @@ eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector #eidas.ms.auth.eIDAS.node_v2.forward.endpoint= eidas.ms.auth.eIDAS.node_v2.forward.method=POST eidas.ms.auth.eIDAS.node_v2.countrycode=AT -#eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=urn:publicid:gv.at:cdid\+.* -eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.* +eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=urn:publicid:gv.at:cdid\+.* ## use SAML2 requestId as transactionIdentifier to mitigate problems with SAML2 relaystate eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true @@ -106,9 +105,6 @@ eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=false eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false - - - ##without mandates eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true @@ -137,7 +133,7 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true #eidas.ms.pvp2.key.metadata.password=password #eidas.ms.pvp2.key.signing.alias=sig #eidas.ms.pvp2.key.signing.password=password -#eidas.ms.pvp2.metadata.validity=24 +eidas.ms.pvp2.metadata.validity=24 #eidas.ms.pvp2.metadata.organisation.name=JUnit #eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit @@ -158,8 +154,6 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true ##only for advanced config -eidas.ms.configuration.sp.disableRegistrationRequirement= -#eidas.ms.configuration.restrictions.baseID.spTransmission= -eidas.ms.configuration.auth.default.countrycode= -eidas.ms.configuration.pvp.scheme.validation= -eidas.ms.configuration.pvp.enable.entitycategories= \ No newline at end of file +eidas.ms.configuration.sp.disableRegistrationRequirement=false +eidas.ms.configuration.pvp.scheme.validation=true +eidas.ms.configuration.pvp.enable.entitycategories=false \ No newline at end of file -- cgit v1.2.3 From 811165262f7ef196c8586e42b838d7d7ba376e16 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 27 Jan 2021 11:19:29 +0100 Subject: fix problem in jUnit tests that depends on static Apache-Ignite holder in eIDAS Ref. implementation and occurin case of a start-up error --- .../specific/connector/test/FullStartUpAndProcessTest.java | 12 ++++++++++-- .../specific/connector/test/MainClassExecutableModeTest.java | 10 ++++++++-- .../specific/connector/test/MainClassWebAppModeTest.java | 7 +++++++ 3 files changed, 25 insertions(+), 4 deletions(-) (limited to 'connector/src') diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java index 77037415..fcb0e73a 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java @@ -6,6 +6,7 @@ import static org.powermock.api.mockito.PowerMockito.when; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.UnsupportedEncodingException; +import java.lang.reflect.Field; import java.net.URISyntaxException; import java.util.Map; import java.util.Timer; @@ -71,6 +72,7 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter; import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; +import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.light.ILightRequest; @@ -151,13 +153,19 @@ public class FullStartUpAndProcessTest { /** * Test shut-down. * - * @throws IOException In case of an error + * @throws Exception In case of an error */ @AfterClass - public static void closeIgniteNode() throws IOException { + public static void closeIgniteNode() throws Exception { System.out.println("Closiong Ignite Node ... "); Ignition.stopAll(true); + + //set Ignite-node holder to 'null' because static holders are shared between different tests + final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance"); + field.setAccessible(true); + field.set(null, null); + } /** diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java index 86df55df..708560b2 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java @@ -22,6 +22,7 @@ import org.junit.runners.BlockJUnit4ClassRunner; import at.asitplus.eidas.specific.connector.SpringBootApplicationInitializer; import at.gv.egiz.eaaf.core.impl.logging.DummyStatusMessager; import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory; +import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication; import lombok.extern.slf4j.Slf4j; @Slf4j @@ -50,17 +51,22 @@ public class MainClassExecutableModeTest { /** * Initializer. - * @throws InterruptedException In case of an error + * @throws Exception In case of an error * */ @AfterClass - public static void closeIgniteNode() throws InterruptedException { + public static void closeIgniteNode() throws Exception { System.out.println("Closing Ignite Node ... "); log.info("Stopping already running Apache Ignite nodes ... "); Ignition.stopAll(true); Thread.sleep(1000); + //set Ignite-node holder to 'null' because static holders are shared between different tests + final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance"); + field.setAccessible(true); + field.set(null, null); + } /** diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java index 07ef4968..79d062ae 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java @@ -22,6 +22,7 @@ import org.junit.runners.BlockJUnit4ClassRunner; import at.asitplus.eidas.specific.connector.SpringBootApplicationInitializer; import at.gv.egiz.eaaf.core.impl.logging.DummyStatusMessager; import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory; +import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication; @RunWith(BlockJUnit4ClassRunner.class) public class MainClassWebAppModeTest { @@ -68,6 +69,12 @@ public class MainClassWebAppModeTest { System.clearProperty("eidas.ms.configuration"); SpringBootApplicationInitializer.exit(); + + + //set Ignite-node holder to 'null' because static holders are shared between different tests + final Field field1 = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance"); + field1.setAccessible(true); + field1.set(null, null); } -- cgit v1.2.3 From 07318e70ea3a9d25ca945c391820149183c61ca0 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Mon, 8 Feb 2021 18:47:34 +0100 Subject: add Binding Public-Key into technical AuthBlock in case of an ID Austria process --- .../verification/AuthnRequestValidator.java | 114 +++++++++++++-------- .../test/utils/AuthnRequestValidatorTest.java | 5 + connector/src/test/resources/data/pvp2_authn_3.xml | 3 + 3 files changed, 77 insertions(+), 45 deletions(-) (limited to 'connector/src') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java index a9eb06be..881eeb8a 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java @@ -75,7 +75,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { if (nameIdPolicy != null) { final String nameIdFormat = nameIdPolicy.getFormat(); if (nameIdFormat != null) { - if (!(NameIDType.TRANSIENT.equals(nameIdFormat) + if (!(NameIDType.TRANSIENT.equals(nameIdFormat) || NameIDType.PERSISTENT.equals(nameIdFormat))) { throw new NameIdFormatNotSupportedException(nameIdFormat); @@ -114,10 +114,10 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { // post-process requested LoA comparison-level pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setLoAMachtingMode( extractComparisonLevel(authnReq)); - - //extract information from requested attributes + + // extract information from requested attributes extractFromRequestedAttriutes(pendingReq, authnReq); - + } catch (final EaafStorageException e) { log.info("Can NOT store Authn. Req. data into pendingRequest.", e); throw new AuthnRequestValidatorException("internal.02", null, e); @@ -126,14 +126,14 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { } - private void extractFromRequestedAttriutes(IRequest pendingReq, AuthnRequest authnReq) - throws AuthnRequestValidatorException { + private void extractFromRequestedAttriutes(IRequest pendingReq, AuthnRequest authnReq) + throws AuthnRequestValidatorException, EaafStorageException { // validate and process requested attributes boolean sectorDetected = false; - + final ServiceProviderConfiguration spConfig = pendingReq.getServiceProviderConfiguration( ServiceProviderConfiguration.class); - + if (authnReq.getExtensions() != null) { final List requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects(); for (final XMLObject reqAttrObj : requestedAttributes) { @@ -143,77 +143,101 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { for (final EaafRequestedAttribute el : reqAttr.getAttributes()) { log.trace("Processing req. attribute '" + el.getName() + "' ... "); if (el.getName().equals(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) { - sectorDetected = extractBpkTargetIdentifier(el, spConfig); - + sectorDetected = extractBpkTargetIdentifier(el, spConfig); + } else if (el.getName().equals(ExtendedPvpAttributeDefinitions.EID_TRANSACTION_ID_NAME)) { extractUniqueTransactionId(el, pendingReq); - + + } else if (el.getName().equals(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME)) { + extractBindingPublicKey(el, pendingReq); + } else { log.debug("Ignore req. attribute: " + el.getName()); - + } } } else { log.debug("No requested Attributes in Authn. Request"); - + } } else { log.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString()); - + } } } - + if (!sectorDetected) { log.warn("Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information."); throw new AuthnRequestValidatorException("pvp2.22", new Object[] { "NO or NO VALID target-sector information" }); } - + + } + + private void extractBindingPublicKey(EaafRequestedAttribute el, IRequest pendingReq) + throws EaafStorageException { + if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { + final String bindingPubKey = el.getAttributeValues().get(0).getDOM().getTextContent(); + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey); + log.info("Find Binding Public-Key. eIDAS authentication will be used to create an ID Austria Binding"); + + } else { + log.warn( + "Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute", + el.getName()); + + } } /** * Extract unique transactionId from AuthnRequest. - * - * @param el Requested attribute from AuthnRequest - * @param pendingReq Current pendingRequest object (has to be of type {@link RequestImpl}) - * @return true if transactionId extraction was successful, otherwise false + * + * @param el Requested attribute from AuthnRequest + * @param pendingReq Current pendingRequest object (has to be of type + * {@link RequestImpl}) + * @return true if transactionId extraction was successful, + * otherwise false */ private boolean extractUniqueTransactionId(EaafRequestedAttribute el, IRequest pendingReq) { if (!(pendingReq instanceof RequestImpl)) { - log.warn("Can NOT set unique transactionId from AuthnRequest,because 'PendingRequest' is NOT from Type: {}", + log.warn( + "Can NOT set unique transactionId from AuthnRequest,because 'PendingRequest' is NOT from Type: {}", RequestImpl.class.getName()); - - } else { + + } else { if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { - final String transactionId = el.getAttributeValues().get(0).getDOM().getTextContent(); - ((RequestImpl)pendingReq).setUniqueTransactionIdentifier(transactionId); + final String transactionId = el.getAttributeValues().get(0).getDOM().getTextContent(); + ((RequestImpl) pendingReq).setUniqueTransactionIdentifier(transactionId); return true; } else { - log.warn("Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute", + log.warn( + "Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute", el.getName()); - + } - + } - + return false; } /** * Extract the bPK target from requested attribute. - * - * @param el Requested attribute from AuthnRequest + * + * @param el Requested attribute from AuthnRequest * @param spConfig Service-Provider configuration for current process - * @return true if bPK target extraction was successful, otherwise false + * @return true if bPK target extraction was successful, otherwise + * false */ - private boolean extractBpkTargetIdentifier(EaafRequestedAttribute el, ServiceProviderConfiguration spConfig) { + private boolean extractBpkTargetIdentifier(EaafRequestedAttribute el, + ServiceProviderConfiguration spConfig) { if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { - final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent(); + final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent(); try { spConfig.setBpkTargetIdentifier(sectorId); return true; @@ -227,16 +251,16 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { log.warn("Req. attribute '" + el.getName() + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute"); } - + return false; - + } - - private void postprocessLoaLevel(IRequest pendingReq, AuthnRequest authnReq) + + private void postprocessLoaLevel(IRequest pendingReq, AuthnRequest authnReq) throws AuthnRequestValidatorException { final List reqLoA = extractLoA(authnReq); - log.trace("SP requests LoA with: {}", String.join(", ",reqLoA)); - + log.trace("SP requests LoA with: {}", String.join(", ", reqLoA)); + LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration( MsEidasNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL, EaafConstants.EIDAS_LOA_HIGH)); @@ -246,15 +270,15 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { minimumLoAFromConfig = LevelOfAssurance.HIGH; } - + log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...", - minimumLoAFromConfig); + minimumLoAFromConfig); final List allowedLoA = new ArrayList<>(); for (final String loa : reqLoA) { try { final LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa); String selectedLoA = EaafConstants.EIDAS_LOA_HIGH; - if (intLoa != null + if (intLoa != null && intLoa.numericValue() <= minimumLoAFromConfig.numericValue()) { log.info("Client: {} requested LoA: {} will be upgraded to: {}", pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(), @@ -281,7 +305,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA( allowedLoA); - + } private String extractComparisonLevel(AuthnRequest authnReq) { @@ -335,7 +359,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { private String extractScopeRequsterId(AuthnRequest authnReq) { if (authnReq.getScoping() != null) { final Scoping scoping = authnReq.getScoping(); - if (scoping.getRequesterIDs() != null + if (scoping.getRequesterIDs() != null && scoping.getRequesterIDs().size() > 0) { if (scoping.getRequesterIDs().size() == 1) { return scoping.getRequesterIDs().get(0).getRequesterID(); diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java index 9aafb4b6..c57515a0 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java @@ -214,6 +214,11 @@ public class AuthnRequestValidatorTest { Assert.assertEquals("wrong transactionId", "transId_11223344556677aabbcc", pendingReq.getUniqueTransactionIdentifier()); + + Assert.assertEquals("wrong binding pubkey", "binding_pubKey_1144225247125dsfasfasdf", + pendingReq.getRawData(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, String.class)); + + } diff --git a/connector/src/test/resources/data/pvp2_authn_3.xml b/connector/src/test/resources/data/pvp2_authn_3.xml index 35e49b0f..5352c441 100644 --- a/connector/src/test/resources/data/pvp2_authn_3.xml +++ b/connector/src/test/resources/data/pvp2_authn_3.xml @@ -31,6 +31,9 @@ transId_11223344556677aabbcc + + binding_pubKey_1144225247125dsfasfasdf + -- cgit v1.2.3 From c5c6344931f67ccaba335ffa476b5e8117948020 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Wed, 10 Mar 2021 12:25:10 +0100 Subject: switch to EAAF-components 1.1.13-SNAPSHOT to add EID-IDENTITY-STATUS-LEVEL attribute into SAML2 response --- .../builder/AuthenticationDataBuilder.java | 26 +++++++++++++++------- .../src/main/resources/application.properties | 2 ++ .../resources/specific_eIDAS_connector.beans.xml | 6 +++++ .../connector/test/FullStartUpAndProcessTest.java | 7 ++++-- .../ProcessEngineSignalControllerTest.java | 2 +- .../test/utils/AuthenticationDataBuilderTest.java | 16 ++++++++++++- .../data/metadata_valid_without_encryption.xml | 1 + .../spring/SpringTest_connector.beans.xml | 6 +++++ 8 files changed, 54 insertions(+), 12 deletions(-) (limited to 'connector/src') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java index c41660ce..3a93c1b8 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java @@ -30,6 +30,7 @@ import org.springframework.stereotype.Service; import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; @@ -37,8 +38,9 @@ import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper; import lombok.extern.slf4j.Slf4j; @Service("AuthenticationDataBuilder") @@ -47,9 +49,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder @Override protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException { - final IAuthProcessDataContainer authProcessData = - pendingReq.getSessionData(AuthProcessDataWrapper.class); - AuthenticationData authData = new AuthenticationData(); + final EidAuthProcessDataWrapper authProcessData = + pendingReq.getSessionData(EidAuthProcessDataWrapper.class); + EidAuthenticationData authData = new EidAuthenticationData(); //set basis infos super.generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData); @@ -58,6 +60,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder authData.setSsoSessionValidTo( new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); + authData.setEidStatus(authProcessData.isTestIdentity() + ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY); + return authData; } @@ -65,16 +70,21 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder @Override protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) throws EaafException { - if (authData instanceof AuthenticationData) { - ((AuthenticationData)authData).setGenericData( + if (authData instanceof EidAuthenticationData) { + ((EidAuthenticationData)authData).setGenericData( ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, pendingReq.getUniquePiiTransactionIdentifier()); log.trace("Inject piiTransactionId: {} into AuthData", pendingReq.getUniquePiiTransactionIdentifier()); // set specific informations - ((AuthenticationData)authData).setSsoSessionValidTo( + ((EidAuthenticationData)authData).setSsoSessionValidTo( new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); + //set E-ID status-level + final EidAuthProcessDataWrapper authProcessData = + pendingReq.getSessionData(EidAuthProcessDataWrapper.class); + ((EidAuthenticationData)authData).setEidStatus(authProcessData.isTestIdentity() + ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY); } else { throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: " @@ -86,7 +96,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder @Override protected IAuthData getAuthDataInstance(IRequest arg0) throws EaafException { - return new AuthenticationData(); + return new EidAuthenticationData(); } diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index 9a4ae54f..2411fde3 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -48,6 +48,8 @@ eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256 ## eIDAS Ref. Implementation connector ### eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector +eidas.ms.auth.eIDAS.eid.testidentity.default=false + #eidas.ms.auth.eIDAS.node_v2.forward.endpoint= eidas.ms.auth.eIDAS.node_v2.forward.method=POST eidas.ms.auth.eIDAS.node_v2.countrycode=AT diff --git a/connector/src/main/resources/specific_eIDAS_connector.beans.xml b/connector/src/main/resources/specific_eIDAS_connector.beans.xml index f6fdeefe..0f8511d5 100644 --- a/connector/src/main/resources/specific_eIDAS_connector.beans.xml +++ b/connector/src/main/resources/specific_eIDAS_connector.beans.xml @@ -49,6 +49,9 @@ + + + + + + + diff --git a/connector/src/test/resources/spring/SpringTest_connector.beans.xml b/connector/src/test/resources/spring/SpringTest_connector.beans.xml index ba385cb9..83acf445 100644 --- a/connector/src/test/resources/spring/SpringTest_connector.beans.xml +++ b/connector/src/test/resources/spring/SpringTest_connector.beans.xml @@ -41,6 +41,9 @@ + + + + + + Date: Thu, 11 Mar 2021 17:30:18 +0100 Subject: update package names after refactoring of eaaf-components --- .../specific/connector/test/utils/AuthenticationDataBuilderTest.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'connector/src') diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java index 0df8638c..52932c8c 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java @@ -44,8 +44,8 @@ import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; import at.gv.egiz.eaaf.core.exceptions.EaafParserException; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder; import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData; -import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; @@ -169,7 +169,7 @@ public class AuthenticationDataBuilderTest { public void moaIdMode() throws EaafAuthenticationException, EaafBuilderException { //initialize state boolean isTestIdentity = RandomUtils.nextBoolean(); - pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); + pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(true); pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(false); IIdentityLink idl = buildDummyIdl(); pendingReq.getSessionData(AuthProcessDataWrapper.class).setIdentityLink(idl); -- cgit v1.2.3 From 7a1196805baad8fe055f92cfa8746c67684749b9 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Fri, 12 Mar 2021 10:46:59 +0100 Subject: update StatusMessageProvider for better distiguish between internal and external errorCodes --- .../specific/connector/provider/StatusMessageProvider.java | 14 ++++++++++---- .../test/utils/AuthenticationDataBuilderTest.java | 2 +- 2 files changed, 11 insertions(+), 5 deletions(-) (limited to 'connector/src') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java index 073f7513..e83d9d49 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java @@ -28,6 +28,7 @@ import java.util.Locale; import java.util.MissingResourceException; import java.util.ResourceBundle; +import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; @@ -94,11 +95,10 @@ public class StatusMessageProvider implements IStatusMessenger { public String getResponseErrorCode(Throwable throwable) { String errorCode = IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; if (throwable instanceof EaafException) { - errorCode = mapInternalErrorToExternalError(((EaafException) throwable).getErrorId()); + errorCode = ((EaafException) throwable).getErrorId(); } - // TODO: maybe more internal switches are required - + return errorCode; } @@ -120,7 +120,13 @@ public class StatusMessageProvider implements IStatusMessenger { } else { try { - return externalError.getString(intErrorCode); + if (StringUtils.isNotEmpty(intErrorCode)) { + return externalError.getString(intErrorCode); + + } else { + return IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; + + } } catch (final MissingResourceException e2) { log.info(MessageFormat.format(ERROR_NO_EXTERNALERROR_CODE, new Object[] { intErrorCode })); diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java index 52932c8c..cea20f04 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java @@ -169,7 +169,7 @@ public class AuthenticationDataBuilderTest { public void moaIdMode() throws EaafAuthenticationException, EaafBuilderException { //initialize state boolean isTestIdentity = RandomUtils.nextBoolean(); - pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(true); + pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity); pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(false); IIdentityLink idl = buildDummyIdl(); pendingReq.getSessionData(AuthProcessDataWrapper.class).setIdentityLink(idl); -- cgit v1.2.3 From 291905eed9c187444c83657241b589d31d825149 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Wed, 12 May 2021 12:46:07 +0200 Subject: update third-party libs to latest versions --- connector/src/main/resources/logback.xml | 107 +-------------------- .../resources/specific_eIDAS_connector.beans.xml | 3 + .../connector/test/FullStartUpAndProcessTest.java | 2 +- .../test/utils/AuthenticationDataBuilderTest.java | 2 +- .../spring/SpringTest_connector.beans.xml | 3 + 5 files changed, 11 insertions(+), 106 deletions(-) (limited to 'connector/src') diff --git a/connector/src/main/resources/logback.xml b/connector/src/main/resources/logback.xml index 7aa2d0cc..9679d9e4 100644 --- a/connector/src/main/resources/logback.xml +++ b/connector/src/main/resources/logback.xml @@ -8,96 +8,6 @@ - - - logs/eidas-ms-specific.log - - %5p | %d{dd HH:mm:ss,SSS} | %t | %m%n - - - 9999 - logs/eidas-ms-specific.log.%i - - - - 10000KB - - - - - logs/eIDAS_node.log - - %5p | %d{dd HH:mm:ss,SSS} | %t | %m%n - - - 9999 - logs/eIDAS_node.log.%i - - - - 10000KB - - - - - logs/eidas-ms-reversion.log - - %5p | %d{dd HH:mm:ss,SSS} | %t | %m%n - - - 9999 - logs/eidas-ms-reversion.log.%i - - - - 10000KB - - - - - logs/eidas-ms-statistic.log - - %m%n - - - 9999 - logs/eidas-ms-statistic.log.%i - - - - 10000KB - - - - - logs/console.log - - %5p | %d{dd HH:mm:ss,SSS} | %t | %m%n - - - 9999 - logs/console.log.%i - - - - 10000KB - - @@ -105,27 +15,16 @@ - + - + - - - - - - - + - diff --git a/connector/src/main/resources/specific_eIDAS_connector.beans.xml b/connector/src/main/resources/specific_eIDAS_connector.beans.xml index 0f8511d5..df2a9aa4 100644 --- a/connector/src/main/resources/specific_eIDAS_connector.beans.xml +++ b/connector/src/main/resources/specific_eIDAS_connector.beans.xml @@ -82,6 +82,9 @@ + + diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java index f50829c7..64e8272e 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java @@ -50,7 +50,7 @@ import org.springframework.web.context.WebApplicationContext; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; -import com.skjolberg.mockito.soap.SoapServiceRule; +import com.github.skjolber.mockito.soap.SoapServiceRule; import at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalController; import at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint; diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java index cea20f04..17ecb2ca 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java @@ -199,7 +199,7 @@ public class AuthenticationDataBuilderTest { Assert.assertEquals("FamilyName", idl.getFamilyName(), authData.getFamilyName()); Assert.assertEquals("GivenName", idl.getGivenName(), authData.getGivenName()); - Assert.assertEquals("DateOfBirth", idl.getDateOfBirth(), authData.getFormatedDateOfBirth()); + Assert.assertEquals("DateOfBirth", idl.getDateOfBirth(), authData.getDateOfBirth()); Assert.assertEquals("bPK", BpkBuilder.generateAreaSpecificPersonIdentifier( idl.getIdentificationValue(), EaafConstants.URN_PREFIX_CDID + "XX").getFirst(), diff --git a/connector/src/test/resources/spring/SpringTest_connector.beans.xml b/connector/src/test/resources/spring/SpringTest_connector.beans.xml index 83acf445..4d770570 100644 --- a/connector/src/test/resources/spring/SpringTest_connector.beans.xml +++ b/connector/src/test/resources/spring/SpringTest_connector.beans.xml @@ -74,6 +74,9 @@ + + -- cgit v1.2.3 From 0b1973c22e8f9e799a57629f4653324395b73664 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 27 May 2021 17:19:01 +0200 Subject: fix broken language selection in GUI --- .../connector/config/StaticResourceConfiguration.java | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'connector/src') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/StaticResourceConfiguration.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/StaticResourceConfiguration.java index a1e953f1..b4d58cdd 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/StaticResourceConfiguration.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/StaticResourceConfiguration.java @@ -33,9 +33,9 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.support.ReloadableResourceBundleMessageSource; -import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; +import org.springframework.web.servlet.i18n.CookieLocaleResolver; import org.thymeleaf.templateresolver.FileTemplateResolver; import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; @@ -50,7 +50,6 @@ import at.gv.egiz.eaaf.core.impl.utils.FileUtils; * */ @Configuration -@EnableWebMvc public class StaticResourceConfiguration implements WebMvcConfigurer { private static final Logger log = LoggerFactory.getLogger(StaticResourceConfiguration.class); private static final String[] CLASSPATH_RESOURCE_LOCATIONS = { @@ -159,6 +158,20 @@ public class StaticResourceConfiguration implements WebMvcConfigurer { } + /** + * Get a i18n resolver based on cookies. + * + * @return + */ + @Bean + public CookieLocaleResolver localeResolver() { + final CookieLocaleResolver localeResolver = new CookieLocaleResolver(); + localeResolver.setCookieName("currentLanguage"); + localeResolver.setCookieMaxAge(3600); + return localeResolver; + + } + /** * Get a Tyhmeleaf Template-Resolver with external configuration path. * -- cgit v1.2.3 From af013acbb41d98b39d5ede56dbd5227858688e33 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Fri, 25 Jun 2021 10:26:17 +0200 Subject: fix bug in combination with EidasNode v2.5 and DE Middleware # Conflicts: # connector/src/main/resources/application.properties --- connector/src/main/resources/application.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'connector/src') diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index 2411fde3..73a83c13 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -69,7 +69,7 @@ eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll=true eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=false - +#eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat= eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high #eidas.ms.auth.eIDAS.szrclient.useTestService=true -- cgit v1.2.3