From 55d809e4b4df5c7ca9ba2bdf371f7f9376302ea8 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Thu, 7 Jan 2021 18:16:45 +0100 Subject: Resolve merge comments --- connector/src/main/resources/properties/status_messages_en.properties | 3 +++ 1 file changed, 3 insertions(+) (limited to 'connector/src') diff --git a/connector/src/main/resources/properties/status_messages_en.properties b/connector/src/main/resources/properties/status_messages_en.properties index 80228a47..c430fc90 100644 --- a/connector/src/main/resources/properties/status_messages_en.properties +++ b/connector/src/main/resources/properties/status_messages_en.properties @@ -6,6 +6,9 @@ eidas.04=Request contains no sessionToken. Authentication process stops eidas.05=Received eIDAS response-message is not valid. Reason: {0} eidas.06=LoA from eIDAS response-message {0} does not match to requested LoA eidas.07=eIDAS Response attribute-validation FAILED. Attribute:{0} Reason: {1} +eidas.08=An unexpected error occurred. +eidas.09=An error occurred while loading your data from official registers. Please contact the support. + config.01=No configuration-file parameter found. Maybe Java SystemD parameter is missing config.03=Can not load configuration from path {0} (See logs for more details) -- cgit v1.2.3 From f74e02f9f0735ff9a1e897c5eba10f69ff720f8f Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Tue, 12 Jan 2021 13:35:02 +0100 Subject: created tasks and beans --- .../config/templates/chooseOtherLoginMethod.html | 250 +++++++++++++++++++++ .../specific/connector/MsEidasNodeConstants.java | 4 +- .../eidas/v2/tasks/CreateNewErnbEntryTask.java | 66 ------ .../eidas/v2/tasks/CreateNewErnpEntryTask.java | 55 +++++ .../auth/eidas/v2/tasks/GenerateGuiTask.java | 14 +- .../GenerateMobilePhoneSignatureRequestTask.java | 14 +- .../eidas/v2/tasks/ReceiveGuiResponseTask.java | 20 +- .../ReceiveMobilePhoneSignatureResponseTask.java | 15 +- .../resources/eIDAS.Authentication.process.xml | 12 + .../src/main/resources/eidas_v2_auth.beans.xml | 20 ++ .../resources/SpringTest-context_tasks_test.xml | 20 ++ 11 files changed, 370 insertions(+), 120 deletions(-) create mode 100644 connector/src/test/resources/config/templates/chooseOtherLoginMethod.html delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnbEntryTask.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java (limited to 'connector/src') diff --git a/connector/src/test/resources/config/templates/chooseOtherLoginMethod.html b/connector/src/test/resources/config/templates/chooseOtherLoginMethod.html new file mode 100644 index 00000000..134f7fba --- /dev/null +++ b/connector/src/test/resources/config/templates/chooseOtherLoginMethod.html @@ -0,0 +1,250 @@ + + + + + + + eIDAS-Login Login-Auswahl + + + + + + +

Zentraler eIDAS Knoten der Republik Österreich

Betrieben durch das Bundesministerium für Inneres

+ +

Wählen Sie Ihr Land / Select your country

+ +

+ + + + +

+ + + diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java index 42fefaab..1300ad74 100644 --- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java @@ -46,8 +46,8 @@ public class MsEidasNodeConstants { public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH = "webcontent.templates"; public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_CCSELECTION = "webcontent.templates.countryselection"; - public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_OTHER_LOGIN_METHOD_SELECTION = "webcontent.templates" + - ".otherLoginMethodselection"; + public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_OTHER_LOGIN_METHOD_SELECTION = "webcontent.templates" + + ".otherLoginMethodselection"; public static final String PROP_CONFIG_MONITORING_EIDASNODE_METADATAURL = "monitoring.eIDASNode.metadata.url"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnbEntryTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnbEntryTask.java deleted file mode 100644 index 77d6ed41..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnbEntryTask.java +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; - -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import lombok.extern.slf4j.Slf4j; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -/** - * Task that searches ErnB and ZMR before adding person to SZR. - * - * @author tlenz - */ -@Slf4j -@Component("CreateNewErnbEntryTask") -// NOTE: General: Please rebase git commit and squash them where useful, i.e. "remove unused import" should -// not be a separate commit. -public class CreateNewErnbEntryTask extends AbstractAuthServletTask { - - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv. - * egovernment.moa.id.process.api.ExecutionContext, - * javax.servlet.http.HttpServletRequest, - * javax.servlet.http.HttpServletResponse) - */ - @Override - public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - try { - //TODO - } catch (final Exception e) { - log.error("Initial search FAILED.", e); - throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); - } - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java new file mode 100644 index 00000000..6f7304c9 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java @@ -0,0 +1,55 @@ +/* + * Copyright 2021 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * Task that searches ErnB and ZMR before adding person to SZR. + * + * @author amarsalek + */ +@Slf4j +@Component("CreateNewErnbEntryTask") +public class CreateNewErnpEntryTask extends AbstractAuthServletTask { + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + //TODO + } catch (final Exception e) { + log.error("Initial search FAILED.", e); + throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); + } + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateGuiTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateGuiTask.java index d55d4a7e..3d77f994 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateGuiTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateGuiTask.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2021 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * @@ -41,12 +41,10 @@ import javax.servlet.http.HttpServletResponse; /** * Task that searches ErnB and ZMR before adding person to SZR. * - * @author tlenz + * @author amarsalek */ @Slf4j @Component("GenerateGuiTask") -// NOTE: General: Please rebase git commit and squash them where useful, i.e. "remove unused import" should -// not be a separate commit. public class GenerateGuiTask extends AbstractAuthServletTask { @Autowired @@ -54,14 +52,6 @@ public class GenerateGuiTask extends AbstractAuthServletTask { @Autowired IConfiguration basicConfig; - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv. - * egovernment.moa.id.process.api.ExecutionContext, - * javax.servlet.http.HttpServletRequest, - * javax.servlet.http.HttpServletResponse) - */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java index c9974509..7c154705 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2021 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * @@ -35,23 +35,13 @@ import javax.servlet.http.HttpServletResponse; /** * Task that searches ErnB and ZMR before adding person to SZR. * - * @author tlenz + * @author amarsalek */ @Slf4j @Component("GenerateMobilePhoneSignatureRequestTask") -// NOTE: General: Please rebase git commit and squash them where useful, i.e. "remove unused import" should -// not be a separate commit. public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServletTask { - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv. - * egovernment.moa.id.process.api.ExecutionContext, - * javax.servlet.http.HttpServletRequest, - * javax.servlet.http.HttpServletResponse) - */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java index b0cb857e..fc51ce2d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2021 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * @@ -40,24 +40,14 @@ import java.util.Enumeration; /** * Task that searches ErnB and ZMR before adding person to SZR. * - * @author tlenz + * @author amarsalek */ @Slf4j @Component("ReceiveGuiResponseTask") -// NOTE: General: Please rebase git commit and squash them where useful, i.e. "remove unused import" should -// not be a separate commit. public class ReceiveGuiResponseTask extends AbstractAuthServletTask { - final String LOGIN_METHOD = "loginSelection"; + final String loginMethod = "loginSelection"; - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv. - * egovernment.moa.id.process.api.ExecutionContext, - * javax.servlet.http.HttpServletRequest, - * javax.servlet.http.HttpServletResponse) - */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { @@ -68,10 +58,10 @@ public class ReceiveGuiResponseTask extends AbstractAuthServletTask { final String paramName = reqParamNames.nextElement(); if (StringUtils.isNotEmpty(paramName) && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)) { - if (LOGIN_METHOD.equalsIgnoreCase(paramName)) { + if (loginMethod.equalsIgnoreCase(paramName)) { String value = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); SelectedLoginMethod selection = SelectedLoginMethod.valueOf(value); - executionContext.put(LOGIN_METHOD, selection); + executionContext.put(loginMethod, selection); } } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java index 28c351f2..95eeca4c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2021 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * @@ -35,23 +35,12 @@ import javax.servlet.http.HttpServletResponse; /** * Task that searches ErnB and ZMR before adding person to SZR. * - * @author tlenz + * @author amarsalek */ @Slf4j @Component("ReceiveMobilePhoneSignatureResponseTask") -// NOTE: General: Please rebase git commit and squash them where useful, i.e. "remove unused import" should -// not be a separate commit. public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServletTask { - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv. - * egovernment.moa.id.process.api.ExecutionContext, - * javax.servlet.http.HttpServletRequest, - * javax.servlet.http.HttpServletResponse) - */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index e199d379..5134982a 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -13,6 +13,18 @@ + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml index 10d480e0..7d7f2c59 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml @@ -78,4 +78,24 @@ + + + + + + + + + + \ No newline at end of file -- cgit v1.2.3 From ed033b4105eec8c00189729bd4b38b17c6b40509 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Thu, 7 Jan 2021 18:16:45 +0100 Subject: Resolve merge comments --- .../properties/status_messages_en.properties | 3 + .../specific/modules/auth/eidas/v2/Constants.java | 2 +- .../modules/auth/eidas/v2/dao/ErnbEidData.java | 2 +- .../eidas/v2/dao/MergedRegisterSearchResult.java | 57 ++- .../modules/auth/eidas/v2/dao/RegisterResult.java | 61 +-- .../modules/auth/eidas/v2/dao/SimpleEidasData.java | 27 +- .../auth/eidas/v2/ernb/DummyErnbClient.java | 43 -- .../modules/auth/eidas/v2/ernb/IErnbClient.java | 20 - .../auth/eidas/v2/ernp/DummyErnpClient.java | 66 ++++ .../modules/auth/eidas/v2/ernp/IErnpClient.java | 43 ++ .../v2/exception/ManualFixNecessaryException.java | 6 +- .../auth/eidas/v2/exception/WorkflowException.java | 6 +- .../CountrySpecificDetailSearchProcessor.java | 61 +++ .../handler/DeSpecificDetailSearchProcessor.java | 35 +- .../ICountrySpecificDetailSearchProcessor.java | 61 --- .../handler/ItSpecificDetailSearchProcessor.java | 34 +- .../auth/eidas/v2/tasks/InitialSearchTask.java | 188 ++++----- .../eidas/v2/tasks/ReceiveAuthnResponseTask.java | 2 +- .../auth/eidas/v2/utils/EidasResponseUtils.java | 82 +--- .../modules/auth/eidas/v2/zmr/DummyZmrClient.java | 27 +- .../modules/auth/eidas/v2/zmr/IZmrClient.java | 27 +- .../src/main/resources/eidas_v2_auth.beans.xml | 2 +- .../v2/test/tasks/InitialSearchTaskFirstTest.java | 438 +++++++++------------ .../resources/SpringTest-context_tasks_test.xml | 2 +- 24 files changed, 683 insertions(+), 612 deletions(-) delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/DummyErnbClient.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/IErnbClient.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java (limited to 'connector/src') diff --git a/connector/src/main/resources/properties/status_messages_en.properties b/connector/src/main/resources/properties/status_messages_en.properties index 80228a47..c430fc90 100644 --- a/connector/src/main/resources/properties/status_messages_en.properties +++ b/connector/src/main/resources/properties/status_messages_en.properties @@ -6,6 +6,9 @@ eidas.04=Request contains no sessionToken. Authentication process stops eidas.05=Received eIDAS response-message is not valid. Reason: {0} eidas.06=LoA from eIDAS response-message {0} does not match to requested LoA eidas.07=eIDAS Response attribute-validation FAILED. Attribute:{0} Reason: {1} +eidas.08=An unexpected error occurred. +eidas.09=An error occurred while loading your data from official registers. Please contact the support. + config.01=No configuration-file parameter found. Maybe Java SystemD parameter is missing config.03=Can not load configuration from path {0} (See logs for more details) diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 767a2d12..57fd6ef1 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -32,7 +32,7 @@ public class Constants { public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA"; public static final String DATA_REQUESTED_LOA_COMPERISON = "req_requestedLoAComperision"; public static final String DATA_FULL_EIDAS_RESPONSE = "resp_fulleIDASResponse"; - public static final String DATA_RESULT_MATCHING_BPK = "matching-result-bpk";//TODO? + public static final String DATA_RESULT_MATCHING_BPK = "matching-result-bpk"; // templates for post-binding forwarding public static final String TEMPLATE_POST_FORWARD_NAME = "eidas_node_forward.html"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/ErnbEidData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/ErnbEidData.java index 6c7eeb6b..b780d3e8 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/ErnbEidData.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/ErnbEidData.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2020 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java index 056b0450..7703af2a 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java @@ -1,3 +1,26 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; @@ -5,28 +28,48 @@ import lombok.Data; import java.util.ArrayList; -@Data public class MergedRegisterSearchResult { +@Data +public class MergedRegisterSearchResult { + + final ArrayList resultsZmr; + final ArrayList resultsErnp; - ArrayList resultsZmr = new ArrayList<>(); - ArrayList resultsErnb = new ArrayList<>(); + public MergedRegisterSearchResult(ArrayList resultsZmr, ArrayList resultsErnp) { + this.resultsZmr = resultsZmr; + this.resultsErnp = resultsErnp; + } public int getResultCount() { - return resultsZmr.size() + resultsErnb.size(); + return resultsZmr.size() + resultsErnp.size(); } /** - * Verfies that there is only one match and retunrs the bpk. + * Verifies that there is only one match and returns the bpk. + * * @return bpk bpk of the match * @throws WorkflowException if multiple results have been found */ public String getBpk() throws WorkflowException { + if (getResultCount() != 1) { + throw new WorkflowException("getResultCount() != 1"); + } + return getResult().getBpk(); + } + + /** + * Returns the results, if there is exactly one, throws exception otherwise. + * + * @return The result + * @throws WorkflowException Results does not contain exactly one result + */ + public RegisterResult getResult() throws WorkflowException { if (getResultCount() != 1) { throw new WorkflowException("getResultCount() != 1"); } if (resultsZmr.size() == 1) { - return resultsZmr.get(0).getBpk(); + return resultsZmr.get(0); } else { - return resultsErnb.get(0).getBpk(); + return resultsErnp.get(0); } } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java index c92808a1..1cc36fe9 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java @@ -1,3 +1,26 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; @@ -7,18 +30,18 @@ import lombok.Data; public class RegisterResult { // MDS - private String pseudonym = null; - private String givenName = null; - private String familyName = null; - private String dateOfBirth = null; + private String pseudonym; + private String givenName; + private String familyName; + private String dateOfBirth; // additional attributes - private String placeOfBirth = null; - private String birthName = null; - private String taxNumber = null; - private PostalAddressType address = null; + private String placeOfBirth; + private String birthName; + private String taxNumber; + private PostalAddressType address; - private String bpk = null; + private String bpk; /** * Register search result. @@ -37,26 +60,6 @@ public class RegisterResult { this.dateOfBirth = dateOfBirth; } - /** - * Register search result. - * - * @param bpk The bpk - * @param pseudonym The pseudonym - * @param givenName The givenName - * @param familyName The familyName - * @param dateOfBirth The dateOfBirth - * @param placeOfBirth The placeOfBirth - */ - public RegisterResult(String bpk, String pseudonym, String givenName, String familyName, String dateOfBirth, - String placeOfBirth) { - this.bpk = bpk; - this.pseudonym = pseudonym; - this.givenName = givenName; - this.familyName = familyName; - this.dateOfBirth = dateOfBirth; - this.placeOfBirth = placeOfBirth; - } - /** * Register search result. * diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java index 674f5b48..57597122 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2020 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * @@ -30,18 +30,18 @@ import lombok.Data; @Data public class SimpleEidasData { - private String citizenCountryCode = null; + private String citizenCountryCode; // MDS - private String pseudonym = null; - private String givenName = null; - private String familyName = null; - private String dateOfBirth = null; + private String pseudonym; + private String givenName; + private String familyName; + private String dateOfBirth; // additional attributes - private String placeOfBirth = null; - private String birthName = null; - private PostalAddressType address = null; + private String placeOfBirth; + private String birthName; + private PostalAddressType address; private String taxNumber; /** @@ -51,14 +51,7 @@ public class SimpleEidasData { * @throws WorkflowException if multiple results have been found */ public boolean equalsRegisterData(MergedRegisterSearchResult result) throws WorkflowException { - if (result.getResultCount() != 1) { - throw new WorkflowException("result.getResultCount() != 1"); - } - if (result.getResultsErnb().size() == 1) { - return equalsRegisterData(result.getResultsErnb().get(0)); - } else { - return equalsRegisterData(result.getResultsZmr().get(0)); - } + return equalsRegisterData(result.getResult()); } private boolean equalsRegisterData(RegisterResult result) { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/DummyErnbClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/DummyErnbClient.java deleted file mode 100644 index 2d2fa76d..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/DummyErnbClient.java +++ /dev/null @@ -1,43 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import org.springframework.stereotype.Service; - -import java.util.ArrayList; - -@Service("ErnbClientForeIDAS") -public class DummyErnbClient implements IErnbClient { - - @Override - public ArrayList searchWithPersonIdentifer(String personIdentifer) { - return resultEmpty(); - } - - @Override - public ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth) { - return resultEmpty();//TODO will I only receive matches where all three values match perfectly? - } - - @Override - public ArrayList searchDeSpecific(String givenName, String familyName, String dateOfBirth, - String birthPlace, String birthName) { - return resultEmpty();//TODO - } - - @Override - public ArrayList searchItSpecific(String txNumber) { - return resultEmpty();//TODO - } - - @Override - public void update(RegisterResult registerResult, SimpleEidasData eidData) { - //TODO - } - - private ArrayList resultEmpty() { - return new ArrayList();//Nobody found - } - - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/IErnbClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/IErnbClient.java deleted file mode 100644 index cda4c426..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/IErnbClient.java +++ /dev/null @@ -1,20 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; - -import java.util.ArrayList; - -public interface IErnbClient { - - ArrayList searchWithPersonIdentifer(String personIdentifer); - - ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth); - - ArrayList searchDeSpecific(String givenName, String familyName, String dateOfBirth, - String birthPlace, String birthName); - - ArrayList searchItSpecific(String txNumber); - - void update(RegisterResult registerResult, SimpleEidasData eidData); -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java new file mode 100644 index 00000000..3b49ab95 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java @@ -0,0 +1,66 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import org.springframework.stereotype.Service; + +import java.util.ArrayList; + +@Service("ErnbClientForeIDAS") +public class DummyErnpClient implements IErnpClient { + + @Override + public ArrayList searchWithPersonIdentifier(String personIdentifier) { + return resultEmpty(); + } + + @Override + public ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth) { + return resultEmpty();//TODO will I only receive matches where all three values match perfectly? + } + + @Override + public ArrayList searchDeSpecific(String givenName, String familyName, String dateOfBirth, + String birthPlace, String birthName) { + return resultEmpty();//TODO + } + + @Override + public ArrayList searchItSpecific(String taxNumber) { + return resultEmpty();//TODO + } + + @Override + public void update(RegisterResult registerResult, SimpleEidasData eidData) { + //TODO + } + + private ArrayList resultEmpty() { + return new ArrayList();//Nobody found + } + + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java new file mode 100644 index 00000000..01ac88fb --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java @@ -0,0 +1,43 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; + +import java.util.ArrayList; + +public interface IErnpClient { + + ArrayList searchWithPersonIdentifier(String personIdentifier); + + ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth); + + ArrayList searchDeSpecific(String givenName, String familyName, String dateOfBirth, + String birthPlace, String birthName); + + ArrayList searchItSpecific(String taxNumber); + + void update(RegisterResult registerResult, SimpleEidasData eidData); +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java index c22e8135..2fecaa6b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2020 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * @@ -29,10 +29,10 @@ public class ManualFixNecessaryException extends EidasSAuthenticationException { private static final long serialVersionUID = 1L; public ManualFixNecessaryException(String personIdentifier) { - super("eidas.00", new Object[] { personIdentifier });//TODO "eidas.00" + super("eidas.09", new Object[] { personIdentifier }); } public ManualFixNecessaryException(SimpleEidasData eidData) { - super("eidas.00", new Object[] { eidData.getPseudonym() });//TODO "eidas.00" => what info to pass??? + super("eidas.09", new Object[] { eidData.getPseudonym() });//TODO what info to pass??? } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/WorkflowException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/WorkflowException.java index aa879bcc..b6f3309b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/WorkflowException.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/WorkflowException.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2020 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * @@ -19,7 +19,7 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. -*/ + */ package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; @@ -27,7 +27,7 @@ public class WorkflowException extends EidasSAuthenticationException { private static final long serialVersionUID = 1L; public WorkflowException(String data) { - super("eidas.00", new Object[] { data }); + super("eidas.08", new Object[]{data}); } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java new file mode 100644 index 00000000..c5b3b231 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java @@ -0,0 +1,61 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; + +public abstract class CountrySpecificDetailSearchProcessor { + + protected IErnpClient ernbClient; + protected IZmrClient zmrClient; + + public CountrySpecificDetailSearchProcessor(IErnpClient ernbClient, IZmrClient zmrClient) { + this.ernbClient = ernbClient; + this.zmrClient = zmrClient; + } + + /** + * Get a friendlyName of this post-processor implementation. + * + * @return + */ + public String getName() { + return this.getClass().getName(); + } + + /** + * Check if this postProcessor is sensitive for a specific country. + * + * @param countryCode of the eID data that should be processed + * @param eidData eID data + * @return true if this implementation can handle the country, otherwise false + */ + public abstract boolean canHandle(String countryCode, SimpleEidasData eidData); + + public abstract MergedRegisterSearchResult search(SimpleEidasData eidData); + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java index e8cb7a1a..a29725c8 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java @@ -1,17 +1,40 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb.IErnbClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; import java.util.ArrayList; -public class DeSpecificDetailSearchProcessor extends ICountrySpecificDetailSearchProcessor { +public class DeSpecificDetailSearchProcessor extends CountrySpecificDetailSearchProcessor { - public DeSpecificDetailSearchProcessor(IErnbClient ernbClient, IZmrClient zmrClient) { + public DeSpecificDetailSearchProcessor(IErnpClient ernbClient, IZmrClient zmrClient) { super(ernbClient, zmrClient); } @@ -31,17 +54,17 @@ public class DeSpecificDetailSearchProcessor extends ICountrySpecificDetailSearc @Override public MergedRegisterSearchResult search(SimpleEidasData eidData) { - MergedRegisterSearchResult searchResult = new MergedRegisterSearchResult(); + ArrayList resultsZmr = zmrClient.searchDeSpecific(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth(), eidData.getPlaceOfBirth(), eidData.getBirthName()); - searchResult.setResultsZmr(resultsZmr); ArrayList resultsErnb = ernbClient.searchDeSpecific(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth(), eidData.getPlaceOfBirth(), eidData.getBirthName()); - searchResult.setResultsErnb(resultsErnb); + + MergedRegisterSearchResult searchResult = new MergedRegisterSearchResult(resultsZmr, resultsErnb); return searchResult; } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java deleted file mode 100644 index 6a2b2c0a..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb.IErnbClient; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; - -public abstract class ICountrySpecificDetailSearchProcessor { - - protected IErnbClient ernbClient; - protected IZmrClient zmrClient; - - public ICountrySpecificDetailSearchProcessor(IErnbClient ernbClient, IZmrClient zmrClient) { - this.ernbClient = ernbClient; - this.zmrClient = zmrClient; - } - - /** - * Get a friendlyName of this post-processor implementation. - * - * @return - */ - public String getName() { - return this.getClass().getName(); - } - - /** - * Check if this postProcessor is sensitive for a specific country. - * - * @param countryCode of the eID data that should be processed - * @param eidData eID data - * @return true if this implementation can handle the country, otherwise false - */ - public abstract boolean canHandle(String countryCode, SimpleEidasData eidData); - - public abstract MergedRegisterSearchResult search(SimpleEidasData eidData); - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java index a94a67b3..e730066d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java @@ -1,17 +1,40 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb.IErnbClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; import java.util.ArrayList; -public class ItSpecificDetailSearchProcessor extends ICountrySpecificDetailSearchProcessor { +public class ItSpecificDetailSearchProcessor extends CountrySpecificDetailSearchProcessor { - public ItSpecificDetailSearchProcessor(IErnbClient ernbClient, IZmrClient zmrClient) { + public ItSpecificDetailSearchProcessor(IErnpClient ernbClient, IZmrClient zmrClient) { super(ernbClient, zmrClient); } @@ -28,15 +51,14 @@ public class ItSpecificDetailSearchProcessor extends ICountrySpecificDetailSearc @Override public MergedRegisterSearchResult search(SimpleEidasData eidData) { - MergedRegisterSearchResult searchResult = new MergedRegisterSearchResult(); ArrayList resultsZmr = zmrClient.searchItSpecific(eidData.getTaxNumber()); - searchResult.setResultsZmr(resultsZmr); ArrayList resultsErnb = ernbClient.searchItSpecific(eidData.getTaxNumber()); - searchResult.setResultsErnb(resultsErnb); + + MergedRegisterSearchResult searchResult = new MergedRegisterSearchResult(resultsZmr, resultsErnb); return searchResult; } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index 5906ee6c..c4f0f146 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2020 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * @@ -42,12 +42,11 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb.IErnbClient; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ICountrySpecificDetailSearchProcessor; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificDetailSearchProcessor; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -63,29 +62,32 @@ import lombok.extern.slf4j.Slf4j; /** - * Task that searches ErnB and ZMR before adding person to SZR. + * Task that searches ErnP and ZMR before adding person to SZR. * - * @author tlenz + * @author amarsalek */ @Slf4j @Component("InitialSearchTask") -// NOTE: General: Please rebase git commit and squash them where useful, i.e. "remove unused import" should -// not be a separate commit. public class InitialSearchTask extends AbstractAuthServletTask { - private List handlers = new ArrayList<>(); + private final List handlers; + private final IErnpClient ernpClient; + private final IZmrClient zmrClient; - private IErnbClient ernbClient; - private IZmrClient zmrClient; - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv. - * egovernment.moa.id.process.api.ExecutionContext, - * javax.servlet.http.HttpServletRequest, - * javax.servlet.http.HttpServletResponse) + /** + * Constructor. + * @param handlers List of countrySpecificSearchProcessors + * @param ernpClient Ernp client + * @param zmrClient ZMR client */ + public InitialSearchTask(List handlers, IErnpClient ernpClient, + IZmrClient zmrClient) { + this.ernpClient = ernpClient; + this.zmrClient = zmrClient; + this.handlers = handlers; + log.info("# " + handlers.size() + " country specific detail search services are registered"); + } + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { @@ -94,7 +96,6 @@ public class InitialSearchTask extends AbstractAuthServletTask { final ILightResponse eidasResponse = authProcessData .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); - // post-process eIDAS attributes final SimpleEidasData eidData = convertSimpleMapToSimpleData(convertEidasAttrToSimpleMap( eidasResponse.getAttributes().getAttributeMap())); @@ -107,10 +108,11 @@ public class InitialSearchTask extends AbstractAuthServletTask { } private String step2RegisterSearchWithPersonidentifier(SimpleEidasData eidData) throws TaskExecutionException { + log.trace("Starting step2RegisterSearchWithPersonidentifier"); String personIdentifier = eidData.getPseudonym(); MergedRegisterSearchResult result = searchInZmrAndErnp(personIdentifier); if (result.getResultCount() == 0) { - return step5CheckCountrySpecificSearchPossible(result, eidData); + return step5CheckAndPerformCountrySpecificSearchIfPossible(result, eidData); } else if (result.getResultCount() == 1) { return step3CheckRegisterUpdateNecessary(result, eidData); } @@ -118,46 +120,9 @@ public class InitialSearchTask extends AbstractAuthServletTask { new ManualFixNecessaryException(personIdentifier)); } - private SimpleEidasData convertSimpleMapToSimpleData(Map eidasAttrMap) - throws EidasAttributeException, EidPostProcessingException { - SimpleEidasData simpleEidasData = new SimpleEidasData(); - - final Object eIdentifierObj = eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); - final Triple eIdentifier = - EidasResponseUtils.parseEidasPersonalIdentifier((String) eIdentifierObj); - simpleEidasData.setCitizenCountryCode(eIdentifier.getFirst()); - - // MDS attributes - simpleEidasData.setPseudonym(EidasResponseUtils.processPseudonym( - eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))); - simpleEidasData.setFamilyName(EidasResponseUtils.processFamilyName( - eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))); - simpleEidasData.setGivenName(EidasResponseUtils.processGivenName( - eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME))); - simpleEidasData.setDateOfBirth(EidasResponseUtils.processDateOfBirthToString( - eidasAttrMap.get(Constants.eIDAS_ATTR_DATEOFBIRTH))); - - // additional attributes - simpleEidasData.setPlaceOfBirth(EidasResponseUtils.processPlaceOfBirth( - eidasAttrMap.get(Constants.eIDAS_ATTR_PLACEOFBIRTH))); - simpleEidasData.setBirthName(EidasResponseUtils.processBirthName( - eidasAttrMap.get(Constants.eIDAS_ATTR_BIRTHNAME))); - simpleEidasData.setAddress(EidasResponseUtils.processAddress( - eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTADDRESS))); - - if (eidasAttrMap.containsKey(Constants.eIDAS_ATTR_TAXREFERENCE)) { - simpleEidasData.setTaxNumber(EidasResponseUtils.processTaxReference( - eidasAttrMap.get(Constants.eIDAS_ATTR_TAXREFERENCE))); - } - - //TODO other additional attributes - return simpleEidasData; - } - private String step3CheckRegisterUpdateNecessary(MergedRegisterSearchResult result, SimpleEidasData eidData) throws TaskExecutionException { - //check if data from eidas authentication matches with data from register - log.debug("Compare " + result + " with " + eidData); + log.trace("Starting step3CheckRegisterUpdateNecessary"); try { if (eidData.equalsRegisterData(result)) { //No update necessary, just return bpk @@ -172,18 +137,19 @@ public class InitialSearchTask extends AbstractAuthServletTask { private String step4UpdateRegisterData(MergedRegisterSearchResult result, SimpleEidasData eidData) throws WorkflowException { + log.trace("Starting step4UpdateRegisterData"); log.debug("Update " + result + " with " + eidData); //TODO wann rechtlich möglich? return result.getBpk(); } - private String step5CheckCountrySpecificSearchPossible(MergedRegisterSearchResult result, SimpleEidasData eidData) - throws TaskExecutionException { + private String step5CheckAndPerformCountrySpecificSearchIfPossible( + MergedRegisterSearchResult result, SimpleEidasData eidData) throws TaskExecutionException { + log.trace("Starting step5CheckAndPerformCountrySpecificSearchIfPossible"); String citizenCountry = eidData.getCitizenCountryCode(); - ICountrySpecificDetailSearchProcessor foundHandler = null; - for (final ICountrySpecificDetailSearchProcessor el : handlers) { - //5 check if country specific search is possible + CountrySpecificDetailSearchProcessor foundHandler = null; + for (final CountrySpecificDetailSearchProcessor el : handlers) { if (el.canHandle(citizenCountry, eidData)) { log.debug("Found suitable country specific search handler for " + citizenCountry + " by using: " + el.getName()); @@ -192,18 +158,16 @@ public class InitialSearchTask extends AbstractAuthServletTask { } } if (foundHandler == null) { - //MDS search return step8RegisterSearchWithMds(result, eidData); } else { - //country specific search return step6CountrySpecificSearch(foundHandler, result, eidData); } } - private String step6CountrySpecificSearch(ICountrySpecificDetailSearchProcessor countrySpecificDetailSearchProcessor, + private String step6CountrySpecificSearch(CountrySpecificDetailSearchProcessor countrySpecificDetailSearchProcessor, MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidData) throws TaskExecutionException { - //6 country specific search + log.trace("Starting step6CountrySpecificSearch"); MergedRegisterSearchResult countrySpecificDetailSearchResult = countrySpecificDetailSearchProcessor.search(eidData); @@ -212,7 +176,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { return step8RegisterSearchWithMds(initialSearchResult, eidData); case 1: return step7aKittProcess(initialSearchResult, countrySpecificDetailSearchResult, eidData); - default://should not happen + default: throw new TaskExecutionException(pendingReq, "Detail search - Kitt Process necessary.", new ManualFixNecessaryException(eidData)); } @@ -221,8 +185,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { private String step7aKittProcess(MergedRegisterSearchResult initialSearchResult, MergedRegisterSearchResult countrySpecificDetailSearchResult, SimpleEidasData eidData) throws TaskExecutionException { - //Automerge data - log.debug("Automerge " + initialSearchResult + " with " + eidData + " " + countrySpecificDetailSearchResult); + log.trace("Starting step7aKittProcess"); try { if (initialSearchResult.getResultCount() != 0) { throw new WorkflowException("initialSearchResult.getResultCount() != 0"); @@ -231,14 +194,11 @@ public class InitialSearchTask extends AbstractAuthServletTask { throw new WorkflowException("countrySpecificDetailSearchResult.getResultCount() != 1"); } if (countrySpecificDetailSearchResult.getResultsZmr().size() == 1) { - //update ZMR zmrClient.update(countrySpecificDetailSearchResult.getResultsZmr().get(0), eidData); } - if (countrySpecificDetailSearchResult.getResultsErnb().size() == 1) { - //update ErnB - ernbClient.update(countrySpecificDetailSearchResult.getResultsErnb().get(0), eidData); + if (countrySpecificDetailSearchResult.getResultsErnp().size() == 1) { + ernpClient.update(countrySpecificDetailSearchResult.getResultsErnp().get(0), eidData); } - String bpK = countrySpecificDetailSearchResult.getBpk(); return bpK; } catch (WorkflowException e) { @@ -248,35 +208,70 @@ public class InitialSearchTask extends AbstractAuthServletTask { private String step8RegisterSearchWithMds(MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidData) { - MergedRegisterSearchResult mdsSearchResult = new MergedRegisterSearchResult(); - + log.trace("Starting step8RegisterSearchWithMds"); ArrayList resultsZmr = zmrClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); - mdsSearchResult.setResultsZmr(resultsZmr); - ArrayList resultsErnb = - ernbClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); - mdsSearchResult.setResultsErnb(resultsErnb); + ArrayList resultsErnp = + ernpClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); + MergedRegisterSearchResult mdsSearchResult = new MergedRegisterSearchResult(resultsZmr, resultsErnp); log.debug("Automerge " + initialSearchResult + " with " + eidData + " " + mdsSearchResult); //TODO implement next phase and return correct value return "TODO-Temporary-Endnode-105"; } private MergedRegisterSearchResult searchInZmrAndErnp(String personIdentifier) { - MergedRegisterSearchResult initialSearchResult = new MergedRegisterSearchResult(); ArrayList resultsZmr = - zmrClient.searchWithPersonIdentifer(personIdentifier); - initialSearchResult.setResultsZmr(resultsZmr); + zmrClient.searchWithPersonIdentifier(personIdentifier); - ArrayList resultsErnb = - ernbClient.searchWithPersonIdentifer(personIdentifier); - initialSearchResult.setResultsErnb(resultsErnb); + ArrayList resultsErnp = + ernpClient.searchWithPersonIdentifier(personIdentifier); + MergedRegisterSearchResult initialSearchResult = new MergedRegisterSearchResult(resultsZmr, resultsErnp); return initialSearchResult; } + private SimpleEidasData convertSimpleMapToSimpleData(Map eidasAttrMap) + throws EidasAttributeException { + SimpleEidasData simpleEidasData = new SimpleEidasData(); + + final Object eIdentifierObj = eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + final Triple eIdentifier = + EidasResponseUtils.parseEidasPersonalIdentifier((String) eIdentifierObj); + if (eIdentifier == null) { + throw new EidasAttributeException("Error processing eIdentifier"); + } + simpleEidasData.setCitizenCountryCode(eIdentifier.getFirst()); + + // MDS attributes + simpleEidasData.setPseudonym(EidasResponseUtils.processPseudonym( + eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))); + simpleEidasData.setFamilyName(EidasResponseUtils.processFamilyName( + eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))); + simpleEidasData.setGivenName(EidasResponseUtils.processGivenName( + eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME))); + simpleEidasData.setDateOfBirth(EidasResponseUtils.processDateOfBirthToString( + eidasAttrMap.get(Constants.eIDAS_ATTR_DATEOFBIRTH))); + + // additional attributes + simpleEidasData.setPlaceOfBirth(EidasResponseUtils.processPlaceOfBirth( + eidasAttrMap.get(Constants.eIDAS_ATTR_PLACEOFBIRTH))); + simpleEidasData.setBirthName(EidasResponseUtils.processBirthName( + eidasAttrMap.get(Constants.eIDAS_ATTR_BIRTHNAME))); + simpleEidasData.setAddress(EidasResponseUtils.processAddress( + eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTADDRESS))); + + if (eidasAttrMap.containsKey(Constants.eIDAS_ATTR_TAXREFERENCE)) { + simpleEidasData.setTaxNumber(EidasResponseUtils.processTaxReference( + eidasAttrMap.get(Constants.eIDAS_ATTR_TAXREFERENCE))); + } + + //TODO other additional attributes + return simpleEidasData; + } + private Map convertEidasAttrToSimpleMap( ImmutableMap, ImmutableSet>> attributeMap) { final Map result = new HashMap<>(); @@ -293,7 +288,6 @@ public class InitialSearchTask extends AbstractAuthServletTask { } else { log.info("Ignore empty 'DateTime' attribute"); } - } else if (PostalAddress.class.equals(parameterizedType)) { final PostalAddress addressAttribute = EidasResponseUtils .translateAddressAttribute(el, attributeMap.get(el).asList()); @@ -304,7 +298,6 @@ public class InitialSearchTask extends AbstractAuthServletTask { } else { log.info("Ignore empty 'PostalAddress' attribute"); } - } else { final List natPersonIdObj = EidasResponseUtils .translateStringListAttribute(el, attributeMap.get(el)); @@ -312,7 +305,6 @@ public class InitialSearchTask extends AbstractAuthServletTask { if (StringUtils.isNotEmpty(stringAttr)) { result.put(el.getFriendlyName(), stringAttr); log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + stringAttr); - } else { log.info("Ignore empty 'String' attribute"); } @@ -324,18 +316,4 @@ public class InitialSearchTask extends AbstractAuthServletTask { return result; } - - /** - * Constructor. - * @param handlers List of countrySpecificSearchProcessors - * @param ernbClient Ernb client - * @param zmrClient ZMR client - */ - public InitialSearchTask(List handlers, IErnbClient ernbClient, - IZmrClient zmrClient) { - this.ernbClient = ernbClient; - this.zmrClient = zmrClient; - this.handlers = handlers; - log.info("# " + handlers.size() + " country specific detail search services are registered"); - } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java index 684546f7..0f733e8d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java @@ -94,7 +94,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { attrRegistry); // ********************************************************** - // ******* Store resonse infos into session object ********** + // ******* Store response infos into session object ********** // ********************************************************** // update MOA-Session data with received information diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java index aaa4212a..fa26c2c5 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java @@ -31,9 +31,6 @@ import java.util.regex.Pattern; import javax.annotation.Nullable; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; -import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; import org.slf4j.Logger; @@ -43,6 +40,8 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; import at.gv.egiz.eaaf.core.impl.data.Triple; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.AttributeValue; @@ -177,7 +176,6 @@ public class EidasResponseUtils { ImmutableList> attributeValues) { final AttributeValue firstAttributeValue = attributeValues.get(0); return (PostalAddress) firstAttributeValue.getValue(); - } /** @@ -185,34 +183,24 @@ public class EidasResponseUtils { * * @param currentAddressObj eIDAS current address information * @return current address or null if no attribute is available - * @throws EidPostProcessingException if post-processing fails * @throws EidasAttributeException if eIDAS attribute is of a wrong type */ - public static PostalAddressType processAddress(Object currentAddressObj) throws EidPostProcessingException, - EidasAttributeException { - + public static PostalAddressType processAddress(Object currentAddressObj) throws EidasAttributeException { if (currentAddressObj != null) { if (currentAddressObj instanceof PostalAddress) { final PostalAddressType result = new PostalAddressType(); result.setPostalCode(((PostalAddress) currentAddressObj).getPostCode()); result.setMunicipality(((PostalAddress) currentAddressObj).getPostName()); - // TODO: add more mappings - return result; - } else { log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_CURRENTADDRESS + " is of WRONG type"); throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTADDRESS); - } - } else { log.debug("NO '" + Constants.eIDAS_ATTR_CURRENTADDRESS + "' attribute. Post-Processing skipped ... "); } - return null; - } /** @@ -220,27 +208,20 @@ public class EidasResponseUtils { * * @param birthNameObj eIDAS birthname information * @return birthName or null if no attribute is available - * @throws EidPostProcessingException if post-processing fails * @throws EidasAttributeException if eIDAS attribute is of a wrong type */ - public static String processBirthName(Object birthNameObj) throws EidPostProcessingException, - EidasAttributeException { + public static String processBirthName(Object birthNameObj) throws EidasAttributeException { if (birthNameObj != null) { if (birthNameObj instanceof String) { return (String) birthNameObj; - } else { log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_BIRTHNAME + " is of WRONG type"); throw new EidasAttributeException(Constants.eIDAS_ATTR_BIRTHNAME); - } - } else { log.debug("NO '" + Constants.eIDAS_ATTR_BIRTHNAME + "' attribute. Post-Processing skipped ... "); } - return null; - } /** @@ -248,11 +229,9 @@ public class EidasResponseUtils { * * @param placeOfBirthObj eIDAS Place-of-Birth information * @return place of Birth or null if no attribute is available - * @throws EidPostProcessingException if post-processing fails * @throws EidasAttributeException if eIDAS attribute is of a wrong type */ - public static String processPlaceOfBirth(Object placeOfBirthObj) throws EidPostProcessingException, - EidasAttributeException { + public static String processPlaceOfBirth(Object placeOfBirthObj) throws EidasAttributeException { if (placeOfBirthObj != null) { if (placeOfBirthObj instanceof String) { return (String) placeOfBirthObj; @@ -266,9 +245,7 @@ public class EidasResponseUtils { } else { log.debug("NO '" + Constants.eIDAS_ATTR_PLACEOFBIRTH + "' attribute. Post-Processing skipped ... "); } - return null; - } /** @@ -277,16 +254,12 @@ public class EidasResponseUtils { * @param dateOfBirthObj eIDAS date-of-birth attribute information * @return formated user's date-of-birth * @throws EidasAttributeException if NO attribute is available - * @throws EidPostProcessingException if post-processing fails */ - public static DateTime processDateOfBirth(Object dateOfBirthObj) throws EidPostProcessingException, - EidasAttributeException { - if (dateOfBirthObj == null || !(dateOfBirthObj instanceof DateTime)) { + public static DateTime processDateOfBirth(Object dateOfBirthObj) throws EidasAttributeException { + if (!(dateOfBirthObj instanceof DateTime)) { throw new EidasAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); } - return (DateTime) dateOfBirthObj; - } /** @@ -295,11 +268,9 @@ public class EidasResponseUtils { * @param dateOfBirthObj eIDAS date-of-birth attribute information * @return formated user's date-of-birth as string * @throws EidasAttributeException if NO attribute is available - * @throws EidPostProcessingException if post-processing fails */ - public static String processDateOfBirthToString(Object dateOfBirthObj) throws EidPostProcessingException, - EidasAttributeException { - if (dateOfBirthObj == null || !(dateOfBirthObj instanceof DateTime)) { + public static String processDateOfBirthToString(Object dateOfBirthObj) throws EidasAttributeException { + if (!(dateOfBirthObj instanceof DateTime)) { throw new EidasAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); } return new SimpleDateFormat("yyyy-MM-dd").format(((DateTime) dateOfBirthObj).toDate()); @@ -311,16 +282,12 @@ public class EidasResponseUtils { * @param givenNameObj eIDAS givenName attribute information * @return formated user's givenname * @throws EidasAttributeException if NO attribute is available - * @throws EidPostProcessingException if post-processing fails */ - public static String processGivenName(Object givenNameObj) throws EidPostProcessingException, - EidasAttributeException { - if (givenNameObj == null || !(givenNameObj instanceof String)) { + public static String processGivenName(Object givenNameObj) throws EidasAttributeException { + if (!(givenNameObj instanceof String)) { throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); } - return (String) givenNameObj; - } /** @@ -329,16 +296,12 @@ public class EidasResponseUtils { * @param familyNameObj eIDAS familyName attribute information * @return formated user's familyname * @throws EidasAttributeException if NO attribute is available - * @throws EidPostProcessingException if post-processing fails */ - public static String processFamilyName(Object familyNameObj) throws EidPostProcessingException, - EidasAttributeException { - if (familyNameObj == null || !(familyNameObj instanceof String)) { + public static String processFamilyName(Object familyNameObj) throws EidasAttributeException { + if (!(familyNameObj instanceof String)) { throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); } - return (String) familyNameObj; - } /** @@ -347,17 +310,16 @@ public class EidasResponseUtils { * @param personalIdObj eIDAS PersonalIdentifierAttribute * @return Unique personal identifier without country-code information * @throws EidasAttributeException if NO attribute is available - * @throws EidPostProcessingException if post-processing fails */ - public static String processPseudonym(Object personalIdObj) throws EidPostProcessingException, - EidasAttributeException { - if (personalIdObj == null || !(personalIdObj instanceof String)) { + public static String processPseudonym(Object personalIdObj) throws EidasAttributeException { + if (!(personalIdObj instanceof String)) { throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); } - final Triple eIdentifier = EidasResponseUtils.parseEidasPersonalIdentifier((String) personalIdObj); - + if (eIdentifier.getThird() == null) { + throw new EidasAttributeException("Error processing eIdentifier"); + } return eIdentifier.getThird(); } @@ -367,15 +329,11 @@ public class EidasResponseUtils { * @param taxReferenceObj eIDAS TaxReference attribute information * @return formated user's TaxReference * @throws EidasAttributeException if NO attribute is available - * @throws EidPostProcessingException if post-processing fails */ - public static String processTaxReference(Object taxReferenceObj) throws EidPostProcessingException, - EidasAttributeException { - if (taxReferenceObj == null || !(taxReferenceObj instanceof String)) { + public static String processTaxReference(Object taxReferenceObj) throws EidasAttributeException { + if (!(taxReferenceObj instanceof String)) { throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); } - return (String) taxReferenceObj; - } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java index f4d77b03..60dd2ef2 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java @@ -1,3 +1,26 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; @@ -10,7 +33,7 @@ import java.util.ArrayList; public class DummyZmrClient implements IZmrClient { @Override - public ArrayList searchWithPersonIdentifer(String personIdentifer) { + public ArrayList searchWithPersonIdentifier(String personIdentifier) { return resultEmpty(); } @@ -26,7 +49,7 @@ public class DummyZmrClient implements IZmrClient { } @Override - public ArrayList searchItSpecific(String txNumber) { + public ArrayList searchItSpecific(String taxNumber) { return resultEmpty();//TODO } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java index 4af7bfe9..3a518e64 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java @@ -1,3 +1,26 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; @@ -7,14 +30,14 @@ import java.util.ArrayList; public interface IZmrClient { - ArrayList searchWithPersonIdentifer(String personIdentifer); + ArrayList searchWithPersonIdentifier(String personIdentifier); ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth); ArrayList searchDeSpecific(String givenName, String familyName, String dateOfBirth, String birthPlace, String birthName); - ArrayList searchItSpecific(String txNumber); + ArrayList searchItSpecific(String taxNumber); void update(RegisterResult registerResult, SimpleEidasData eidData); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index ca6eba20..52404bab 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -18,7 +18,7 @@ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient" /> + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.DummyErnpClient" /> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskFirstTest.java index f7fc6b06..a1dce0f2 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskFirstTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskFirstTest.java @@ -1,11 +1,34 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb.IErnbClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeSpecificDetailSearchProcessor; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ICountrySpecificDetailSearchProcessor; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificDetailSearchProcessor; import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ItSpecificDetailSearchProcessor; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.InitialSearchTask; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; @@ -27,10 +50,7 @@ import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; -import org.mockito.InjectMocks; -import org.mockito.Mock; import org.mockito.Mockito; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.test.annotation.DirtiesContext; @@ -46,6 +66,7 @@ import java.net.URI; import java.net.URISyntaxException; import java.util.ArrayList; import java.util.List; +import java.util.Random; @RunWith(SpringJUnit4ClassRunner.class) @@ -53,13 +74,9 @@ import java.util.List; @DirtiesContext(classMode = ClassMode.BEFORE_CLASS) public class InitialSearchTaskFirstTest { - @Autowired(required = true) - @Mock - @InjectMocks private InitialSearchTask task; - private IZmrClient zmrClient; - private IErnbClient ernbClient; + private IErnpClient ernpClient; final ExecutionContext executionContext = new ExecutionContextImpl(); private MockHttpServletRequest httpReq; @@ -68,6 +85,12 @@ public class InitialSearchTaskFirstTest { private String randomIdentifier = RandomStringUtils.randomNumeric(10); private String randomFamilyName = RandomStringUtils.randomNumeric(11); private String randomGivenName = RandomStringUtils.randomNumeric(12); + private String randomPlaceOfBirth = RandomStringUtils.randomNumeric(12); + private String randomBirthName = RandomStringUtils.randomNumeric(12); + private String randomDate = "2011-01-"+ (10 + new Random().nextInt(18)); + private String DE_ST = "de/st/"; + private String IT_ST = "it/st/"; + /** * jUnit class initializer. * @@ -101,68 +124,52 @@ public class InitialSearchTaskFirstTest { /** * One match, but register update needed */ - // NOTE: Why is the method named "testNode100a"? - public void testNode100a() throws Exception { + public void testNode100_UserIdentifiedUpdateNecessary_a() throws Exception { - //Mock ZMR ArrayList zmrResult = new ArrayList<>(); String randomBpk = RandomStringUtils.randomNumeric(6); - zmrResult.add(new RegisterResult(randomBpk, "de/st/"+randomIdentifier, "Max_new", randomFamilyName, "2011-01-01")); + String newFirstName = RandomStringUtils.randomAlphabetic(5); + zmrResult.add(new RegisterResult(randomBpk, DE_ST+randomIdentifier, newFirstName, randomFamilyName, randomDate)); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResult); - - //Mock ernb - ArrayList ernbResult = new ArrayList<>(); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResult); - - task = new InitialSearchTask(emptyHandlers(), ernbClient, zmrClient); - try { - task.execute(pendingReq, executionContext); - String bPk = (String) - pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); + ArrayList ernpResult = new ArrayList<>(); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - } catch (final TaskExecutionException e) { - // NOTE: assertTrue is probably the wrong method to use ... why catch the exception anyway? - Assert.assertTrue("Wrong workflow, should not reach this point", false); - } + task = new InitialSearchTask(emptyHandlers(), ernpClient, zmrClient); + task.execute(pendingReq, executionContext); + String bPk = (String) + pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); } @Test - // NOTE: Why is @DirtiesContext after each test necessary? What is changed in the context and why? @DirtiesContext /** * One match, but register update needed */ - public void testNode100b() throws Exception { + public void testNode100_UserIdentifiedUpdateNecessary_b() throws TaskExecutionException { - //Mock ZMR ArrayList zmrResult = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResult);//"de/st/max123"??? + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - //Mock ernb - ArrayList ernbResult = new ArrayList<>(); + ArrayList ernpResult = new ArrayList<>(); String randomBpk = RandomStringUtils.randomNumeric(6); - ernbResult.add(new RegisterResult(randomBpk, "de/st/"+randomIdentifier, "Max_new", randomFamilyName, "2011-01-01")); + ernpResult.add(new RegisterResult(randomBpk, DE_ST+randomIdentifier, "Max_new", randomFamilyName, randomDate)); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResult); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - task = new InitialSearchTask(emptyHandlers(), ernbClient, zmrClient); - try { - task.execute(pendingReq, executionContext); - String bPk = (String) - pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); + task = new InitialSearchTask(emptyHandlers(), ernpClient, zmrClient); + task.execute(pendingReq, executionContext); + String bPk = (String) + pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); - } catch (final TaskExecutionException e) { - Assert.assertTrue("Wrong workflow, should not reach this point", false); - } } @@ -171,21 +178,19 @@ public class InitialSearchTaskFirstTest { /** * Two matches found in ZMR */ - public void testNode101a() throws Exception { + public void testNode101_ManualFixNecessary_a() throws Exception { - //Mock ZMR ArrayList zmrResult = new ArrayList<>(); - zmrResult.add(new RegisterResult("bpkMax", "de/st/"+randomIdentifier, randomGivenName, randomFamilyName, "2011-01-01")); - zmrResult.add(new RegisterResult("bpkMax", "de/st/"+randomIdentifier, "Maximilian", randomFamilyName, "2011-01-01")); + zmrResult.add(new RegisterResult("bpkMax", DE_ST+randomIdentifier, randomGivenName, randomFamilyName, randomDate)); + zmrResult.add(new RegisterResult("bpkMax", DE_ST+randomIdentifier, "Maximilian", randomFamilyName, randomDate)); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResult); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - //Mock ernb - ArrayList ernbResult = new ArrayList<>(); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResult); + ArrayList ernpResult = new ArrayList<>(); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - task = new InitialSearchTask(emptyHandlers(), ernbClient, zmrClient); + task = new InitialSearchTask(emptyHandlers(), ernpClient, zmrClient); try { task.execute(pendingReq, executionContext); Assert.assertTrue("Wrong workflow, should not reach this point/ get a bpk", false); @@ -199,24 +204,24 @@ public class InitialSearchTaskFirstTest { @Test @DirtiesContext /** - * Two matches found in ErnB + * Two matches found in ErnP */ - public void testNode101b() throws Exception { - - //Mock ZMR + public void testNode101_ManualFixNecessary_b() throws Exception { + String randombpk = RandomStringUtils.random(5); ArrayList zmrResult = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResult); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - //Mock ernb - ArrayList ernbResult = new ArrayList<>(); - ernbResult.add(new RegisterResult("bpkMax", "de/st/"+randomIdentifier, randomGivenName, randomFamilyName, "2011-01-01")); - ernbResult.add(new RegisterResult("bpkMax", "de/st/"+randomIdentifier, "Maximilian", randomFamilyName, "2011-01-01")); + ArrayList ernpResult = new ArrayList<>(); + ernpResult.add(new RegisterResult(randombpk, DE_ST+randomIdentifier, randomGivenName, randomFamilyName, randomDate)); + ernpResult.add(new RegisterResult(randombpk, DE_ST+randomIdentifier, randomGivenName+RandomStringUtils.random(2), + randomFamilyName, + randomDate)); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResult); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - task = new InitialSearchTask(emptyHandlers(), ernbClient, zmrClient); + task = new InitialSearchTask(emptyHandlers(), ernpClient, zmrClient); try { task.execute(pendingReq, executionContext); Assert.assertTrue("Wrong workflow, should not reach this point/ get a bpk", false); @@ -231,30 +236,24 @@ public class InitialSearchTaskFirstTest { /** * One match, no register update needed */ - public void testNode102a() throws Exception { + public void testNode102_UserIdentified_a() throws Exception { - String randomBpk = RandomStringUtils.randomNumeric(12);; - //Mock ZMR + String randomBpk = RandomStringUtils.randomNumeric(12); ArrayList zmrResult = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResult); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - //Mock ernb - ArrayList ernbResult = new ArrayList<>(); - ernbResult.add(new RegisterResult(randomBpk, "de/st/"+randomIdentifier, randomGivenName, randomFamilyName, "2011-01-01")); + ArrayList ernpResult = new ArrayList<>(); + ernpResult.add(new RegisterResult(randomBpk, DE_ST+randomIdentifier, randomGivenName, randomFamilyName, randomDate)); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResult); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - task = new InitialSearchTask(emptyHandlers(), ernbClient, zmrClient); - try { - task.execute(pendingReq, executionContext); - String bPk = (String) - pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); - } catch (final TaskExecutionException e) { - Assert.assertTrue("Wrong workflow, should not reach this point", false); - } + task = new InitialSearchTask(emptyHandlers(), ernpClient, zmrClient); + task.execute(pendingReq, executionContext); + String bPk = (String) + pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); } @Test @@ -262,39 +261,33 @@ public class InitialSearchTaskFirstTest { /** * One match, no register update needed */ - public void testNode102b() throws Exception { + public void testNode102_UserIdentified_b() throws Exception { String randomBpk = RandomStringUtils.randomNumeric(14); - //Mock ZMR + ArrayList zmrResult = new ArrayList<>(); - zmrResult.add(new RegisterResult(randomBpk, "de/st/"+randomIdentifier, randomGivenName, randomFamilyName, "2011-01-01")); + zmrResult.add(new RegisterResult(randomBpk, DE_ST+randomIdentifier, randomGivenName, randomFamilyName, randomDate)); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResult); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - //Mock ernb - ArrayList ernbResult = new ArrayList<>(); + ArrayList ernpResult = new ArrayList<>(); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResult); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - task = new InitialSearchTask(emptyHandlers(), ernbClient, zmrClient); - try { - task.execute(pendingReq, executionContext); - String bPk = (String) - pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); - - } catch (final TaskExecutionException e) { - Assert.assertTrue("Wrong workflow, should not reach this point", false); - } + task = new InitialSearchTask(emptyHandlers(), ernpClient, zmrClient); + task.execute(pendingReq, executionContext); + String bPk = (String) + pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); } @Test @DirtiesContext /** - * One match found in ZMR and ErnB with detail search + * One match found in ZMR and ErnP with detail search */ - public void testNode103IT() throws Exception { + public void testNode103_UserIdentified_IT() throws Exception { String bpkRegister = RandomStringUtils.randomNumeric(14); String taxNumber = RandomStringUtils.randomNumeric(14); final AuthenticationResponse response = buildDummyAuthResponseRandomPersonIT_Tax(taxNumber); @@ -302,29 +295,26 @@ public class InitialSearchTaskFirstTest { pendingReq1.getSessionData(AuthProcessDataWrapper.class) .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - //Mock ZMR initial search ArrayList zmrResultInitial = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResultInitial); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResultInitial); ArrayList zmrResultSpecific = new ArrayList<>(); - //String bpk, String pseudonym, String givenName, String familyName, String dateOfBirth, - // String placeOfBirth, String birthName, String taxNumber, PostalAddressType address - zmrResultSpecific.add(new RegisterResult(bpkRegister, "it/st/"+randomIdentifier+"4", randomGivenName, randomFamilyName, - "2011-01-01", null, null, taxNumber, null)); - Mockito.when(zmrClient.searchItSpecific(taxNumber)).thenReturn(zmrResultSpecific); + zmrResultSpecific.add(new RegisterResult(bpkRegister, IT_ST+randomIdentifier+RandomStringUtils.random(2), + randomGivenName, + randomFamilyName, + randomDate, null, null, taxNumber, null)); - //Mock ernb initial search - ArrayList ernbResultInitial = new ArrayList<>(); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResultInitial); + Mockito.when(zmrClient.searchItSpecific(taxNumber)).thenReturn(zmrResultSpecific); + ArrayList ernpResultInitial = new ArrayList<>(); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResultInitial); - //Mock country specific search - List handlers = new ArrayList<>(); - ItSpecificDetailSearchProcessor it = new ItSpecificDetailSearchProcessor(ernbClient, zmrClient); + List handlers = new ArrayList<>(); + ItSpecificDetailSearchProcessor it = new ItSpecificDetailSearchProcessor(ernpClient, zmrClient); handlers.add(it); - task = new InitialSearchTask(handlers, ernbClient, zmrClient); + task = new InitialSearchTask(handlers, ernpClient, zmrClient); try { task.execute(pendingReq1, executionContext); @@ -340,26 +330,25 @@ public class InitialSearchTaskFirstTest { @Test @DirtiesContext /** - * Multiple matches found in ZMR and ErnB with detail search + * Multiple matches found in ZMR and ErnP with detail search */ - public void testNode103DE() throws Exception { + public void testNode103_UserIdentified_DE() throws Exception { String givenName = randomGivenName; String familyName = randomFamilyName; - String pseudonym = "de/st/max1234"; - String bpk = "bpkMax"; - String dateOfBirth = "2011-01-01"; - String placeOfBirth = "München"; - String birthName = "BabyMax"; + String pseudonym = DE_ST + RandomStringUtils.random(5); + String bpk = RandomStringUtils.random(5); + String dateOfBirth = randomDate; + String placeOfBirth = randomPlaceOfBirth; + String birthName = randomBirthName; final AuthenticationResponse response = buildDummyAuthResponseDE(givenName, familyName, pseudonym, dateOfBirth, placeOfBirth, birthName); TestRequestImpl pendingReq1 = new TestRequestImpl(); pendingReq1.getSessionData(AuthProcessDataWrapper.class) .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - //Mock ZMR initial search ArrayList zmrResultInitial = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResultInitial); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResultInitial); ArrayList zmrResultSpecific = new ArrayList<>(); zmrResultSpecific.add(new RegisterResult(bpk, pseudonym, givenName, familyName, dateOfBirth, placeOfBirth, @@ -368,16 +357,14 @@ public class InitialSearchTaskFirstTest { Mockito.when(zmrClient.searchDeSpecific(givenName, familyName, dateOfBirth, placeOfBirth, birthName)).thenReturn(zmrResultSpecific); - //Mock ernb initial search - ArrayList ernbResultInitial = new ArrayList<>(); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResultInitial); + ArrayList ernpResultInitial = new ArrayList<>(); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResultInitial); - //Mock country specific search - List handlers = new ArrayList<>(); - DeSpecificDetailSearchProcessor de = new DeSpecificDetailSearchProcessor(ernbClient, zmrClient); + List handlers = new ArrayList<>(); + DeSpecificDetailSearchProcessor de = new DeSpecificDetailSearchProcessor(ernpClient, zmrClient); handlers.add(de); - task = new InitialSearchTask(handlers, ernbClient, zmrClient); + task = new InitialSearchTask(handlers, ernpClient, zmrClient); try { task.execute(pendingReq1, executionContext); @@ -393,28 +380,27 @@ public class InitialSearchTaskFirstTest { @Test @DirtiesContext /** - * Multiple matches found in ZMR and ErnB with detail search + * Multiple matches found in ZMR and ErnP with detail search */ - public void testNode104DE() throws Exception { + public void testNode104_ManualFixNecessary_DE() throws Exception { String givenName = randomGivenName; String familyName = randomFamilyName; - String pseudonym1 = "de/st/max1234"; - String pseudonym2 = "de/st/max12345"; - String bpk1 = "bpkMax"; - String bpk2 = "bpkMax1"; - String dateOfBirth = "2011-01-01"; - String placeOfBirth = "München"; - String birthName = "BabyMax"; + String pseudonym1 = DE_ST + RandomStringUtils.random(5); + String pseudonym2 = pseudonym1 + RandomStringUtils.random(2); + String bpk1 = RandomStringUtils.random(5); + String bpk2 = bpk1 + RandomStringUtils.random(2); + String dateOfBirth = randomDate; + String placeOfBirth = randomPlaceOfBirth; + String birthName = randomBirthName; final AuthenticationResponse response = buildDummyAuthResponseDE(givenName, familyName, pseudonym1, dateOfBirth, placeOfBirth, birthName); TestRequestImpl pendingReq1 = new TestRequestImpl(); pendingReq1.getSessionData(AuthProcessDataWrapper.class) .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - //Mock ZMR initial search ArrayList zmrResultInitial = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResultInitial); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResultInitial); ArrayList zmrResultSpecific = new ArrayList<>(); zmrResultSpecific.add(new RegisterResult(bpk1, pseudonym1, givenName, familyName, dateOfBirth, placeOfBirth, @@ -425,23 +411,18 @@ public class InitialSearchTaskFirstTest { null, null)); Mockito.when(zmrClient.searchDeSpecific(givenName, familyName, dateOfBirth, placeOfBirth, birthName)).thenReturn(zmrResultSpecific); + ArrayList ernpResultInitial = new ArrayList<>(); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResultInitial); - //Mock ernb initial search - ArrayList ernbResultInitial = new ArrayList<>(); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResultInitial); - - //Mock country specific search - List handlers = new ArrayList<>(); - DeSpecificDetailSearchProcessor de = new DeSpecificDetailSearchProcessor(ernbClient, zmrClient); + List handlers = new ArrayList<>(); + DeSpecificDetailSearchProcessor de = new DeSpecificDetailSearchProcessor(ernpClient, zmrClient); handlers.add(de); - task = new InitialSearchTask(handlers, ernbClient, zmrClient); + task = new InitialSearchTask(handlers, ernpClient, zmrClient); try { task.execute(pendingReq1, executionContext); - Assert.assertTrue("Wrong workflow, should not reach this point/ get a bpk", false); - } catch (final TaskExecutionException e) { Throwable origE = e.getOriginalException(); Assert.assertTrue("Wrong exception", (origE.getCause() instanceof ManualFixNecessaryException)); @@ -451,43 +432,40 @@ public class InitialSearchTaskFirstTest { @Test @DirtiesContext /** - * Multiple matches found in ZMR and ErnB with detail search + * Multiple matches found in ZMR and ErnP with detail search */ - public void testNode104IT() throws Exception { + public void testNode104_ManualFixNecessary_IT() throws Exception { String fakeTaxNumber = RandomStringUtils.randomNumeric(14);; final AuthenticationResponse response = buildDummyAuthResponseRandomPersonIT_Tax(fakeTaxNumber); TestRequestImpl pendingReq1 = new TestRequestImpl(); pendingReq1.getSessionData(AuthProcessDataWrapper.class) .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - //Mock ZMR initial search ArrayList zmrResultInitial = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResultInitial); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResultInitial); ArrayList zmrResultSpecific = new ArrayList<>(); - zmrResultSpecific.add(new RegisterResult("bpkMax", "it/st/"+randomIdentifier+"4", randomGivenName, randomFamilyName, "2011-01-01", null, null, + zmrResultSpecific.add(new RegisterResult("bpkMax", IT_ST+randomIdentifier+"4", randomGivenName, randomFamilyName, + randomDate, null, null, fakeTaxNumber, null)); - zmrResultSpecific.add(new RegisterResult("bpkMax1", "it/st/"+randomIdentifier+"5", randomGivenName, randomFamilyName, "2011-01-01", null, null, + zmrResultSpecific.add(new RegisterResult("bpkMax1", IT_ST+randomIdentifier+"5", randomGivenName, randomFamilyName, + randomDate, null, null, fakeTaxNumber, null)); Mockito.when(zmrClient.searchItSpecific(fakeTaxNumber)).thenReturn(zmrResultSpecific); - //Mock ernb initial search - ArrayList ernbResultInitial = new ArrayList<>(); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResultInitial); + ArrayList ernpResultInitial = new ArrayList<>(); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResultInitial); - //Mock country specific search - List handlers = new ArrayList<>(); - ItSpecificDetailSearchProcessor it = new ItSpecificDetailSearchProcessor(ernbClient, zmrClient); + List handlers = new ArrayList<>(); + ItSpecificDetailSearchProcessor it = new ItSpecificDetailSearchProcessor(ernpClient, zmrClient); handlers.add(it); - task = new InitialSearchTask(handlers, ernbClient, zmrClient); + task = new InitialSearchTask(handlers, ernpClient, zmrClient); try { task.execute(pendingReq1, executionContext); - Assert.assertTrue("Wrong workflow, should not reach this point/ get a bpk", false); - } catch (final TaskExecutionException e) { Throwable origE = e.getOriginalException(); Assert.assertTrue("Wrong exception", (origE.getCause() instanceof ManualFixNecessaryException)); @@ -497,45 +475,35 @@ public class InitialSearchTaskFirstTest { @Test @DirtiesContext /** - * NO match found in ZMR and ErnB with Initial search + * NO match found in ZMR and ErnP with Initial search */ - public void testNode105() { + public void testNode105_TemporaryEnd() throws TaskExecutionException { - //Mock ZMR ArrayList zmrResult = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResult); - - //Mock ernb - ArrayList ernbResult = new ArrayList<>(); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResult); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - task = new InitialSearchTask(emptyHandlers(), ernbClient, zmrClient); - try { - task.execute(pendingReq, executionContext); + ArrayList ernpResult = new ArrayList<>(); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - String bPk = (String) - pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertTrue("Wrong bpk", bPk.equals("TODO-Temporary-Endnode-105")); - } catch (final TaskExecutionException e) { - Assert.assertTrue("Wrong workflow, should not reach this point", false); - } + task = new InitialSearchTask(emptyHandlers(), ernpClient, zmrClient); + task.execute(pendingReq, executionContext); + String bPk = (String) + pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + Assert.assertEquals("Wrong bpk", "TODO-Temporary-Endnode-105", bPk); } @NotNull private AuthenticationResponse buildDummyAuthResponseRandomPerson() throws URISyntaxException { - // NOTE: Those strings "de/st/max123" seem to be somehow relevant, but where do we need to use that exact string - // again? - // NOTE: If not, why not using random strings? return buildDummyAuthResponse(randomGivenName, randomFamilyName, - "de/st/"+randomIdentifier, "2011-01-01"); + DE_ST+randomIdentifier, randomDate); } private AuthenticationResponse buildDummyAuthResponseRandomPersonIT_Tax(String taxNumber) throws URISyntaxException { return buildDummyAuthResponse(randomGivenName, randomFamilyName, - "it/st/"+randomIdentifier, "2011-01-01", taxNumber, null, null); + IT_ST+randomIdentifier, randomDate, taxNumber, null, null); } @NotNull @@ -555,58 +523,46 @@ public class InitialSearchTaskFirstTest { private AuthenticationResponse buildDummyAuthResponse(String givenName, String familyName, String identifier, String dateOfBirth, String taxNumber, String placeOfBirth, String birthName) throws URISyntaxException { - final AttributeDefinition attributeDef = AttributeDefinition.builder() - .friendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).nameUri(new URI("ad", "sd", "ff")) - .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "af")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); - final AttributeDefinition attributeDef2 = AttributeDefinition.builder() - .friendlyName(Constants.eIDAS_ATTR_CURRENTFAMILYNAME).nameUri(new URI("ad", "sd", "fff")) - .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "aff")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); - final AttributeDefinition attributeDef3 = AttributeDefinition.builder() - .friendlyName(Constants.eIDAS_ATTR_CURRENTGIVENNAME).nameUri(new URI("ad", "sd", "ffff")) - .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "afff")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); - final AttributeDefinition attributeDef4 = AttributeDefinition.builder() - .friendlyName(Constants.eIDAS_ATTR_DATEOFBIRTH).nameUri(new URI("ad", "sd", "fffff")) - .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "affff")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller").build(); - final AttributeDefinition attributeDef5 = AttributeDefinition.builder() - .friendlyName(Constants.eIDAS_ATTR_TAXREFERENCE).nameUri(new URI("ad", "sd", "ffffff")) - .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "afffff")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); - final AttributeDefinition attributeDef6 = AttributeDefinition.builder() - .friendlyName(Constants.eIDAS_ATTR_PLACEOFBIRTH).nameUri(new URI("ad", "sd", "fffffff")) - .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "affffff")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); - final AttributeDefinition attributeDef7 = AttributeDefinition.builder() - .friendlyName(Constants.eIDAS_ATTR_BIRTHNAME).nameUri(new URI("ad", "sd", "ffffffff")) - .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "afffffff")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder() - .put(attributeDef, identifier) - .put(attributeDef2, familyName) - .put(attributeDef3, givenName) - .put(attributeDef4, dateOfBirth); - + .put(generateStringAttribute(Constants.eIDAS_ATTR_PERSONALIDENTIFIER,"ff","af"), identifier) + .put(generateStringAttribute(Constants.eIDAS_ATTR_CURRENTFAMILYNAME,"fff","aff"), familyName) + .put(generateStringAttribute(Constants.eIDAS_ATTR_CURRENTGIVENNAME,"ffff","afff"), givenName) + .put(generateDateTimeAttribute(Constants.eIDAS_ATTR_DATEOFBIRTH,"fffff","affff"), dateOfBirth); if (taxNumber != null) { - builder.put(attributeDef5, taxNumber); + builder.put(generateStringAttribute(Constants.eIDAS_ATTR_TAXREFERENCE,"ffffff","afffff"), taxNumber); } if (birthName != null) { - builder.put(attributeDef7, birthName); + builder.put(generateStringAttribute(Constants.eIDAS_ATTR_BIRTHNAME,"fffffff","affffff"), birthName); } if (placeOfBirth != null) { - builder.put(attributeDef6, placeOfBirth); + builder.put(generateStringAttribute(Constants.eIDAS_ATTR_PLACEOFBIRTH,"ffffffff","afffffff"), placeOfBirth); } final ImmutableAttributeMap attributeMap = builder.build(); val b = new AuthenticationResponse.Builder(); return b.id("aasdf").issuer("asd").subject("asf").statusCode("200").inResponseTo("asdf").subjectNameIdFormat( - "afaf") - .attributes(attributeMap).build(); + "afaf").attributes(attributeMap).build(); + } + + private AttributeDefinition generateStringAttribute(String friendlyName, String fragment, String prefix) throws URISyntaxException { + return generateAttribute(friendlyName, fragment, prefix, "eu.eidas.auth.commons.attribute.impl" + + ".LiteralStringAttributeValueMarshaller"); + } + + private AttributeDefinition generateDateTimeAttribute(String friendlyName, String fragment, String prefix) throws URISyntaxException { + return generateAttribute(friendlyName, fragment, prefix, "eu.eidas.auth.commons.attribute.impl" + + ".DateTimeAttributeValueMarshaller"); + } + + private AttributeDefinition generateAttribute(String friendlyName, String fragment, String prefix, + String marshaller) throws URISyntaxException { + return AttributeDefinition.builder() + .friendlyName(friendlyName).nameUri(new URI("ad", "sd", fragment)) + .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", prefix)) + .attributeValueMarshaller(marshaller).build(); } - private List emptyHandlers() { + private List emptyHandlers() { return new ArrayList<>(); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml index cde374a1..0989cbef 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml @@ -69,7 +69,7 @@ scope="prototype" /> + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.DummyErnpClient" /> -- cgit v1.2.3 From 0b703512f08bfc1cda18e6688c39fdc536045fdd Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 27 Jan 2021 11:19:29 +0100 Subject: fix problem in jUnit tests that depends on static Apache-Ignite holder in eIDAS Ref. implementation and occurin case of a start-up error --- .../specific/connector/test/FullStartUpAndProcessTest.java | 12 ++++++++++-- .../specific/connector/test/MainClassExecutableModeTest.java | 10 ++++++++-- .../specific/connector/test/MainClassWebAppModeTest.java | 7 +++++++ 3 files changed, 25 insertions(+), 4 deletions(-) (limited to 'connector/src') diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java index 77037415..fcb0e73a 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java @@ -6,6 +6,7 @@ import static org.powermock.api.mockito.PowerMockito.when; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.UnsupportedEncodingException; +import java.lang.reflect.Field; import java.net.URISyntaxException; import java.util.Map; import java.util.Timer; @@ -71,6 +72,7 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter; import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; +import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.light.ILightRequest; @@ -151,13 +153,19 @@ public class FullStartUpAndProcessTest { /** * Test shut-down. * - * @throws IOException In case of an error + * @throws Exception In case of an error */ @AfterClass - public static void closeIgniteNode() throws IOException { + public static void closeIgniteNode() throws Exception { System.out.println("Closiong Ignite Node ... "); Ignition.stopAll(true); + + //set Ignite-node holder to 'null' because static holders are shared between different tests + final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance"); + field.setAccessible(true); + field.set(null, null); + } /** diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java index 86df55df..708560b2 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java @@ -22,6 +22,7 @@ import org.junit.runners.BlockJUnit4ClassRunner; import at.asitplus.eidas.specific.connector.SpringBootApplicationInitializer; import at.gv.egiz.eaaf.core.impl.logging.DummyStatusMessager; import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory; +import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication; import lombok.extern.slf4j.Slf4j; @Slf4j @@ -50,17 +51,22 @@ public class MainClassExecutableModeTest { /** * Initializer. - * @throws InterruptedException In case of an error + * @throws Exception In case of an error * */ @AfterClass - public static void closeIgniteNode() throws InterruptedException { + public static void closeIgniteNode() throws Exception { System.out.println("Closing Ignite Node ... "); log.info("Stopping already running Apache Ignite nodes ... "); Ignition.stopAll(true); Thread.sleep(1000); + //set Ignite-node holder to 'null' because static holders are shared between different tests + final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance"); + field.setAccessible(true); + field.set(null, null); + } /** diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java index 07ef4968..79d062ae 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java @@ -22,6 +22,7 @@ import org.junit.runners.BlockJUnit4ClassRunner; import at.asitplus.eidas.specific.connector.SpringBootApplicationInitializer; import at.gv.egiz.eaaf.core.impl.logging.DummyStatusMessager; import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory; +import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication; @RunWith(BlockJUnit4ClassRunner.class) public class MainClassWebAppModeTest { @@ -68,6 +69,12 @@ public class MainClassWebAppModeTest { System.clearProperty("eidas.ms.configuration"); SpringBootApplicationInitializer.exit(); + + + //set Ignite-node holder to 'null' because static holders are shared between different tests + final Field field1 = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance"); + field1.setAccessible(true); + field1.set(null, null); } -- cgit v1.2.3 From cb42a3bce6a63f401750a77008ec69fe731365a1 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Thu, 28 Jan 2021 08:23:51 +0100 Subject: junit keystore and config --- .../config/junit_config_1_springboot.properties | 37 ++++++++++++++++++++ .../config/junit_config_2_springboot.properties | 38 +++++++++++++++++++++ .../src/test/resources/config/keys/junit_test.jks | Bin 0 -> 8410 bytes .../v2/mobilesig/EidasCentralAuthConstants.java | 2 +- .../EidasCentralAuthCredentialProvider.java | 2 +- .../src/main/resources/eidas_v2_auth.beans.xml | 7 ++++ 6 files changed, 84 insertions(+), 2 deletions(-) create mode 100644 connector/src/test/resources/config/keys/junit_test.jks (limited to 'connector/src') diff --git a/connector/src/test/resources/config/junit_config_1_springboot.properties b/connector/src/test/resources/config/junit_config_1_springboot.properties index e63cda7b..6bf2d399 100644 --- a/connector/src/test/resources/config/junit_config_1_springboot.properties +++ b/connector/src/test/resources/config/junit_config_1_springboot.properties @@ -81,3 +81,40 @@ eidas.ms.sp.1.pvp2.metadata.url=http://junit.test/metadata eidas.ms.sp.1.policy.allowed.requested.targets=test eidas.ms.sp.1.policy.hasBaseIdTransferRestriction=true +## PVP2 S-Profile client configuration +#eidas.ms.modules.eidascentralauth.keystore.type=jks +#eidas.ms.modules.eidascentralauth.keystore.path=keys/junit.jks1 +#eidas.ms.modules.eidascentralauth.keystore.password=password +#eidas.ms.modules.eidascentralauth.key.metadata.alias=meta +#eidas.ms.modules.eidascentralauth.key.metadata.password=password +#eidas.ms.modules.eidascentralauth.key.signing.alias=sig +#eidas.ms.modules.eidascentralauth.key.signing.password=password +#eidas.ms.modules.eidascentralauth.metadata.validity=24 + +#file:src/test/resources/config/junit_config_1_springboot.properties +#eidas.ms.modules.eidascentralauth.keystore.path=src/test/resources/config/junit_test.jks +eidas.ms.modules.eidascentralauth.keystore.path=keys/junit_test.jks +eidas.ms.modules.eidascentralauth.keystore.password=password +eidas.ms.modules.eidascentralauth.keystore.type=jks + +eidas.ms.modules.eidascentralauth.metadata.sign.alias=meta +eidas.ms.modules.eidascentralauth.metadata.sign.password=password +eidas.ms.modules.eidascentralauth.request.sign.alias=sig +eidas.ms.modules.eidascentralauth.request.sign.password=password +eidas.ms.modules.eidascentralauth.response.encryption.alias=enc +eidas.ms.modules.eidascentralauth.response.encryption.password=password + +eidas.ms.modules.eidascentralauth.truststore.path=src/test/resources/config/junit_test.jks +eidas.ms.modules.eidascentralauth.truststore.password=password +eidas.ms.modules.eidascentralauth.truststore.type=jks + +eidas.ms.modules.eidascentralauth.node.entityId= +eidas.ms.modules.eidascentralauth.node.metadataUrl= + +eidas.ms.modules.eidascentralauth.metadata.organisation.name=JUnit +eidas.ms.modules.eidascentralauth.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.modules.eidascentralauth.metadata.organisation.url=http://junit.test +eidas.ms.modules.eidascentralauth.metadata.contact.givenname=Max +eidas.ms.modules.eidascentralauth.metadata.contact.surname=Mustermann +eidas.ms.modules.eidascentralauth.metadata.contact.email=max@junit.test + diff --git a/connector/src/test/resources/config/junit_config_2_springboot.properties b/connector/src/test/resources/config/junit_config_2_springboot.properties index ecb22dec..da82b92b 100644 --- a/connector/src/test/resources/config/junit_config_2_springboot.properties +++ b/connector/src/test/resources/config/junit_config_2_springboot.properties @@ -81,3 +81,41 @@ eidas.ms.sp.1.pvp2.metadata.url=http://junit.test/metadata eidas.ms.sp.1.policy.allowed.requested.targets=test eidas.ms.sp.1.policy.hasBaseIdTransferRestriction=true + +## PVP2 S-Profile client configuration +#eidas.ms.modules.eidascentralauth.keystore.type=jks +#eidas.ms.modules.eidascentralauth.keystore.path=keys/junit.jks1 +#eidas.ms.modules.eidascentralauth.keystore.password=password +#eidas.ms.modules.eidascentralauth.key.metadata.alias=meta +#eidas.ms.modules.eidascentralauth.key.metadata.password=password +#eidas.ms.modules.eidascentralauth.key.signing.alias=sig +#eidas.ms.modules.eidascentralauth.key.signing.password=password +#eidas.ms.modules.eidascentralauth.metadata.validity=24 + +#file:src/test/resources/config/junit_config_1_springboot.properties +#eidas.ms.modules.eidascentralauth.keystore.path=src/test/resources/config/junit_test.jks +eidas.ms.modules.eidascentralauth.keystore.path=keys/junit_test.jks +eidas.ms.modules.eidascentralauth.keystore.password=password +eidas.ms.modules.eidascentralauth.keystore.type=jks + +eidas.ms.modules.eidascentralauth.metadata.sign.alias=meta +eidas.ms.modules.eidascentralauth.metadata.sign.password=password +eidas.ms.modules.eidascentralauth.request.sign.alias=sig +eidas.ms.modules.eidascentralauth.request.sign.password=password +eidas.ms.modules.eidascentralauth.response.encryption.alias=enc +eidas.ms.modules.eidascentralauth.response.encryption.password=password + +eidas.ms.modules.eidascentralauth.truststore.path=src/test/resources/config/junit_test.jks +eidas.ms.modules.eidascentralauth.truststore.password=password +eidas.ms.modules.eidascentralauth.truststore.type=jks + +eidas.ms.modules.eidascentralauth.node.entityId= +eidas.ms.modules.eidascentralauth.node.metadataUrl= + +eidas.ms.modules.eidascentralauth.metadata.organisation.name=JUnit +eidas.ms.modules.eidascentralauth.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.modules.eidascentralauth.metadata.organisation.url=http://junit.test +eidas.ms.modules.eidascentralauth.metadata.contact.givenname=Max +eidas.ms.modules.eidascentralauth.metadata.contact.surname=Mustermann +eidas.ms.modules.eidascentralauth.metadata.contact.email=max@junit.test + diff --git a/connector/src/test/resources/config/keys/junit_test.jks b/connector/src/test/resources/config/keys/junit_test.jks new file mode 100644 index 00000000..ee6254a9 Binary files /dev/null and b/connector/src/test/resources/config/keys/junit_test.jks differ diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthConstants.java index e4d520b4..ef7f667c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthConstants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthConstants.java @@ -34,7 +34,7 @@ public class EidasCentralAuthConstants { public static final String CONFIG_PROPS_KEYSTORE_TYPE = CONFIG_PROPS_PREFIX + "keystore.type"; public static final String CONFIG_PROPS_KEYSTORE_NAME = CONFIG_PROPS_PREFIX + "keystore.name"; public static final String CONFIG_PROPS_KEYSTORE_PATH = CONFIG_PROPS_PREFIX + "keystore.path"; - public static final String CONFIG_PROPS_KEYSTOREPASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; + public static final String CONFIG_PROPS_KEYSTORE_PASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.password"; public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS = CONFIG_PROPS_PREFIX diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthCredentialProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthCredentialProvider.java index 13c84bc5..81ef82ed 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthCredentialProvider.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthCredentialProvider.java @@ -32,7 +32,7 @@ public class EidasCentralAuthCredentialProvider extends AbstractCredentialProvid authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE_NAME)); keyStoreConfig.setSoftKeyStoreFilePath(getKeyStoreFilePath()); keyStoreConfig.setSoftKeyStorePassword( - authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD)); + authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE_PASSWORD)); return keyStoreConfig; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index e1e3aedd..dd0e1345 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -137,4 +137,11 @@ + + + + + \ No newline at end of file -- cgit v1.2.3 From 9bb8ba415faee8bd454da6def37daf545bb559e1 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 26 Jan 2021 07:40:01 +0100 Subject: update SAML2 IDP elements of MS-specific Connector to current snapshot version (1.1.12-SNAPSHOT) of eaaf_module_pvp2_idp --- .../resources/specific_eIDAS_connector.beans.xml | 74 ++++++++++------------ .../spring/SpringTest_connector.beans.xml | 15 ++--- pom.xml | 2 +- 3 files changed, 42 insertions(+), 49 deletions(-) (limited to 'connector/src') diff --git a/connector/src/main/resources/specific_eIDAS_connector.beans.xml b/connector/src/main/resources/specific_eIDAS_connector.beans.xml index f6fdeefe..c59496b4 100644 --- a/connector/src/main/resources/specific_eIDAS_connector.beans.xml +++ b/connector/src/main/resources/specific_eIDAS_connector.beans.xml @@ -14,106 +14,100 @@ + class="at.asitplus.eidas.specific.connector.config.StaticResourceConfiguration" /> + class="at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalController" /> - - - + + class="at.asitplus.eidas.specific.connector.auth.AuthenticationManager" /> + class="at.asitplus.eidas.specific.connector.builder.AuthenticationDataBuilder" /> + class="at.asitplus.eidas.specific.connector.config.PvpEndPointConfiguration" /> + class="at.asitplus.eidas.specific.connector.provider.PvpEndPointCredentialProvider" /> + class="at.asitplus.eidas.specific.connector.provider.PvpMetadataConfigurationFactory" /> - - - + class="at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint"> + + + class="at.asitplus.eidas.specific.connector.verification.AuthnRequestValidator" /> - + - - - + class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.MetadataAction"> + - - - + class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AuthenticationAction"> + + + class="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService"> + class="at.gv.egiz.eaaf.core.impl.utils.SecurePendingRequestIdGenerationStrategy" /> + class="at.asitplus.eidas.specific.connector.provider.PvpMetadataProvider" /> + class="at.asitplus.eidas.specific.connector.builder.PvpSubjectNameGenerator" /> + class="at.asitplus.eidas.specific.connector.mapper.LoALevelMapper" /> + class="at.asitplus.eidas.specific.connector.gui.GuiBuilderConfigurationFactory" /> + class="at.asitplus.eidas.specific.connector.gui.DefaultVelocityGuiBuilderImpl" /> + class="at.asitplus.eidas.specific.connector.gui.SpringMvcGuiFormBuilderImpl" /> + class="at.asitplus.eidas.specific.connector.provider.StatusMessageProvider" /> + class="at.asitplus.eidas.specific.connector.logger.RevisionLogger" /> + class="at.asitplus.eidas.specific.connector.logger.StatisticLogger" /> + class="at.asitplus.eidas.specific.connector.processes.tasks.GenerateCountrySelectionFrameTask" + scope="prototype" /> + class="at.asitplus.eidas.specific.connector.processes.tasks.EvaluateCountrySelectionTask" + scope="prototype" /> \ No newline at end of file diff --git a/connector/src/test/resources/spring/SpringTest_connector.beans.xml b/connector/src/test/resources/spring/SpringTest_connector.beans.xml index ba385cb9..5819a915 100644 --- a/connector/src/test/resources/spring/SpringTest_connector.beans.xml +++ b/connector/src/test/resources/spring/SpringTest_connector.beans.xml @@ -38,16 +38,16 @@ - - - + + - + + @@ -58,9 +58,8 @@ - - - + +

0.3

0.4 - 1.1.11 + 1.1.12-SNAPSHOT

2.4.1

2.3.1 -- cgit v1.2.3 From 1791466bba8dc34971be3168ddcbf65b6cb2af98 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Thu, 28 Jan 2021 10:17:03 +0100 Subject: rename to IdAustriaClient --- .../config/junit_config_1_springboot.properties | 68 ++- .../config/junit_config_2_springboot.properties | 68 ++- .../AhExtendedPvpAttributeDefinitions.java | 24 ++ .../v2/idAustriaClient/AuthHandlerConstants.java | 141 ++++++ .../v2/idAustriaClient/IAhSpConfiguration.java | 151 +++++++ .../IdAustriaClientAuthConstants.java | 166 ++++++++ .../IdAustriaClientAuthCredentialProvider.java | 130 ++++++ .../IdAustriaClientAuthMetadataConfiguration.java | 471 +++++++++++++++++++++ .../IdAustriaClientAuthMetadataController.java | 149 +++++++ .../IdAustriaClientAuthMetadataProvider.java | 169 ++++++++ ...striaClientAuthRequestBuilderConfiguration.java | 300 +++++++++++++ .../AhExtendedPvpAttributeDefinitions.java | 24 -- .../eidas/v2/mobilesig/AuthHandlerConstants.java | 141 ------ .../v2/mobilesig/EidasCentralAuthConstants.java | 166 -------- .../EidasCentralAuthCredentialProvider.java | 130 ------ .../EidasCentralAuthMetadataConfiguration.java | 471 --------------------- .../EidasCentralAuthMetadataController.java | 149 ------- .../EidasCentralAuthMetadataProvider.java | 169 -------- ...idasCentralAuthRequestBuilderConfiguration.java | 300 ------------- .../eidas/v2/mobilesig/IAhSpConfiguration.java | 151 ------- .../GenerateMobilePhoneSignatureRequestTask.java | 24 +- .../src/main/resources/eidas_v2_auth.beans.xml | 6 +- 22 files changed, 1782 insertions(+), 1786 deletions(-) create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AhExtendedPvpAttributeDefinitions.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AuthHandlerConstants.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IAhSpConfiguration.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthConstants.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthCredentialProvider.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataConfiguration.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataController.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataProvider.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthRequestBuilderConfiguration.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AhExtendedPvpAttributeDefinitions.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AuthHandlerConstants.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthConstants.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthCredentialProvider.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataConfiguration.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataController.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataProvider.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthRequestBuilderConfiguration.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/IAhSpConfiguration.java (limited to 'connector/src') diff --git a/connector/src/test/resources/config/junit_config_1_springboot.properties b/connector/src/test/resources/config/junit_config_1_springboot.properties index 6bf2d399..1cfeef37 100644 --- a/connector/src/test/resources/config/junit_config_1_springboot.properties +++ b/connector/src/test/resources/config/junit_config_1_springboot.properties @@ -82,39 +82,37 @@ eidas.ms.sp.1.policy.allowed.requested.targets=test eidas.ms.sp.1.policy.hasBaseIdTransferRestriction=true ## PVP2 S-Profile client configuration -#eidas.ms.modules.eidascentralauth.keystore.type=jks -#eidas.ms.modules.eidascentralauth.keystore.path=keys/junit.jks1 -#eidas.ms.modules.eidascentralauth.keystore.password=password -#eidas.ms.modules.eidascentralauth.key.metadata.alias=meta -#eidas.ms.modules.eidascentralauth.key.metadata.password=password -#eidas.ms.modules.eidascentralauth.key.signing.alias=sig -#eidas.ms.modules.eidascentralauth.key.signing.password=password -#eidas.ms.modules.eidascentralauth.metadata.validity=24 - -#file:src/test/resources/config/junit_config_1_springboot.properties -#eidas.ms.modules.eidascentralauth.keystore.path=src/test/resources/config/junit_test.jks -eidas.ms.modules.eidascentralauth.keystore.path=keys/junit_test.jks -eidas.ms.modules.eidascentralauth.keystore.password=password -eidas.ms.modules.eidascentralauth.keystore.type=jks - -eidas.ms.modules.eidascentralauth.metadata.sign.alias=meta -eidas.ms.modules.eidascentralauth.metadata.sign.password=password -eidas.ms.modules.eidascentralauth.request.sign.alias=sig -eidas.ms.modules.eidascentralauth.request.sign.password=password -eidas.ms.modules.eidascentralauth.response.encryption.alias=enc -eidas.ms.modules.eidascentralauth.response.encryption.password=password - -eidas.ms.modules.eidascentralauth.truststore.path=src/test/resources/config/junit_test.jks -eidas.ms.modules.eidascentralauth.truststore.password=password -eidas.ms.modules.eidascentralauth.truststore.type=jks - -eidas.ms.modules.eidascentralauth.node.entityId= -eidas.ms.modules.eidascentralauth.node.metadataUrl= - -eidas.ms.modules.eidascentralauth.metadata.organisation.name=JUnit -eidas.ms.modules.eidascentralauth.metadata.organisation.friendyname=For testing with jUnit -eidas.ms.modules.eidascentralauth.metadata.organisation.url=http://junit.test -eidas.ms.modules.eidascentralauth.metadata.contact.givenname=Max -eidas.ms.modules.eidascentralauth.metadata.contact.surname=Mustermann -eidas.ms.modules.eidascentralauth.metadata.contact.email=max@junit.test +#eidas.ms.modules.idaustriaclient.keystore.type=jks +#eidas.ms.modules.idaustriaclient.keystore.path=keys/junit.jks1 +#eidas.ms.modules.idaustriaclient.keystore.password=password +#eidas.ms.modules.idaustriaclient.key.metadata.alias=meta +#eidas.ms.modules.idaustriaclient.key.metadata.password=password +#eidas.ms.modules.idaustriaclient.key.signing.alias=sig +#eidas.ms.modules.idaustriaclient.key.signing.password=password +#eidas.ms.modules.idaustriaclient.metadata.validity=24 + +eidas.ms.modules.idaustriaclient.keystore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaclient.keystore.password=password +eidas.ms.modules.idaustriaclient.keystore.type=jks + +eidas.ms.modules.idaustriaclient.metadata.sign.alias=meta +eidas.ms.modules.idaustriaclient.metadata.sign.password=password +eidas.ms.modules.idaustriaclient.request.sign.alias=sig +eidas.ms.modules.idaustriaclient.request.sign.password=password +eidas.ms.modules.idaustriaclient.response.encryption.alias=enc +eidas.ms.modules.idaustriaclient.response.encryption.password=password + +eidas.ms.modules.idaustriaclient.truststore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaclient.truststore.password=password +eidas.ms.modules.idaustriaclient.truststore.type=jks + +eidas.ms.modules.idaustriaclient.node.entityId= +eidas.ms.modules.idaustriaclient.node.metadataUrl= + +eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit +eidas.ms.modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.modules.idaustriaclient.metadata.organisation.url=http://junit.test +eidas.ms.modules.idaustriaclient.metadata.contact.givenname=Max +eidas.ms.modules.idaustriaclient.metadata.contact.surname=Mustermann +eidas.ms.modules.idaustriaclient.metadata.contact.email=max@junit.test diff --git a/connector/src/test/resources/config/junit_config_2_springboot.properties b/connector/src/test/resources/config/junit_config_2_springboot.properties index da82b92b..4c2be39b 100644 --- a/connector/src/test/resources/config/junit_config_2_springboot.properties +++ b/connector/src/test/resources/config/junit_config_2_springboot.properties @@ -83,39 +83,37 @@ eidas.ms.sp.1.policy.hasBaseIdTransferRestriction=true ## PVP2 S-Profile client configuration -#eidas.ms.modules.eidascentralauth.keystore.type=jks -#eidas.ms.modules.eidascentralauth.keystore.path=keys/junit.jks1 -#eidas.ms.modules.eidascentralauth.keystore.password=password -#eidas.ms.modules.eidascentralauth.key.metadata.alias=meta -#eidas.ms.modules.eidascentralauth.key.metadata.password=password -#eidas.ms.modules.eidascentralauth.key.signing.alias=sig -#eidas.ms.modules.eidascentralauth.key.signing.password=password -#eidas.ms.modules.eidascentralauth.metadata.validity=24 - -#file:src/test/resources/config/junit_config_1_springboot.properties -#eidas.ms.modules.eidascentralauth.keystore.path=src/test/resources/config/junit_test.jks -eidas.ms.modules.eidascentralauth.keystore.path=keys/junit_test.jks -eidas.ms.modules.eidascentralauth.keystore.password=password -eidas.ms.modules.eidascentralauth.keystore.type=jks - -eidas.ms.modules.eidascentralauth.metadata.sign.alias=meta -eidas.ms.modules.eidascentralauth.metadata.sign.password=password -eidas.ms.modules.eidascentralauth.request.sign.alias=sig -eidas.ms.modules.eidascentralauth.request.sign.password=password -eidas.ms.modules.eidascentralauth.response.encryption.alias=enc -eidas.ms.modules.eidascentralauth.response.encryption.password=password - -eidas.ms.modules.eidascentralauth.truststore.path=src/test/resources/config/junit_test.jks -eidas.ms.modules.eidascentralauth.truststore.password=password -eidas.ms.modules.eidascentralauth.truststore.type=jks - -eidas.ms.modules.eidascentralauth.node.entityId= -eidas.ms.modules.eidascentralauth.node.metadataUrl= - -eidas.ms.modules.eidascentralauth.metadata.organisation.name=JUnit -eidas.ms.modules.eidascentralauth.metadata.organisation.friendyname=For testing with jUnit -eidas.ms.modules.eidascentralauth.metadata.organisation.url=http://junit.test -eidas.ms.modules.eidascentralauth.metadata.contact.givenname=Max -eidas.ms.modules.eidascentralauth.metadata.contact.surname=Mustermann -eidas.ms.modules.eidascentralauth.metadata.contact.email=max@junit.test +#eidas.ms.modules.idaustriaclient.keystore.type=jks +#eidas.ms.modules.idaustriaclient.keystore.path=keys/junit.jks1 +#eidas.ms.modules.idaustriaclient.keystore.password=password +#eidas.ms.modules.idaustriaclient.key.metadata.alias=meta +#eidas.ms.modules.idaustriaclient.key.metadata.password=password +#eidas.ms.modules.idaustriaclient.key.signing.alias=sig +#eidas.ms.modules.idaustriaclient.key.signing.password=password +#eidas.ms.modules.idaustriaclient.metadata.validity=24 + +eidas.ms.modules.idaustriaclient.keystore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaclient.keystore.password=password +eidas.ms.modules.idaustriaclient.keystore.type=jks + +eidas.ms.modules.idaustriaclient.metadata.sign.alias=meta +eidas.ms.modules.idaustriaclient.metadata.sign.password=password +eidas.ms.modules.idaustriaclient.request.sign.alias=sig +eidas.ms.modules.idaustriaclient.request.sign.password=password +eidas.ms.modules.idaustriaclient.response.encryption.alias=enc +eidas.ms.modules.idaustriaclient.response.encryption.password=password + +eidas.ms.modules.idaustriaclient.truststore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaclient.truststore.password=password +eidas.ms.modules.idaustriaclient.truststore.type=jks + +eidas.ms.modules.idaustriaclient.node.entityId= +eidas.ms.modules.idaustriaclient.node.metadataUrl= + +eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit +eidas.ms.modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.modules.idaustriaclient.metadata.organisation.url=http://junit.test +eidas.ms.modules.idaustriaclient.metadata.contact.givenname=Max +eidas.ms.modules.idaustriaclient.metadata.contact.surname=Mustermann +eidas.ms.modules.idaustriaclient.metadata.contact.email=max@junit.test diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AhExtendedPvpAttributeDefinitions.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AhExtendedPvpAttributeDefinitions.java new file mode 100644 index 00000000..8dea6df3 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AhExtendedPvpAttributeDefinitions.java @@ -0,0 +1,24 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; + +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class AhExtendedPvpAttributeDefinitions implements ExtendedPvpAttributeDefinitions { + private static final Logger log = + LoggerFactory.getLogger(AhExtendedPvpAttributeDefinitions.class); + + private AhExtendedPvpAttributeDefinitions() { + log.trace("Instance class: {} for SonarQube", + AhExtendedPvpAttributeDefinitions.class.getName()); + + } + + public static final String EID_BCBIND_NAME = "urn:eidgvat:attributes.bcbind"; + public static final String EID_BCBIND_FRIENDLY_NAME = "bcBind"; + + public static final String EID_BINDING_PUBKEY_NAME = "urn:eidgvat:attributes.binding.pubkey"; + public static final String EID_BINDING_PUBKEY_FRIENDLY_NAME = "BindingPubKey"; + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AuthHandlerConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AuthHandlerConstants.java new file mode 100644 index 00000000..9c6929c2 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AuthHandlerConstants.java @@ -0,0 +1,141 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; + + +public class AuthHandlerConstants { + + private AuthHandlerConstants() { + + } + + // TODO: maybe update to another target + public static final String DEFAULT_INTERNAL_BPK_TARGET = "urn:publicid:gv.at:cdid+ZP-MH"; + + // configuration parameters + public static final String PROP_CONFIG_APPLICATION_PREFIX = "authhandler."; + public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX = "core.context.url.prefix"; + public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION = + "core.context.url.request.validation"; + public static final String PROP_CONFIG_LEGACY_ALLOW = "core.legacy.allowLegacyMode"; + + public static final String PROP_CONFIG_WEBCONTENT_STATIC_PATH = + "core.webcontent.static.directory"; + public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH = "core.webcontent.templates"; + public static final String PROP_CONFIG_WEBCONTENT_PROPERTIES_PATH = "core.webcontent.properties"; + + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_NAME = "core.cache.transaction.name"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_ENABLED = + "core.cache.transaction.encryption.enabled"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEY_TYPE = + "core.cache.transaction.encryption.type"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_PASSPHRASE = + "core.cache.transaction.encryption.passphrase"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_SALT = + "core.cache.transaction.encryption.salt"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEYSTORE_NAME = + "core.cache.transaction.encryption.keystore.name"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEY_ALIAS = + "core.cache.transaction.encryption.key.alias"; + + public static final String PROP_CONFIG_CACHE_ATTRIBUTEPROXY_NAME = + "core.cache.attributeproxy.name"; + + public static final String PROP_CONFIG_BACKEND_ENDPOINT_GETALLSUPPORTEDATTRIBUTES = + "backend.endpoints.getallsupportedattributes"; + public static final String PROP_CONFIG_BACKEND_ENDPOINT_GETAPPLICATIONCONFIGURATION = + "backend.endpoints.getapplicationconfiguration"; + + public static final String PROP_CONFIG_INTERNAL_BPK_TARGET = "core.internal.bpk.target"; + + public static final String PROP_CONFIG_INTERNAL_FRONTEND_ONLY_MODE = "core.internal.frontend.only.mode"; + public static final boolean PROP_DEFAULT_CONFIG_INTERNAL_FRONTEND_ONLY_MODE = false; + + // Servlet End-Points + public static final String ENDPOINT_PROCESSENGINE_CONTROLLER = "/api/process"; + public static final String ENDPOINT_ERROR_IFRAME_HOPPING = "/error/parenthop"; + + + // GUI template directories + public static final String CLASSPATH_TEMPLATE_DIR = "/templates/"; + public static final String FILESYSTEM_TEMPLATE_DIR = "./templates/"; + public static final String TEMPLATE_HTML_ERROR = "error_message.html"; + + // GUI template defaultfiles + public static final String TEMPLATE_AUTHPROCESS_SELECTION_VDA_FULLFRAME = "authSelection.html"; + public static final String TEMPLATE_AUTHPROCESS_SELECTION_VDA_IFRAME = "authSelection_iframe.html"; + public static final String TEMPLATE_USER_CONSENT_REQUEST = "userConsent.html"; + public static final String TEMPLATE_IFRAME_TO_PARENT_HOPE = "iframe_parent_hope.html"; + public static final String TEMPLATE_MANDATE_SELECTION = "mandateSelection.html"; + public static final String TEMPLATE_PROF_REP_MANDATE_SELECTION = "profRepMandateSelection.html"; + public static final String TEMPLATE_MANDATE_SELECTION_DUMMY = "mandateSelection_dummy.html"; + + + + // http request parameters + public static final String HTTP_PARAM_APPLICATION_ID = "appId"; + public static final String HTTP_PARAM_STOP_PROCESS = "stopAuthProcess"; + public static final String HTTP_PARAM_EIDAS_PROCESS = "useeIDAS"; + public static final String HTTP_PARAM_EID_PROCESS = "useeID"; + public static final String HTTP_PARAM_EID_BINDING_AUTH_PROCESS = "useBindingAuth"; + public static final String HTTP_PARAM_USE_MANDATES = "useMandate"; + public static final String HTTP_PARAM_AUTHMETHOD = "authMethod"; + public static final String HTTP_PARAM_CONSENT_RELEASE_ATTRIBUTES = "releaseAttributes"; + public static final String HTTP_PARAM_CONSENT_STORE_CONSENT = "storeConsent"; + + @Deprecated + public static final String HTTP_PARAM_EIDMIGRATIONPILOT_PROCESS = "pilotMigration"; + @Deprecated + public static final String HTTP_PARAM_EIDMIGRATIONPILOT_SHOW_INFO_PAGE = "pilotMigrationInfoPage"; + @Deprecated + public static final String HTTP_PARAM_MOBILESIGNATURE_PROCESS = "usemobileSig"; + + // UI options + public static final String UI_PARAM_USE_MANDATES = HTTP_PARAM_USE_MANDATES; + public static final String UI_PARAM_USE_ONLY_MANDATES = "useOnlyMandate"; + public static final String UI_PARAM_USE_EIDAS = HTTP_PARAM_EIDAS_PROCESS; + public static final String UI_PARAM_DSGVO_SHORT_INFO = "dsgvoShortText"; + public static final String UI_PARAM_DSGVO_SP_PRIVACY_STATEMENT_URL = "dsgvoPrivacyStatementUrl"; + public static final String UI_PARAM_DSGVO_SP_SERVICE_URL = "dsgvoServiceUrl"; + public static final String UI_PARAM_DSGVO_SP_LOGO = "dsgvoSpLogo"; + public static final String UI_PARAM_DSGVO_SP_LOGO_SET = "dsgvoSpLogoSet"; + public static final String UI_PARAM_DSGVO_SP_LOGO_SET_DATAURL = "dataUrl"; + public static final String UI_PARAM_DSGVO_SP_LOGO_SET_THEME = "theme"; + public static final String UI_PARAM_DSGVO_SP_LOGO_SET_RESOLUTION = "resolution"; + public static final String UI_PARAM_DSGVO_SP_LOGO_SET_TYPE = "type"; + + public enum LogoType { SVG, PNG, UNKNOWN } + + public enum AuthBlockType { + CADES("CAdES"), JWS("JWS"), NONE("none"); + + private final String internalType; + + AuthBlockType(final String type) { + this.internalType = type; + + } + + /** + * Get Type identifier for this AuthBlock. + * + * @return + */ + public String getAuthBlockType() { + return this.internalType; + } + + @Override + public String toString() { + return getAuthBlockType(); + + } + } + + // process context parameters + public static final String PROCESSCONTEXT_USERCONSENT_NEEDED = "userConsentNeeded"; + public static final String PROCESSCONTEXT_AUTHPROCESSSELECTION_DONE = "authProcSelectDone"; + public static final String PROCESSCONTEXT_SWITCH_LANGUAGE = "changeLanguage"; + public static final String PROCESSCONTEXT_IFRAME_PARENT_NEEDED = "iframeParentNeeded"; + + public static final String PROCESSCONTEXT_WAS_EID_PROCESS = "wasEidProcess"; + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IAhSpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IAhSpConfiguration.java new file mode 100644 index 00000000..2a54f541 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IAhSpConfiguration.java @@ -0,0 +1,151 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; + +import java.util.List; + +import javax.annotation.Nonnull; +import javax.annotation.Nullable; + +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.impl.data.Pair; + +public interface IAhSpConfiguration extends ISpConfiguration { + + + /** + * Flag if this Service Provider is enabled. + * + * @return true if the SP is enabled, otherwise false + */ + boolean isEnabled(); + + /** + * Get unique identifier that is used in Application-Register from BM.I. + * + *

If no BM.I specific identifier is available then this method returns + * the same identifier as getUniqueIdentifier()

+ * + * @return unique identifier from BM.I AppReg, or generic uniqueId of no specific exists + */ + String getUniqueApplicationRegisterIdentifier(); + + /** + * Flag that marks this Service-Provider as public or private. + * + *

Default: If it is not set or has an unknown value, its private by default

+ * + * @return true if it is from public, otherwise false + */ + boolean isPublicServiceProvider(); + + /** + * Enable test identities for this Service Provider. + * + * @return true if test identities are allowed, otherwise false + */ + boolean isTestCredentialEnabled(); + + /** + * Get a List of OID's that refine the set of allowed test identities. + * + * @return @link {@link List} of test-identity OID's + */ + @Nullable + List getTestCredentialOids(); + + + /** + * Get a List of unique attribute URI's that are required by this SP. + * + * @return {@link List} of attribute URI's / parameter {@link Pair}s + */ + List> getRequiredAttributes(); + + + /** + * Get the CountryCode for this service.
+ *
+ * Default: AT + * + * @return + */ + String getCountryCode(); + + /** + * Set the CountryCode for this service. If not countryCode is set, AT is used as default. + * + * @param cc Service-Provider country-code + */ + void setCountryCode(String cc); + + /** + * Enable mandates for this service provider. + * + * @return true if mandates are enabled, otherwise false + */ + boolean isMandateEnabled(); + + /** + * Enables multi-mandates for this service-provider. + * + * @return true if multi-mandates are enabled, otherwise false + */ + boolean isMultiMandateEnabled(); + + /** + * Only mandates are allowed for this service provider. + * + * @return true if only mandates are allowed, otherwise false + */ + boolean isOnlyMandateEnabled(); + + /** + * Get a {@link List} of mandate profiles that are supported by this Service provider. + * + * @return + */ + @Nonnull List getMandateProfiles(); + + + /** + * eIDAS authentication allowed flag. + * + * @return true if eIDAS authentication is enabled, otherwise false + */ + boolean isEidasEnabled(); + + /** + * Get a List of targets for additional bPKs that are required by this service provider. + * + * @return List of prefixed bPK targets + */ + @Nonnull List getAdditionalBpkTargets(); + + /** + * Get a list of foreign bPK targets that are required by this service provider. + * + * @return List of pairs with prefixed bPK targets as first element and VKZ as second element + */ + @Nonnull List> getAdditionalForeignBpkTargets(); + + /** + * Flag that indicates that service-provider as restricted or unrestricted. + * + *

A restricted service-provider can only used by test-identities that contains a + * valid application-restriction in User-Certificate Pinning

+ * + *

Default: true

+ * + * @return true if it is restricted, otherwise false + */ + boolean isRestrictedServiceProvider(); + + + /** + * Defines the time in minutes how long the last VDA registration h@Override + ave passed as maximum. + * + * @return time in minutes + */ + long lastVdaAuthenticationDelay(); + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthConstants.java new file mode 100644 index 00000000..22910614 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthConstants.java @@ -0,0 +1,166 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; + + +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.impl.data.Triple; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + + +public class IdAustriaClientAuthConstants { + + private IdAustriaClientAuthConstants() { + + } + + public static final String SAML2_STATUSCODE_USERSTOP = "1005"; + + public static final String MODULE_NAME_FOR_LOGGING = "ID Austria Client"; + + public static final int METADATA_VALIDUNTIL_IN_HOURS = 24; + + // public static final String HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION = + // AuthHandlerConstants.HTTP_PARAM_EIDAS_PROCESS; + + public static final String ENDPOINT_POST = "/idAustriaSp/post"; + public static final String ENDPOINT_REDIRECT = "/idAustriaSp/redirect"; + public static final String ENDPOINT_METADATA = "/idAustriaSp/metadata"; + + public static final String CONFIG_PROPS_PREFIX = "modules.idaustriaclient."; + public static final String CONFIG_PROPS_KEYSTORE_TYPE = CONFIG_PROPS_PREFIX + "keystore.type"; + public static final String CONFIG_PROPS_KEYSTORE_NAME = CONFIG_PROPS_PREFIX + "keystore.name"; + public static final String CONFIG_PROPS_KEYSTORE_PATH = CONFIG_PROPS_PREFIX + "keystore.path"; + public static final String CONFIG_PROPS_KEYSTORE_PASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; + public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX + + "metadata.sign.password"; + public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS = CONFIG_PROPS_PREFIX + + "metadata.sign.alias"; + public static final String CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD = CONFIG_PROPS_PREFIX + + "request.sign.password"; + public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS = CONFIG_PROPS_PREFIX + + "request.sign.alias"; + public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX + + "response.encryption.password"; + public static final String CONFIG_PROPS_ENCRYPTION_ALIAS = CONFIG_PROPS_PREFIX + + "response.encryption.alias"; + + public static final String CONFIG_PROPS_TRUSTSTORE_TYPE = CONFIG_PROPS_PREFIX + "truststore.type"; + public static final String CONFIG_PROPS_TRUSTSTORE_NAME = CONFIG_PROPS_PREFIX + "truststore.name"; + public static final String CONFIG_PROPS_TRUSTSTORE_PATH = CONFIG_PROPS_PREFIX + "truststore.path"; + public static final String CONFIG_PROPS_TRUSTSTORE_PASSWORD = CONFIG_PROPS_PREFIX + "truststore.password"; + + public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + + "required.additional.attributes"; + public static final String CONFIG_PROPS_REQUIRED_LOA = CONFIG_PROPS_PREFIX + + "required.loa"; + public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "node.entityId"; + public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "node.metadataUrl"; + public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID"; + + + public static final String CONFIG_PROPS_METADATA_CONTACT_GIVENNAME = + CONFIG_PROPS_PREFIX + "metadata.contact.givenname"; + public static final String CONFIG_PROPS_METADATA_CONTACT_SURNAME = + CONFIG_PROPS_PREFIX + "metadata.contact.surname"; + public static final String CONFIG_PROPS_METADATA_CONTACT_EMAIL = + CONFIG_PROPS_PREFIX + "metadata.contact.email"; + public static final String CONFIG_PROPS_METADATA_ORGANISATION_NAME = + CONFIG_PROPS_PREFIX + "metadata.organisation.name"; + public static final String CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME = + CONFIG_PROPS_PREFIX + "metadata.organisation.friendyname"; + public static final String CONFIG_PROPS_METADATA_ORGANISATION_URL = + CONFIG_PROPS_PREFIX + "metadata.organisation.url"; + + public static final String CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL = "auth.eidas.node.entityId"; + + public static final String CONFIG_PROPS_SEMPER_MANDATES_ACTIVE = CONFIG_PROPS_PREFIX + + "semper.mandates.active"; + public static final String CONFIG_PROPS_SEMPER_MANDATES_MS_PROXY_LIST = CONFIG_PROPS_PREFIX + + "semper.msproxy.list"; + + public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EaafConstants.EIDAS_LOA_HIGH; + + @Deprecated + public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES_WITHOUT_EID = + Collections.unmodifiableList(new ArrayList>() { + private static final long serialVersionUID = 1L; + { + // add PVP Version attribute + add(Triple.newInstance(PvpAttributeDefinitions.PVP_VERSION_NAME, + PvpAttributeDefinitions.PVP_VERSION_FRIENDLY_NAME, true)); + + // request entity information + add(Triple.newInstance(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, + PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, + PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true)); + add(Triple.newInstance(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, + PvpAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, true)); + + // entity eID information + add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME, + AhExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, false)); + add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME, + AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, false)); + + // Deprecated information + add(Triple.newInstance(PvpAttributeDefinitions.GIVEN_NAME_NAME, + PvpAttributeDefinitions.GIVEN_NAME_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, + PvpAttributeDefinitions.PRINCIPAL_NAME_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.BIRTHDATE_NAME, + PvpAttributeDefinitions.BIRTHDATE_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.BPK_NAME, PvpAttributeDefinitions.BPK_FRIENDLY_NAME, + false)); + add(Triple.newInstance(PvpAttributeDefinitions.EID_IDENTITY_LINK_NAME, + PvpAttributeDefinitions.EID_IDENTITY_LINK_FRIENDLY_NAME, false)); + + //request pII transactionId from MS-Connector + add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, + ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_FRIENDLY_NAME, false)); + + } + }); + + public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES = + Collections.unmodifiableList(new ArrayList>() { + private static final long serialVersionUID = 1L; + { + // add PVP Version attribute + add(Triple.newInstance(PvpAttributeDefinitions.PVP_VERSION_NAME, + PvpAttributeDefinitions.PVP_VERSION_FRIENDLY_NAME, true)); + + // entity metadata information + add(Triple.newInstance(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, + PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true)); + add(Triple.newInstance(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, + PvpAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, true)); + + // entity eID information + add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME, + AhExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, true)); + add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME, + AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, true)); + + //request pII transactionId from MS-Connector + add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, + ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_FRIENDLY_NAME, false)); + + } + }); + + public static final List DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES = + Collections.unmodifiableList(new ArrayList() { + private static final long serialVersionUID = 1L; + { + for (final Triple el : DEFAULT_REQUIRED_PVP_ATTRIBUTES) { + add(el.getFirst()); + } + } + }); + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthCredentialProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthCredentialProvider.java new file mode 100644 index 00000000..1aa85e71 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthCredentialProvider.java @@ -0,0 +1,130 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; + +import org.springframework.beans.factory.annotation.Autowired; + +/** + * Credential provider for eIDAS PVP S-Profile client. + * + * @author tlenz + * + */ +public class IdAustriaClientAuthCredentialProvider extends AbstractCredentialProvider { + + @Autowired + IConfiguration authConfig; + + private static final String FRIENDLYNAME = "eIDAS centrial authentication"; + + @Override + public KeyStoreConfiguration getBasicKeyStoreConfig() throws EaafConfigurationException { + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setFriendlyName(FRIENDLYNAME); + keyStoreConfig.setKeyStoreType( + authConfig.getBasicConfiguration(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_TYPE, + KeyStoreType.PKCS12.getKeyStoreType())); + keyStoreConfig.setKeyStoreName( + authConfig.getBasicConfiguration(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_NAME)); + keyStoreConfig.setSoftKeyStoreFilePath(getKeyStoreFilePath()); + keyStoreConfig.setSoftKeyStorePassword( + authConfig.getBasicConfiguration(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PASSWORD)); + + return keyStoreConfig; + + } + + private String getKeyStoreFilePath() throws EaafConfigurationException { + final String path = authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH); + if (path == null) { + throw new EaafConfigurationException("module.eidasauth.00", + new Object[] { IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH }); + + } + return path; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getMetadataKeyAlias() + */ + @Override + public String getMetadataKeyAlias() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getMetadataKeyPassword() + */ + @Override + public String getMetadataKeyPassword() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getSignatureKeyAlias() + */ + @Override + public String getSignatureKeyAlias() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getSignatureKeyPassword() + */ + @Override + public String getSignatureKeyPassword() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getEncryptionKeyAlias() + */ + @Override + public String getEncryptionKeyAlias() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getEncryptionKeyPassword() + */ + @Override + public String getEncryptionKeyPassword() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataConfiguration.java new file mode 100644 index 00000000..4b5861e9 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataConfiguration.java @@ -0,0 +1,471 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; + + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Triple; +import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; + +import org.opensaml.saml.saml2.core.Attribute; +import org.opensaml.saml.saml2.core.NameIDType; +import org.opensaml.saml.saml2.metadata.ContactPerson; +import org.opensaml.saml.saml2.metadata.Organization; +import org.opensaml.saml.saml2.metadata.RequestedAttribute; +import org.opensaml.security.credential.Credential; + +import lombok.extern.slf4j.Slf4j; + +/** + * Configuration object to generate PVP S-Profile metadata for SAML2 client. + * + * @author tlenz + * + */ +@Slf4j +public class IdAustriaClientAuthMetadataConfiguration implements IPvpMetadataBuilderConfiguration { + + private Collection additionalAttributes = null; + + private final String authUrl; + private final IdAustriaClientAuthCredentialProvider credentialProvider; + private final IPvp2BasicConfiguration pvpConfiguration; + + /** + * Configuration object to create PVP2 S-Profile metadata information. + * + * @param authUrl Public URL prefix of the application + * @param credentialProvider Credentials used by PVP2 S-Profile end-point + * @param pvpConfiguration Basic PVP2 S-Profile end-point configuration + */ + public IdAustriaClientAuthMetadataConfiguration(String authUrl, + IdAustriaClientAuthCredentialProvider credentialProvider, + IPvp2BasicConfiguration pvpConfiguration) { + this.authUrl = authUrl; + this.credentialProvider = credentialProvider; + this.pvpConfiguration = pvpConfiguration; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getMetadataValidUntil() + */ + @Override + public int getMetadataValidUntil() { + return IdAustriaClientAuthConstants.METADATA_VALIDUNTIL_IN_HOURS; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * buildEntitiesDescriptorAsRootElement() + */ + @Override + public boolean buildEntitiesDescriptorAsRootElement() { + return false; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * buildIDPSSODescriptor() + */ + @Override + public boolean buildIdpSsoDescriptor() { + return false; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * buildSPSSODescriptor() + */ + @Override + public boolean buildSpSsoDescriptor() { + return true; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getEntityIDPostfix() + */ + @Override + public String getEntityID() { + return authUrl + IdAustriaClientAuthConstants.ENDPOINT_METADATA; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getEntityFriendlyName() + */ + @Override + public String getEntityFriendlyName() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getContactPersonInformation() + */ + @Override + public List getContactPersonInformation() { + try { + return pvpConfiguration.getIdpContacts(); + + } catch (final EaafException e) { + log.warn("Can not load Metadata entry: Contect Person", e); + return null; + + } + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getOrgansiationInformation() + */ + @Override + public Organization getOrgansiationInformation() { + try { + return pvpConfiguration.getIdpOrganisation(); + + } catch (final EaafException e) { + log.warn("Can not load Metadata entry: Organisation", e); + return null; + + } + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getMetadataSigningCredentials() + */ + @Override + public EaafX509Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getMetaDataSigningCredential(); + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getRequestorResponseSigningCredentials() + */ + @Override + public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getMessageSigningCredential(); + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getEncryptionCredentials() + */ + @Override + public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getMessageEncryptionCredential(); + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPWebSSOPostBindingURL() + */ + @Override + public String getIdpWebSsoPostBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPWebSSORedirectBindingURL() + */ + @Override + public String getIdpWebSsoRedirectBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPSLOPostBindingURL() + */ + @Override + public String getIdpSloPostBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPSLORedirectBindingURL() + */ + @Override + public String getIdpSloRedirectBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPAssertionConsumerServicePostBindingURL() + */ + @Override + public String getSpAssertionConsumerServicePostBindingUrl() { + return authUrl + IdAustriaClientAuthConstants.ENDPOINT_POST; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPAssertionConsumerServiceRedirectBindingURL() + */ + @Override + public String getSpAssertionConsumerServiceRedirectBindingUrl() { + return authUrl + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPSLOPostBindingURL() + */ + @Override + public String getSpSloPostBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPSLORedirectBindingURL() + */ + @Override + public String getSpSloRedirectBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPSLOSOAPBindingURL() + */ + @Override + public String getSpSloSoapBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPPossibleAttributes() + */ + @Override + public List getIdpPossibleAttributes() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPPossibleNameITTypes() + */ + @Override + public List getIdpPossibleNameIdTypes() { + return null; + } + + + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPRequiredAttributes() + */ + @Override + public Collection getSpRequiredAttributes() { + final Map requestedAttributes = new HashMap<>(); + + if (pvpConfiguration.getBasicConfiguration().getBasicConfigurationBoolean( + AuthHandlerConstants.PROP_CONFIG_LEGACY_ALLOW, false)) { + log.trace("Build required attributes for legacy operaton ... "); + injectDefinedAttributes(requestedAttributes, + IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES_WITHOUT_EID); + + } else { + log.trace("Build required attributes for E-ID operaton ... "); + injectDefinedAttributes(requestedAttributes, + IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES); + + } + + if (additionalAttributes != null) { + log.trace("Add additional PVP attributes into metadata ... "); + for (final RequestedAttribute el : additionalAttributes) { + if (requestedAttributes.containsKey(el.getName())) { + log.debug("Attribute " + el.getName() + + " is already added by default configuration. Overwrite it by user configuration"); + } + + requestedAttributes.put(el.getName(), el); + + } + } + + return requestedAttributes.values(); + + } + + + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPAllowedNameITTypes() + */ + @Override + public List getSpAllowedNameIdTypes() { + return Arrays.asList(NameIDType.PERSISTENT); + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPMetadataBuilderConfiguration#getSPNameForLogging() + */ + @Override + public String getSpNameForLogging() { + return IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPMetadataBuilderConfiguration#wantAssertionSigned() + */ + @Override + public boolean wantAssertionSigned() { + return false; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned() + */ + @Override + public boolean wantAuthnRequestSigned() { + return true; + } + + /** + * Add additonal PVP attributes that are required by this deployment. + * + * @param additionalAttr List of PVP attribute name and isRequired flag + */ + public void setAdditionalRequiredAttributes(List> additionalAttr) { + if (additionalAttr != null && !additionalAttr.isEmpty()) { + additionalAttributes = new ArrayList<>(); + for (final Pair el : additionalAttr) { + final Attribute attributBuilder = PvpAttributeBuilder.buildEmptyAttribute(el.getFirst()); + if (attributBuilder != null) { + additionalAttributes.add( + PvpAttributeBuilder.buildReqAttribute( + attributBuilder.getName(), + attributBuilder.getFriendlyName(), + el.getSecond())); + + } else { + log.info("NO PVP attribute with name: " + el.getFirst()); + } + + } + } + } + + private void injectDefinedAttributes(Map requestedAttributes, + List> attributes) { + for (final Triple el : attributes) { + requestedAttributes.put(el.getFirst(), PvpAttributeBuilder.buildReqAttribute(el.getFirst(), el + .getSecond(), el.getThird())); + + } + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataController.java new file mode 100644 index 00000000..87886397 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataController.java @@ -0,0 +1,149 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; + + +import java.io.IOException; +import java.net.MalformedURLException; +import java.net.URL; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.http.HttpUtils; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import com.google.common.net.MediaType; +import lombok.extern.slf4j.Slf4j; + +/** + * Controller that generates SAML2 metadata for eIDAS authentication client. + * + * @author tlenz + * + */ +@Slf4j +@Controller +public class IdAustriaClientAuthMetadataController extends AbstractController { + + private static final String ERROR_CODE_INTERNAL_00 = "eaaf.core.00"; + + @Autowired + PvpMetadataBuilder metadatabuilder; + @Autowired + IdAustriaClientAuthCredentialProvider credentialProvider; + @Autowired + IPvp2BasicConfiguration pvpConfiguration; + + /** + * Default construction with logging. + * + */ + public IdAustriaClientAuthMetadataController() { + super(); + log.debug("Registering servlet " + getClass().getName() + + " with mappings '" + IdAustriaClientAuthConstants.ENDPOINT_METADATA + + "'."); + + } + + /** + * End-point that produce PVP2 metadata for eIDAS authentication client. + * + * @param req http Request + * @param resp http Response + * @throws IOException In case of an I/O error + * @throws EaafException In case of a metadata generation error + */ + @RequestMapping(value = IdAustriaClientAuthConstants.ENDPOINT_METADATA, + method = { RequestMethod.GET }) + public void getSpMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException, + EaafException { + // check PublicURL prefix + try { + final String authUrl = getAuthUrlFromHttpContext(req); + + // initialize metadata builder configuration + final IdAustriaClientAuthMetadataConfiguration metadataConfig = + new IdAustriaClientAuthMetadataConfiguration(authUrl, credentialProvider, pvpConfiguration); + metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes()); + + // build metadata + final String xmlMetadata = metadatabuilder.buildPvpMetadata(metadataConfig); + + // write response + final byte[] content = xmlMetadata.getBytes("UTF-8"); + resp.setStatus(HttpServletResponse.SC_OK); + resp.setContentLength(content.length); + resp.setContentType(MediaType.XML_UTF_8.toString()); + resp.getOutputStream().write(content); + + } catch (final Exception e) { + log.warn("Build federated-authentication PVP metadata FAILED.", e); + protAuthService.handleErrorNoRedirect(e, req, resp, false); + + } + + } + + private String getAuthUrlFromHttpContext(HttpServletRequest req) throws EaafException { + // check if End-Point is valid + final String authUrlString = HttpUtils.extractAuthUrlFromRequest(req); + URL authReqUrl; + try { + authReqUrl = new URL(authUrlString); + + } catch (final MalformedURLException e) { + log.warn("Requested URL: {} is not a valid URL.", authUrlString); + throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString }, e); + + } + + final String idpAuthUrl = authConfig.validateIdpUrl(authReqUrl); + if (idpAuthUrl == null) { + log.warn("Requested URL: {} is NOT found in configuration.", authReqUrl); + throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString }); + + } + + return idpAuthUrl; + } + + private List> getAdditonalRequiredAttributes() { + final List> result = new ArrayList<>(); + + // load attributes from configuration + final Map addReqAttributes = authConfig.getBasicConfigurationWithPrefix( + IdAustriaClientAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST); + for (final String el : addReqAttributes.values()) { + if (StringUtils.isNotEmpty(el)) { + log.trace("Parse additional attr. definition: " + el); + final List attr = KeyValueUtils.getListOfCsvValues(el.trim()); + if (attr.size() == 2) { + result.add(Pair.newInstance(attr.get(0), Boolean.parseBoolean(attr.get(1)))); + + } else { + log.info("IGNORE additional attr. definition: " + el + + " Reason: Format not valid"); + } + } + } + + return result; + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataProvider.java new file mode 100644 index 00000000..c0bfa290 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataProvider.java @@ -0,0 +1,169 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; + +import java.io.IOException; +import java.security.KeyStore; +import java.security.Provider; +import java.security.cert.CertificateException; +import java.text.MessageFormat; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import javax.annotation.PostConstruct; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml.metadata.resolver.MetadataResolver; +import org.opensaml.saml.metadata.resolver.filter.MetadataFilter; +import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain; +import org.springframework.beans.factory.annotation.Autowired; + +import lombok.extern.slf4j.Slf4j; + +/** + * SAML2 metadata-provider implementation for eIDAS client. + * + * @author tlenz + * + */ +@Slf4j +public class IdAustriaClientAuthMetadataProvider extends AbstractChainingMetadataProvider { + + private static final String FRIENDLYNAME_METADATA_TRUSTSTORE = "'eIDAS_client metadata truststore'"; + private static final String PROVIDER_ID_PATTERN = "eIDAS resolver: {0}"; + public static final String PROVIDER_ID = "'eIDAS_client metadata provider'"; + + @Autowired + private IConfiguration basicConfig; + + @Autowired + private PvpMetadataResolverFactory metadataProviderFactory; + @Autowired + private IHttpClientFactory httpClientFactory; + + @Autowired + private EaafKeyStoreFactory keyStoreFactory; + + private Pair metadataSigningTrustStore; + + @Override + protected String getMetadataUrl(String entityId) throws EaafConfigurationException { + log.trace("eIDAS Auth. uses SAML2 well-known location approach. EntityId is Metadata-URL"); + return entityId; + + } + + @Override + protected MetadataResolver createNewMetadataProvider(String entityId) throws EaafConfigurationException, + IOException, CertificateException { + final List filterList = new ArrayList<>(); + filterList.add(new SchemaValidationFilter(true)); + filterList.add(new SimpleMetadataSignatureVerificationFilter( + metadataSigningTrustStore.getFirst(), entityId)); + + final MetadataFilterChain filter = new MetadataFilterChain(); + filter.setFilters(filterList); + + try { + return metadataProviderFactory.createMetadataProvider(getMetadataUrl(entityId), + filter, + MessageFormat.format(PROVIDER_ID_PATTERN, entityId), + httpClientFactory.getHttpClient()); + + } catch (final Pvp2MetadataException e) { + log.info("Can NOT build metadata provider for entityId: {}", entityId); + throw new EaafConfigurationException("module.eidasauth.04", + new Object[] { entityId, e.getMessage() }, e); + + } + } + + @Override + protected List getAllMetadataUrlsFromConfiguration() throws EaafConfigurationException { + return Collections.emptyList(); + + } + + @Override + protected String getMetadataProviderId() { + return PROVIDER_ID; + + } + + @Override + public void runGarbageCollector() { + log.trace("Garbage collection is NOT supported by: {}", getId()); + } + + @Override + public void doDestroy() { + super.fullyDestroy(); + + } + + @PostConstruct + private void initialize() throws EaafException { + // initialize truststore to validate metadata signing certificates + initializeTrustStore(); + + // load metadata with metadataURL, as backup + initializeFileSystemMetadata(); + + } + + private void initializeFileSystemMetadata() { + try { + final String metadataUrl = basicConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_METADATAURL); + if (StringUtils.isNotEmpty(metadataUrl)) { + log.info("Use not recommended metadata-provider initialization!" + + " SAML2 'Well-Known-Location' is the preferred methode."); + log.info("Initialize 'ms-specific eIDAS node' metadata-provider with URL: {}", metadataUrl); + + addMetadataResolverIntoChain(createNewMetadataProvider(metadataUrl)); + } + + } catch (final EaafConfigurationException | CertificateException | IOException e) { + log.warn("Can NOT inject static eIDAS Node metadata-soure.", e); + log.warn("eIDAS Node communication can be FAIL."); + + } + } + + private void initializeTrustStore() throws EaafException { + // set configuration + final KeyStoreConfiguration trustStoreConfig = new KeyStoreConfiguration(); + trustStoreConfig.setFriendlyName(FRIENDLYNAME_METADATA_TRUSTSTORE); + trustStoreConfig.setKeyStoreType(basicConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_TYPE, + KeyStoreType.JKS.getKeyStoreType())); + trustStoreConfig.setKeyStoreName(basicConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_NAME)); + trustStoreConfig.setSoftKeyStoreFilePath(basicConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_PATH)); + trustStoreConfig.setSoftKeyStorePassword(basicConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_PASSWORD)); + + // validate configuration + trustStoreConfig.validate(); + + // open new TrustStore + metadataSigningTrustStore = keyStoreFactory.buildNewKeyStore(trustStoreConfig); + + } + +} + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthRequestBuilderConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthRequestBuilderConfiguration.java new file mode 100644 index 00000000..ddaf872d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthRequestBuilderConfiguration.java @@ -0,0 +1,300 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; + +import java.util.List; + +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation; + +import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration; +import org.opensaml.saml.saml2.core.NameIDType; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.w3c.dom.Element; + +public class IdAustriaClientAuthRequestBuilderConfiguration implements IPvpAuthnRequestBuilderConfiguruation { + + private boolean isPassive; + private String spEntityId; + private String qaaLevel; + private EntityDescriptor idpEntity; + private EaafX509Credential signCred; + private String scopeRequesterId; + private String providerName; + private List requestedAttributes; + private String reqId; + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#isPassivRequest() + */ + @Override + public Boolean isPassivRequest() { + return this.isPassive; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getAssertionConsumerServiceId() + */ + @Override + public Integer getAssertionConsumerServiceId() { + return 0; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getEntityID() + */ + @Override + public String getSpEntityID() { + return this.spEntityId; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() + */ + @Override + public String getNameIdPolicyFormat() { + return NameIDType.PERSISTENT; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() + */ + @Override + public boolean getNameIdPolicyAllowCreation() { + return true; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getAuthnContextClassRef() + */ + @Override + public String getAuthnContextClassRef() { + return this.qaaLevel; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getAuthnContextComparison() + */ + @Override + public AuthnContextComparisonTypeEnumeration getAuthnContextComparison() { + return AuthnContextComparisonTypeEnumeration.MINIMUM; + } + + /** + * Set isPassive flag in SAML2 request. + * + * @param isPassive the isPassive to set. + */ + public void setPassive(boolean isPassive) { + this.isPassive = isPassive; + } + + /** + * Set the requester EntityId. + * + * @param spEntityId EntityId of SP + */ + public void setSpEntityID(String spEntityId) { + this.spEntityId = spEntityId; + } + + /** + * Set required LoA. + * + * @param loa the LoA to set. + */ + public void setRequestedLoA(String loa) { + qaaLevel = loa; + } + + /** + * Set EntityId of IDP. + * + * @param idpEntity the idpEntity to set. + */ + public void setIdpEntity(EntityDescriptor idpEntity) { + this.idpEntity = idpEntity; + } + + /** + * Set message signing credentials. + * + * @param signCred the signCred to set. + */ + public void setSignCred(EaafX509Credential signCred) { + this.signCred = signCred; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getAuthnRequestSigningCredential() + */ + @Override + public EaafX509Credential getAuthnRequestSigningCredential() { + return this.signCred; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getIDPEntityDescriptor() + */ + @Override + public EntityDescriptor getIdpEntityDescriptor() { + return this.idpEntity; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSubjectNameID() + */ + @Override + public String getSubjectNameID() { + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSPNameForLogging() + */ + @Override + public String getSpNameForLogging() { + return IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDFormat() + */ + @Override + public String getSubjectNameIdFormat() { + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getRequestID() + */ + @Override + public String getRequestID() { + return this.reqId; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDQualifier() + */ + @Override + public String getSubjectNameIdQualifier() { + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationMethode() + */ + @Override + public String getSubjectConformationMethode() { + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationDate() + */ + @Override + public Element getSubjectConformationDate() { + return null; + } + + @Override + public List getRequestedAttributes() { + return this.requestedAttributes; + + } + + @Override + public String getProviderName() { + return this.providerName; + } + + @Override + public String getScopeRequesterId() { + return this.scopeRequesterId; + } + + /** + * Set the entityId of the SP that requests the proxy for eIDAS authentication. + * + * @param scopeRequesterId RequestId in SAML2 Proxy extension + */ + public void setScopeRequesterId(String scopeRequesterId) { + this.scopeRequesterId = scopeRequesterId; + } + + /** + * Set a friendlyName for the SP that requests the proxy for eIDAS + * authentication. + * + * @param providerName SAML2 provider-name attribute-value + */ + public void setProviderName(String providerName) { + this.providerName = providerName; + } + + /** + * Set a Set of PVP attributes that a requested by using requested attributes. + * + * @param requestedAttributes Requested SAML2 attributes + */ + public void setRequestedAttributes(List requestedAttributes) { + this.requestedAttributes = requestedAttributes; + } + + /** + * Set a RequestId for this Authn. Request. + * + * @param reqId SAML2 message requestId + */ + public void setRequestId(String reqId) { + this.reqId = reqId; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AhExtendedPvpAttributeDefinitions.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AhExtendedPvpAttributeDefinitions.java deleted file mode 100644 index af9a2972..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AhExtendedPvpAttributeDefinitions.java +++ /dev/null @@ -1,24 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; - -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class AhExtendedPvpAttributeDefinitions implements ExtendedPvpAttributeDefinitions { - private static final Logger log = - LoggerFactory.getLogger(AhExtendedPvpAttributeDefinitions.class); - - private AhExtendedPvpAttributeDefinitions() { - log.trace("Instance class: {} for SonarQube", - AhExtendedPvpAttributeDefinitions.class.getName()); - - } - - public static final String EID_BCBIND_NAME = "urn:eidgvat:attributes.bcbind"; - public static final String EID_BCBIND_FRIENDLY_NAME = "bcBind"; - - public static final String EID_BINDING_PUBKEY_NAME = "urn:eidgvat:attributes.binding.pubkey"; - public static final String EID_BINDING_PUBKEY_FRIENDLY_NAME = "BindingPubKey"; - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AuthHandlerConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AuthHandlerConstants.java deleted file mode 100644 index 60219759..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AuthHandlerConstants.java +++ /dev/null @@ -1,141 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; - - -public class AuthHandlerConstants { - - private AuthHandlerConstants() { - - } - - // TODO: maybe update to another target - public static final String DEFAULT_INTERNAL_BPK_TARGET = "urn:publicid:gv.at:cdid+ZP-MH"; - - // configuration parameters - public static final String PROP_CONFIG_APPLICATION_PREFIX = "authhandler."; - public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX = "core.context.url.prefix"; - public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION = - "core.context.url.request.validation"; - public static final String PROP_CONFIG_LEGACY_ALLOW = "core.legacy.allowLegacyMode"; - - public static final String PROP_CONFIG_WEBCONTENT_STATIC_PATH = - "core.webcontent.static.directory"; - public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH = "core.webcontent.templates"; - public static final String PROP_CONFIG_WEBCONTENT_PROPERTIES_PATH = "core.webcontent.properties"; - - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_NAME = "core.cache.transaction.name"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_ENABLED = - "core.cache.transaction.encryption.enabled"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEY_TYPE = - "core.cache.transaction.encryption.type"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_PASSPHRASE = - "core.cache.transaction.encryption.passphrase"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_SALT = - "core.cache.transaction.encryption.salt"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEYSTORE_NAME = - "core.cache.transaction.encryption.keystore.name"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEY_ALIAS = - "core.cache.transaction.encryption.key.alias"; - - public static final String PROP_CONFIG_CACHE_ATTRIBUTEPROXY_NAME = - "core.cache.attributeproxy.name"; - - public static final String PROP_CONFIG_BACKEND_ENDPOINT_GETALLSUPPORTEDATTRIBUTES = - "backend.endpoints.getallsupportedattributes"; - public static final String PROP_CONFIG_BACKEND_ENDPOINT_GETAPPLICATIONCONFIGURATION = - "backend.endpoints.getapplicationconfiguration"; - - public static final String PROP_CONFIG_INTERNAL_BPK_TARGET = "core.internal.bpk.target"; - - public static final String PROP_CONFIG_INTERNAL_FRONTEND_ONLY_MODE = "core.internal.frontend.only.mode"; - public static final boolean PROP_DEFAULT_CONFIG_INTERNAL_FRONTEND_ONLY_MODE = false; - - // Servlet End-Points - public static final String ENDPOINT_PROCESSENGINE_CONTROLLER = "/api/process"; - public static final String ENDPOINT_ERROR_IFRAME_HOPPING = "/error/parenthop"; - - - // GUI template directories - public static final String CLASSPATH_TEMPLATE_DIR = "/templates/"; - public static final String FILESYSTEM_TEMPLATE_DIR = "./templates/"; - public static final String TEMPLATE_HTML_ERROR = "error_message.html"; - - // GUI template defaultfiles - public static final String TEMPLATE_AUTHPROCESS_SELECTION_VDA_FULLFRAME = "authSelection.html"; - public static final String TEMPLATE_AUTHPROCESS_SELECTION_VDA_IFRAME = "authSelection_iframe.html"; - public static final String TEMPLATE_USER_CONSENT_REQUEST = "userConsent.html"; - public static final String TEMPLATE_IFRAME_TO_PARENT_HOPE = "iframe_parent_hope.html"; - public static final String TEMPLATE_MANDATE_SELECTION = "mandateSelection.html"; - public static final String TEMPLATE_PROF_REP_MANDATE_SELECTION = "profRepMandateSelection.html"; - public static final String TEMPLATE_MANDATE_SELECTION_DUMMY = "mandateSelection_dummy.html"; - - - - // http request parameters - public static final String HTTP_PARAM_APPLICATION_ID = "appId"; - public static final String HTTP_PARAM_STOP_PROCESS = "stopAuthProcess"; - public static final String HTTP_PARAM_EIDAS_PROCESS = "useeIDAS"; - public static final String HTTP_PARAM_EID_PROCESS = "useeID"; - public static final String HTTP_PARAM_EID_BINDING_AUTH_PROCESS = "useBindingAuth"; - public static final String HTTP_PARAM_USE_MANDATES = "useMandate"; - public static final String HTTP_PARAM_AUTHMETHOD = "authMethod"; - public static final String HTTP_PARAM_CONSENT_RELEASE_ATTRIBUTES = "releaseAttributes"; - public static final String HTTP_PARAM_CONSENT_STORE_CONSENT = "storeConsent"; - - @Deprecated - public static final String HTTP_PARAM_EIDMIGRATIONPILOT_PROCESS = "pilotMigration"; - @Deprecated - public static final String HTTP_PARAM_EIDMIGRATIONPILOT_SHOW_INFO_PAGE = "pilotMigrationInfoPage"; - @Deprecated - public static final String HTTP_PARAM_MOBILESIGNATURE_PROCESS = "usemobileSig"; - - // UI options - public static final String UI_PARAM_USE_MANDATES = HTTP_PARAM_USE_MANDATES; - public static final String UI_PARAM_USE_ONLY_MANDATES = "useOnlyMandate"; - public static final String UI_PARAM_USE_EIDAS = HTTP_PARAM_EIDAS_PROCESS; - public static final String UI_PARAM_DSGVO_SHORT_INFO = "dsgvoShortText"; - public static final String UI_PARAM_DSGVO_SP_PRIVACY_STATEMENT_URL = "dsgvoPrivacyStatementUrl"; - public static final String UI_PARAM_DSGVO_SP_SERVICE_URL = "dsgvoServiceUrl"; - public static final String UI_PARAM_DSGVO_SP_LOGO = "dsgvoSpLogo"; - public static final String UI_PARAM_DSGVO_SP_LOGO_SET = "dsgvoSpLogoSet"; - public static final String UI_PARAM_DSGVO_SP_LOGO_SET_DATAURL = "dataUrl"; - public static final String UI_PARAM_DSGVO_SP_LOGO_SET_THEME = "theme"; - public static final String UI_PARAM_DSGVO_SP_LOGO_SET_RESOLUTION = "resolution"; - public static final String UI_PARAM_DSGVO_SP_LOGO_SET_TYPE = "type"; - - public enum LogoType { SVG, PNG, UNKNOWN } - - public enum AuthBlockType { - CADES("CAdES"), JWS("JWS"), NONE("none"); - - private final String internalType; - - AuthBlockType(final String type) { - this.internalType = type; - - } - - /** - * Get Type identifier for this AuthBlock. - * - * @return - */ - public String getAuthBlockType() { - return this.internalType; - } - - @Override - public String toString() { - return getAuthBlockType(); - - } - } - - // process context parameters - public static final String PROCESSCONTEXT_USERCONSENT_NEEDED = "userConsentNeeded"; - public static final String PROCESSCONTEXT_AUTHPROCESSSELECTION_DONE = "authProcSelectDone"; - public static final String PROCESSCONTEXT_SWITCH_LANGUAGE = "changeLanguage"; - public static final String PROCESSCONTEXT_IFRAME_PARENT_NEEDED = "iframeParentNeeded"; - - public static final String PROCESSCONTEXT_WAS_EID_PROCESS = "wasEidProcess"; - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthConstants.java deleted file mode 100644 index ef7f667c..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthConstants.java +++ /dev/null @@ -1,166 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; - - -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.impl.data.Triple; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; - - -public class EidasCentralAuthConstants { - - private EidasCentralAuthConstants() { - - } - - public static final String SAML2_STATUSCODE_USERSTOP = "1005"; - - public static final String MODULE_NAME_FOR_LOGGING = "eIDAS central authentication"; - - public static final int METADATA_VALIDUNTIL_IN_HOURS = 24; - - // public static final String HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION = - // AuthHandlerConstants.HTTP_PARAM_EIDAS_PROCESS; - - public static final String ENDPOINT_POST = "/sp/eidas/post"; - public static final String ENDPOINT_REDIRECT = "/sp/eidas/redirect"; - public static final String ENDPOINT_METADATA = "/sp/eidas/metadata"; - - public static final String CONFIG_PROPS_PREFIX = "modules.eidascentralauth."; - public static final String CONFIG_PROPS_KEYSTORE_TYPE = CONFIG_PROPS_PREFIX + "keystore.type"; - public static final String CONFIG_PROPS_KEYSTORE_NAME = CONFIG_PROPS_PREFIX + "keystore.name"; - public static final String CONFIG_PROPS_KEYSTORE_PATH = CONFIG_PROPS_PREFIX + "keystore.path"; - public static final String CONFIG_PROPS_KEYSTORE_PASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; - public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX - + "metadata.sign.password"; - public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS = CONFIG_PROPS_PREFIX - + "metadata.sign.alias"; - public static final String CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD = CONFIG_PROPS_PREFIX - + "request.sign.password"; - public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS = CONFIG_PROPS_PREFIX - + "request.sign.alias"; - public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX - + "response.encryption.password"; - public static final String CONFIG_PROPS_ENCRYPTION_ALIAS = CONFIG_PROPS_PREFIX - + "response.encryption.alias"; - - public static final String CONFIG_PROPS_TRUSTSTORE_TYPE = CONFIG_PROPS_PREFIX + "truststore.type"; - public static final String CONFIG_PROPS_TRUSTSTORE_NAME = CONFIG_PROPS_PREFIX + "truststore.name"; - public static final String CONFIG_PROPS_TRUSTSTORE_PATH = CONFIG_PROPS_PREFIX + "truststore.path"; - public static final String CONFIG_PROPS_TRUSTSTORE_PASSWORD = CONFIG_PROPS_PREFIX + "truststore.password"; - - public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX - + "required.additional.attributes"; - public static final String CONFIG_PROPS_REQUIRED_LOA = CONFIG_PROPS_PREFIX - + "required.loa"; - public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "node.entityId"; - public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "node.metadataUrl"; - public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID"; - - - public static final String CONFIG_PROPS_METADATA_CONTACT_GIVENNAME = - CONFIG_PROPS_PREFIX + "metadata.contact.givenname"; - public static final String CONFIG_PROPS_METADATA_CONTACT_SURNAME = - CONFIG_PROPS_PREFIX + "metadata.contact.surname"; - public static final String CONFIG_PROPS_METADATA_CONTACT_EMAIL = - CONFIG_PROPS_PREFIX + "metadata.contact.email"; - public static final String CONFIG_PROPS_METADATA_ORGANISATION_NAME = - CONFIG_PROPS_PREFIX + "metadata.organisation.name"; - public static final String CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME = - CONFIG_PROPS_PREFIX + "metadata.organisation.friendyname"; - public static final String CONFIG_PROPS_METADATA_ORGANISATION_URL = - CONFIG_PROPS_PREFIX + "metadata.organisation.url"; - - public static final String CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL = "auth.eidas.node.entityId"; - - public static final String CONFIG_PROPS_SEMPER_MANDATES_ACTIVE = CONFIG_PROPS_PREFIX - + "semper.mandates.active"; - public static final String CONFIG_PROPS_SEMPER_MANDATES_MS_PROXY_LIST = CONFIG_PROPS_PREFIX - + "semper.msproxy.list"; - - public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EaafConstants.EIDAS_LOA_HIGH; - - @Deprecated - public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES_WITHOUT_EID = - Collections.unmodifiableList(new ArrayList>() { - private static final long serialVersionUID = 1L; - { - // add PVP Version attribute - add(Triple.newInstance(PvpAttributeDefinitions.PVP_VERSION_NAME, - PvpAttributeDefinitions.PVP_VERSION_FRIENDLY_NAME, true)); - - // request entity information - add(Triple.newInstance(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, - PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false)); - add(Triple.newInstance(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, - PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true)); - add(Triple.newInstance(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, - PvpAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, true)); - - // entity eID information - add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME, - AhExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, false)); - add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME, - AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, false)); - - // Deprecated information - add(Triple.newInstance(PvpAttributeDefinitions.GIVEN_NAME_NAME, - PvpAttributeDefinitions.GIVEN_NAME_FRIENDLY_NAME, false)); - add(Triple.newInstance(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, - PvpAttributeDefinitions.PRINCIPAL_NAME_FRIENDLY_NAME, false)); - add(Triple.newInstance(PvpAttributeDefinitions.BIRTHDATE_NAME, - PvpAttributeDefinitions.BIRTHDATE_FRIENDLY_NAME, false)); - add(Triple.newInstance(PvpAttributeDefinitions.BPK_NAME, PvpAttributeDefinitions.BPK_FRIENDLY_NAME, - false)); - add(Triple.newInstance(PvpAttributeDefinitions.EID_IDENTITY_LINK_NAME, - PvpAttributeDefinitions.EID_IDENTITY_LINK_FRIENDLY_NAME, false)); - - //request pII transactionId from MS-Connector - add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, - ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_FRIENDLY_NAME, false)); - - } - }); - - public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES = - Collections.unmodifiableList(new ArrayList>() { - private static final long serialVersionUID = 1L; - { - // add PVP Version attribute - add(Triple.newInstance(PvpAttributeDefinitions.PVP_VERSION_NAME, - PvpAttributeDefinitions.PVP_VERSION_FRIENDLY_NAME, true)); - - // entity metadata information - add(Triple.newInstance(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, - PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true)); - add(Triple.newInstance(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, - PvpAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, true)); - - // entity eID information - add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME, - AhExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, true)); - add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME, - AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, true)); - - //request pII transactionId from MS-Connector - add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, - ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_FRIENDLY_NAME, false)); - - } - }); - - public static final List DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES = - Collections.unmodifiableList(new ArrayList() { - private static final long serialVersionUID = 1L; - { - for (final Triple el : DEFAULT_REQUIRED_PVP_ATTRIBUTES) { - add(el.getFirst()); - } - } - }); - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthCredentialProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthCredentialProvider.java deleted file mode 100644 index 81ef82ed..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthCredentialProvider.java +++ /dev/null @@ -1,130 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; - -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; - -import org.springframework.beans.factory.annotation.Autowired; - -/** - * Credential provider for eIDAS PVP S-Profile client. - * - * @author tlenz - * - */ -public class EidasCentralAuthCredentialProvider extends AbstractCredentialProvider { - - @Autowired - IConfiguration authConfig; - - private static final String FRIENDLYNAME = "eIDAS centrial authentication"; - - @Override - public KeyStoreConfiguration getBasicKeyStoreConfig() throws EaafConfigurationException { - final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); - keyStoreConfig.setFriendlyName(FRIENDLYNAME); - keyStoreConfig.setKeyStoreType( - authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE_TYPE, - KeyStoreType.PKCS12.getKeyStoreType())); - keyStoreConfig.setKeyStoreName( - authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE_NAME)); - keyStoreConfig.setSoftKeyStoreFilePath(getKeyStoreFilePath()); - keyStoreConfig.setSoftKeyStorePassword( - authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE_PASSWORD)); - - return keyStoreConfig; - - } - - private String getKeyStoreFilePath() throws EaafConfigurationException { - final String path = authConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE_PATH); - if (path == null) { - throw new EaafConfigurationException("module.eidasauth.00", - new Object[] { EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE_PATH }); - - } - return path; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getMetadataKeyAlias() - */ - @Override - public String getMetadataKeyAlias() { - return authConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getMetadataKeyPassword() - */ - @Override - public String getMetadataKeyPassword() { - return authConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getSignatureKeyAlias() - */ - @Override - public String getSignatureKeyAlias() { - return authConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getSignatureKeyPassword() - */ - @Override - public String getSignatureKeyPassword() { - return authConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getEncryptionKeyAlias() - */ - @Override - public String getEncryptionKeyAlias() { - return authConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getEncryptionKeyPassword() - */ - @Override - public String getEncryptionKeyPassword() { - return authConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD); - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataConfiguration.java deleted file mode 100644 index ca71807f..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataConfiguration.java +++ /dev/null @@ -1,471 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; - - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.data.Triple; -import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; - -import org.opensaml.saml.saml2.core.Attribute; -import org.opensaml.saml.saml2.core.NameIDType; -import org.opensaml.saml.saml2.metadata.ContactPerson; -import org.opensaml.saml.saml2.metadata.Organization; -import org.opensaml.saml.saml2.metadata.RequestedAttribute; -import org.opensaml.security.credential.Credential; - -import lombok.extern.slf4j.Slf4j; - -/** - * Configuration object to generate PVP S-Profile metadata for SAML2 client. - * - * @author tlenz - * - */ -@Slf4j -public class EidasCentralAuthMetadataConfiguration implements IPvpMetadataBuilderConfiguration { - - private Collection additionalAttributes = null; - - private final String authUrl; - private final EidasCentralAuthCredentialProvider credentialProvider; - private final IPvp2BasicConfiguration pvpConfiguration; - - /** - * Configuration object to create PVP2 S-Profile metadata information. - * - * @param authUrl Public URL prefix of the application - * @param credentialProvider Credentials used by PVP2 S-Profile end-point - * @param pvpConfiguration Basic PVP2 S-Profile end-point configuration - */ - public EidasCentralAuthMetadataConfiguration(String authUrl, - EidasCentralAuthCredentialProvider credentialProvider, - IPvp2BasicConfiguration pvpConfiguration) { - this.authUrl = authUrl; - this.credentialProvider = credentialProvider; - this.pvpConfiguration = pvpConfiguration; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getMetadataValidUntil() - */ - @Override - public int getMetadataValidUntil() { - return EidasCentralAuthConstants.METADATA_VALIDUNTIL_IN_HOURS; - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * buildEntitiesDescriptorAsRootElement() - */ - @Override - public boolean buildEntitiesDescriptorAsRootElement() { - return false; - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * buildIDPSSODescriptor() - */ - @Override - public boolean buildIdpSsoDescriptor() { - return false; - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * buildSPSSODescriptor() - */ - @Override - public boolean buildSpSsoDescriptor() { - return true; - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getEntityIDPostfix() - */ - @Override - public String getEntityID() { - return authUrl + EidasCentralAuthConstants.ENDPOINT_METADATA; - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getEntityFriendlyName() - */ - @Override - public String getEntityFriendlyName() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getContactPersonInformation() - */ - @Override - public List getContactPersonInformation() { - try { - return pvpConfiguration.getIdpContacts(); - - } catch (final EaafException e) { - log.warn("Can not load Metadata entry: Contect Person", e); - return null; - - } - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getOrgansiationInformation() - */ - @Override - public Organization getOrgansiationInformation() { - try { - return pvpConfiguration.getIdpOrganisation(); - - } catch (final EaafException e) { - log.warn("Can not load Metadata entry: Organisation", e); - return null; - - } - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getMetadataSigningCredentials() - */ - @Override - public EaafX509Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { - return credentialProvider.getMetaDataSigningCredential(); - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getRequestorResponseSigningCredentials() - */ - @Override - public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { - return credentialProvider.getMessageSigningCredential(); - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getEncryptionCredentials() - */ - @Override - public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { - return credentialProvider.getMessageEncryptionCredential(); - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getIDPWebSSOPostBindingURL() - */ - @Override - public String getIdpWebSsoPostBindingUrl() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getIDPWebSSORedirectBindingURL() - */ - @Override - public String getIdpWebSsoRedirectBindingUrl() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getIDPSLOPostBindingURL() - */ - @Override - public String getIdpSloPostBindingUrl() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getIDPSLORedirectBindingURL() - */ - @Override - public String getIdpSloRedirectBindingUrl() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getSPAssertionConsumerServicePostBindingURL() - */ - @Override - public String getSpAssertionConsumerServicePostBindingUrl() { - return authUrl + EidasCentralAuthConstants.ENDPOINT_POST; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getSPAssertionConsumerServiceRedirectBindingURL() - */ - @Override - public String getSpAssertionConsumerServiceRedirectBindingUrl() { - return authUrl + EidasCentralAuthConstants.ENDPOINT_REDIRECT; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getSPSLOPostBindingURL() - */ - @Override - public String getSpSloPostBindingUrl() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getSPSLORedirectBindingURL() - */ - @Override - public String getSpSloRedirectBindingUrl() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getSPSLOSOAPBindingURL() - */ - @Override - public String getSpSloSoapBindingUrl() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getIDPPossibleAttributes() - */ - @Override - public List getIdpPossibleAttributes() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getIDPPossibleNameITTypes() - */ - @Override - public List getIdpPossibleNameIdTypes() { - return null; - } - - - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getSPRequiredAttributes() - */ - @Override - public Collection getSpRequiredAttributes() { - final Map requestedAttributes = new HashMap<>(); - - if (pvpConfiguration.getBasicConfiguration().getBasicConfigurationBoolean( - AuthHandlerConstants.PROP_CONFIG_LEGACY_ALLOW, false)) { - log.trace("Build required attributes for legacy operaton ... "); - injectDefinedAttributes(requestedAttributes, - EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES_WITHOUT_EID); - - } else { - log.trace("Build required attributes for E-ID operaton ... "); - injectDefinedAttributes(requestedAttributes, - EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES); - - } - - if (additionalAttributes != null) { - log.trace("Add additional PVP attributes into metadata ... "); - for (final RequestedAttribute el : additionalAttributes) { - if (requestedAttributes.containsKey(el.getName())) { - log.debug("Attribute " + el.getName() - + " is already added by default configuration. Overwrite it by user configuration"); - } - - requestedAttributes.put(el.getName(), el); - - } - } - - return requestedAttributes.values(); - - } - - - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getSPAllowedNameITTypes() - */ - @Override - public List getSpAllowedNameIdTypes() { - return Arrays.asList(NameIDType.PERSISTENT); - - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPMetadataBuilderConfiguration#getSPNameForLogging() - */ - @Override - public String getSpNameForLogging() { - return EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPMetadataBuilderConfiguration#wantAssertionSigned() - */ - @Override - public boolean wantAssertionSigned() { - return false; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned() - */ - @Override - public boolean wantAuthnRequestSigned() { - return true; - } - - /** - * Add additonal PVP attributes that are required by this deployment. - * - * @param additionalAttr List of PVP attribute name and isRequired flag - */ - public void setAdditionalRequiredAttributes(List> additionalAttr) { - if (additionalAttr != null && !additionalAttr.isEmpty()) { - additionalAttributes = new ArrayList<>(); - for (final Pair el : additionalAttr) { - final Attribute attributBuilder = PvpAttributeBuilder.buildEmptyAttribute(el.getFirst()); - if (attributBuilder != null) { - additionalAttributes.add( - PvpAttributeBuilder.buildReqAttribute( - attributBuilder.getName(), - attributBuilder.getFriendlyName(), - el.getSecond())); - - } else { - log.info("NO PVP attribute with name: " + el.getFirst()); - } - - } - } - } - - private void injectDefinedAttributes(Map requestedAttributes, - List> attributes) { - for (final Triple el : attributes) { - requestedAttributes.put(el.getFirst(), PvpAttributeBuilder.buildReqAttribute(el.getFirst(), el - .getSecond(), el.getThird())); - - } - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataController.java deleted file mode 100644 index 90e1e674..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataController.java +++ /dev/null @@ -1,149 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; - - -import java.io.IOException; -import java.net.MalformedURLException; -import java.net.URL; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.http.HttpUtils; -import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; -import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; -import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder; - -import org.apache.commons.lang3.StringUtils; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -import com.google.common.net.MediaType; -import lombok.extern.slf4j.Slf4j; - -/** - * Controller that generates SAML2 metadata for eIDAS authentication client. - * - * @author tlenz - * - */ -@Slf4j -@Controller -public class EidasCentralAuthMetadataController extends AbstractController { - - private static final String ERROR_CODE_INTERNAL_00 = "eaaf.core.00"; - - @Autowired - PvpMetadataBuilder metadatabuilder; - @Autowired - EidasCentralAuthCredentialProvider credentialProvider; - @Autowired - IPvp2BasicConfiguration pvpConfiguration; - - /** - * Default construction with logging. - * - */ - public EidasCentralAuthMetadataController() { - super(); - log.debug("Registering servlet " + getClass().getName() - + " with mappings '" + EidasCentralAuthConstants.ENDPOINT_METADATA - + "'."); - - } - - /** - * End-point that produce PVP2 metadata for eIDAS authentication client. - * - * @param req http Request - * @param resp http Response - * @throws IOException In case of an I/O error - * @throws EaafException In case of a metadata generation error - */ - @RequestMapping(value = EidasCentralAuthConstants.ENDPOINT_METADATA, - method = { RequestMethod.GET }) - public void getSpMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException, - EaafException { - // check PublicURL prefix - try { - final String authUrl = getAuthUrlFromHttpContext(req); - - // initialize metadata builder configuration - final EidasCentralAuthMetadataConfiguration metadataConfig = - new EidasCentralAuthMetadataConfiguration(authUrl, credentialProvider, pvpConfiguration); - metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes()); - - // build metadata - final String xmlMetadata = metadatabuilder.buildPvpMetadata(metadataConfig); - - // write response - final byte[] content = xmlMetadata.getBytes("UTF-8"); - resp.setStatus(HttpServletResponse.SC_OK); - resp.setContentLength(content.length); - resp.setContentType(MediaType.XML_UTF_8.toString()); - resp.getOutputStream().write(content); - - } catch (final Exception e) { - log.warn("Build federated-authentication PVP metadata FAILED.", e); - protAuthService.handleErrorNoRedirect(e, req, resp, false); - - } - - } - - private String getAuthUrlFromHttpContext(HttpServletRequest req) throws EaafException { - // check if End-Point is valid - final String authUrlString = HttpUtils.extractAuthUrlFromRequest(req); - URL authReqUrl; - try { - authReqUrl = new URL(authUrlString); - - } catch (final MalformedURLException e) { - log.warn("Requested URL: {} is not a valid URL.", authUrlString); - throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString }, e); - - } - - final String idpAuthUrl = authConfig.validateIdpUrl(authReqUrl); - if (idpAuthUrl == null) { - log.warn("Requested URL: {} is NOT found in configuration.", authReqUrl); - throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString }); - - } - - return idpAuthUrl; - } - - private List> getAdditonalRequiredAttributes() { - final List> result = new ArrayList<>(); - - // load attributes from configuration - final Map addReqAttributes = authConfig.getBasicConfigurationWithPrefix( - EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST); - for (final String el : addReqAttributes.values()) { - if (StringUtils.isNotEmpty(el)) { - log.trace("Parse additional attr. definition: " + el); - final List attr = KeyValueUtils.getListOfCsvValues(el.trim()); - if (attr.size() == 2) { - result.add(Pair.newInstance(attr.get(0), Boolean.parseBoolean(attr.get(1)))); - - } else { - log.info("IGNORE additional attr. definition: " + el - + " Reason: Format not valid"); - } - } - } - - return result; - - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataProvider.java deleted file mode 100644 index b920e789..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataProvider.java +++ /dev/null @@ -1,169 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; - -import java.io.IOException; -import java.security.KeyStore; -import java.security.Provider; -import java.security.cert.CertificateException; -import java.text.MessageFormat; -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; - -import javax.annotation.PostConstruct; - -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; - -import org.apache.commons.lang3.StringUtils; -import org.opensaml.saml.metadata.resolver.MetadataResolver; -import org.opensaml.saml.metadata.resolver.filter.MetadataFilter; -import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain; -import org.springframework.beans.factory.annotation.Autowired; - -import lombok.extern.slf4j.Slf4j; - -/** - * SAML2 metadata-provider implementation for eIDAS client. - * - * @author tlenz - * - */ -@Slf4j -public class EidasCentralAuthMetadataProvider extends AbstractChainingMetadataProvider { - - private static final String FRIENDLYNAME_METADATA_TRUSTSTORE = "'eIDAS_client metadata truststore'"; - private static final String PROVIDER_ID_PATTERN = "eIDAS resolver: {0}"; - public static final String PROVIDER_ID = "'eIDAS_client metadata provider'"; - - @Autowired - private IConfiguration basicConfig; - - @Autowired - private PvpMetadataResolverFactory metadataProviderFactory; - @Autowired - private IHttpClientFactory httpClientFactory; - - @Autowired - private EaafKeyStoreFactory keyStoreFactory; - - private Pair metadataSigningTrustStore; - - @Override - protected String getMetadataUrl(String entityId) throws EaafConfigurationException { - log.trace("eIDAS Auth. uses SAML2 well-known location approach. EntityId is Metadata-URL"); - return entityId; - - } - - @Override - protected MetadataResolver createNewMetadataProvider(String entityId) throws EaafConfigurationException, - IOException, CertificateException { - final List filterList = new ArrayList<>(); - filterList.add(new SchemaValidationFilter(true)); - filterList.add(new SimpleMetadataSignatureVerificationFilter( - metadataSigningTrustStore.getFirst(), entityId)); - - final MetadataFilterChain filter = new MetadataFilterChain(); - filter.setFilters(filterList); - - try { - return metadataProviderFactory.createMetadataProvider(getMetadataUrl(entityId), - filter, - MessageFormat.format(PROVIDER_ID_PATTERN, entityId), - httpClientFactory.getHttpClient()); - - } catch (final Pvp2MetadataException e) { - log.info("Can NOT build metadata provider for entityId: {}", entityId); - throw new EaafConfigurationException("module.eidasauth.04", - new Object[] { entityId, e.getMessage() }, e); - - } - } - - @Override - protected List getAllMetadataUrlsFromConfiguration() throws EaafConfigurationException { - return Collections.emptyList(); - - } - - @Override - protected String getMetadataProviderId() { - return PROVIDER_ID; - - } - - @Override - public void runGarbageCollector() { - log.trace("Garbage collection is NOT supported by: {}", getId()); - } - - @Override - public void doDestroy() { - super.fullyDestroy(); - - } - - @PostConstruct - private void initialize() throws EaafException { - // initialize truststore to validate metadata signing certificates - initializeTrustStore(); - - // load metadata with metadataURL, as backup - initializeFileSystemMetadata(); - - } - - private void initializeFileSystemMetadata() { - try { - final String metadataUrl = basicConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_NODE_METADATAURL); - if (StringUtils.isNotEmpty(metadataUrl)) { - log.info("Use not recommended metadata-provider initialization!" - + " SAML2 'Well-Known-Location' is the preferred methode."); - log.info("Initialize 'ms-specific eIDAS node' metadata-provider with URL: {}", metadataUrl); - - addMetadataResolverIntoChain(createNewMetadataProvider(metadataUrl)); - } - - } catch (final EaafConfigurationException | CertificateException | IOException e) { - log.warn("Can NOT inject static eIDAS Node metadata-soure.", e); - log.warn("eIDAS Node communication can be FAIL."); - - } - } - - private void initializeTrustStore() throws EaafException { - // set configuration - final KeyStoreConfiguration trustStoreConfig = new KeyStoreConfiguration(); - trustStoreConfig.setFriendlyName(FRIENDLYNAME_METADATA_TRUSTSTORE); - trustStoreConfig.setKeyStoreType(basicConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_TRUSTSTORE_TYPE, - KeyStoreType.JKS.getKeyStoreType())); - trustStoreConfig.setKeyStoreName(basicConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_TRUSTSTORE_NAME)); - trustStoreConfig.setSoftKeyStoreFilePath(basicConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_TRUSTSTORE_PATH)); - trustStoreConfig.setSoftKeyStorePassword(basicConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_TRUSTSTORE_PASSWORD)); - - // validate configuration - trustStoreConfig.validate(); - - // open new TrustStore - metadataSigningTrustStore = keyStoreFactory.buildNewKeyStore(trustStoreConfig); - - } - -} - diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthRequestBuilderConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthRequestBuilderConfiguration.java deleted file mode 100644 index 723654eb..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthRequestBuilderConfiguration.java +++ /dev/null @@ -1,300 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; - -import java.util.List; - -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; -import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation; - -import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration; -import org.opensaml.saml.saml2.core.NameIDType; -import org.opensaml.saml.saml2.metadata.EntityDescriptor; -import org.w3c.dom.Element; - -public class EidasCentralAuthRequestBuilderConfiguration implements IPvpAuthnRequestBuilderConfiguruation { - - private boolean isPassive; - private String spEntityId; - private String qaaLevel; - private EntityDescriptor idpEntity; - private EaafX509Credential signCred; - private String scopeRequesterId; - private String providerName; - private List requestedAttributes; - private String reqId; - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#isPassivRequest() - */ - @Override - public Boolean isPassivRequest() { - return this.isPassive; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getAssertionConsumerServiceId() - */ - @Override - public Integer getAssertionConsumerServiceId() { - return 0; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getEntityID() - */ - @Override - public String getSpEntityID() { - return this.spEntityId; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() - */ - @Override - public String getNameIdPolicyFormat() { - return NameIDType.PERSISTENT; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() - */ - @Override - public boolean getNameIdPolicyAllowCreation() { - return true; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getAuthnContextClassRef() - */ - @Override - public String getAuthnContextClassRef() { - return this.qaaLevel; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getAuthnContextComparison() - */ - @Override - public AuthnContextComparisonTypeEnumeration getAuthnContextComparison() { - return AuthnContextComparisonTypeEnumeration.MINIMUM; - } - - /** - * Set isPassive flag in SAML2 request. - * - * @param isPassive the isPassive to set. - */ - public void setPassive(boolean isPassive) { - this.isPassive = isPassive; - } - - /** - * Set the requester EntityId. - * - * @param spEntityId EntityId of SP - */ - public void setSpEntityID(String spEntityId) { - this.spEntityId = spEntityId; - } - - /** - * Set required LoA. - * - * @param loa the LoA to set. - */ - public void setRequestedLoA(String loa) { - qaaLevel = loa; - } - - /** - * Set EntityId of IDP. - * - * @param idpEntity the idpEntity to set. - */ - public void setIdpEntity(EntityDescriptor idpEntity) { - this.idpEntity = idpEntity; - } - - /** - * Set message signing credentials. - * - * @param signCred the signCred to set. - */ - public void setSignCred(EaafX509Credential signCred) { - this.signCred = signCred; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getAuthnRequestSigningCredential() - */ - @Override - public EaafX509Credential getAuthnRequestSigningCredential() { - return this.signCred; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getIDPEntityDescriptor() - */ - @Override - public EntityDescriptor getIdpEntityDescriptor() { - return this.idpEntity; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getSubjectNameID() - */ - @Override - public String getSubjectNameID() { - return null; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getSPNameForLogging() - */ - @Override - public String getSpNameForLogging() { - return EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDFormat() - */ - @Override - public String getSubjectNameIdFormat() { - return null; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getRequestID() - */ - @Override - public String getRequestID() { - return this.reqId; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDQualifier() - */ - @Override - public String getSubjectNameIdQualifier() { - return null; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationMethode() - */ - @Override - public String getSubjectConformationMethode() { - return null; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationDate() - */ - @Override - public Element getSubjectConformationDate() { - return null; - } - - @Override - public List getRequestedAttributes() { - return this.requestedAttributes; - - } - - @Override - public String getProviderName() { - return this.providerName; - } - - @Override - public String getScopeRequesterId() { - return this.scopeRequesterId; - } - - /** - * Set the entityId of the SP that requests the proxy for eIDAS authentication. - * - * @param scopeRequesterId RequestId in SAML2 Proxy extension - */ - public void setScopeRequesterId(String scopeRequesterId) { - this.scopeRequesterId = scopeRequesterId; - } - - /** - * Set a friendlyName for the SP that requests the proxy for eIDAS - * authentication. - * - * @param providerName SAML2 provider-name attribute-value - */ - public void setProviderName(String providerName) { - this.providerName = providerName; - } - - /** - * Set a Set of PVP attributes that a requested by using requested attributes. - * - * @param requestedAttributes Requested SAML2 attributes - */ - public void setRequestedAttributes(List requestedAttributes) { - this.requestedAttributes = requestedAttributes; - } - - /** - * Set a RequestId for this Authn. Request. - * - * @param reqId SAML2 message requestId - */ - public void setRequestId(String reqId) { - this.reqId = reqId; - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/IAhSpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/IAhSpConfiguration.java deleted file mode 100644 index d8e873c0..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/IAhSpConfiguration.java +++ /dev/null @@ -1,151 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; - -import java.util.List; - -import javax.annotation.Nonnull; -import javax.annotation.Nullable; - -import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; -import at.gv.egiz.eaaf.core.impl.data.Pair; - -public interface IAhSpConfiguration extends ISpConfiguration { - - - /** - * Flag if this Service Provider is enabled. - * - * @return true if the SP is enabled, otherwise false - */ - boolean isEnabled(); - - /** - * Get unique identifier that is used in Application-Register from BM.I. - * - *

If no BM.I specific identifier is available then this method returns - * the same identifier as getUniqueIdentifier()

- * - * @return unique identifier from BM.I AppReg, or generic uniqueId of no specific exists - */ - String getUniqueApplicationRegisterIdentifier(); - - /** - * Flag that marks this Service-Provider as public or private. - * - *

Default: If it is not set or has an unknown value, its private by default

- * - * @return true if it is from public, otherwise false - */ - boolean isPublicServiceProvider(); - - /** - * Enable test identities for this Service Provider. - * - * @return true if test identities are allowed, otherwise false - */ - boolean isTestCredentialEnabled(); - - /** - * Get a List of OID's that refine the set of allowed test identities. - * - * @return @link {@link List} of test-identity OID's - */ - @Nullable - List getTestCredentialOids(); - - - /** - * Get a List of unique attribute URI's that are required by this SP. - * - * @return {@link List} of attribute URI's / parameter {@link Pair}s - */ - List> getRequiredAttributes(); - - - /** - * Get the CountryCode for this service.
- *
- * Default: AT - * - * @return - */ - String getCountryCode(); - - /** - * Set the CountryCode for this service. If not countryCode is set, AT is used as default. - * - * @param cc Service-Provider country-code - */ - void setCountryCode(String cc); - - /** - * Enable mandates for this service provider. - * - * @return true if mandates are enabled, otherwise false - */ - boolean isMandateEnabled(); - - /** - * Enables multi-mandates for this service-provider. - * - * @return true if multi-mandates are enabled, otherwise false - */ - boolean isMultiMandateEnabled(); - - /** - * Only mandates are allowed for this service provider. - * - * @return true if only mandates are allowed, otherwise false - */ - boolean isOnlyMandateEnabled(); - - /** - * Get a {@link List} of mandate profiles that are supported by this Service provider. - * - * @return - */ - @Nonnull List getMandateProfiles(); - - - /** - * eIDAS authentication allowed flag. - * - * @return true if eIDAS authentication is enabled, otherwise false - */ - boolean isEidasEnabled(); - - /** - * Get a List of targets for additional bPKs that are required by this service provider. - * - * @return List of prefixed bPK targets - */ - @Nonnull List getAdditionalBpkTargets(); - - /** - * Get a list of foreign bPK targets that are required by this service provider. - * - * @return List of pairs with prefixed bPK targets as first element and VKZ as second element - */ - @Nonnull List> getAdditionalForeignBpkTargets(); - - /** - * Flag that indicates that service-provider as restricted or unrestricted. - * - *

A restricted service-provider can only used by test-identities that contains a - * valid application-restriction in User-Certificate Pinning

- * - *

Default: true

- * - * @return true if it is restricted, otherwise false - */ - boolean isRestrictedServiceProvider(); - - - /** - * Defines the time in minutes how long the last VDA registration h@Override - ave passed as maximum. - * - * @return time in minutes - */ - long lastVdaAuthenticationDelay(); - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java index 3f2ae1f2..5f242c1b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java @@ -23,11 +23,11 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig.EidasCentralAuthConstants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig.EidasCentralAuthCredentialProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig.EidasCentralAuthMetadataProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig.EidasCentralAuthRequestBuilderConfiguration; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig.IAhSpConfiguration; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthCredentialProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthRequestBuilderConfiguration; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IAhSpConfiguration; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; @@ -72,9 +72,9 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet @Autowired PvpAuthnRequestBuilder authnReqBuilder; @Autowired - EidasCentralAuthCredentialProvider credential; + IdAustriaClientAuthCredentialProvider credential; @Autowired - EidasCentralAuthMetadataProvider metadataService; + IdAustriaClientAuthMetadataProvider metadataService; // @Autowired // ITransactionStorage transactionStorage; @@ -107,18 +107,18 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet } // setup AuthnRequestBuilder configuration - final EidasCentralAuthRequestBuilderConfiguration authnReqConfig = - new EidasCentralAuthRequestBuilderConfiguration(); + final IdAustriaClientAuthRequestBuilderConfiguration authnReqConfig = + new IdAustriaClientAuthRequestBuilderConfiguration(); final SecureRandomIdentifierGenerationStrategy gen = new SecureRandomIdentifierGenerationStrategy(); authnReqConfig.setRequestId(gen.generateIdentifier()); authnReqConfig.setIdpEntity(entityDesc); authnReqConfig.setPassive(false); authnReqConfig.setSignCred(credential.getMessageSigningCredential()); - authnReqConfig.setSpEntityID(pendingReq.getAuthUrl() + EidasCentralAuthConstants.ENDPOINT_METADATA); + authnReqConfig.setSpEntityID(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_METADATA); authnReqConfig.setRequestedLoA(authConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_LOA, - EidasCentralAuthConstants.CONFIG_DEFAULT_LOA_EIDAS_LEVEL)); + IdAustriaClientAuthConstants.CONFIG_PROPS_REQUIRED_LOA, + IdAustriaClientAuthConstants.CONFIG_DEFAULT_LOA_EIDAS_LEVEL)); authnReqConfig.setScopeRequesterId( pendingReq.getServiceProviderConfiguration(IAhSpConfiguration.class) diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index dd0e1345..c6d69c5d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -135,13 +135,13 @@ scope="prototype" /> + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthCredentialProvider" /> + class=" at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthMetadataProvider" /> + class=" at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthMetadataController" /> \ No newline at end of file -- cgit v1.2.3 From 4c621edbacbaed95edf4cac3a44a84e9e5c55819 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Fri, 29 Jan 2021 17:11:32 +0100 Subject: remove unnecessary classes --- .../config/junit_config_1_springboot.properties | 1 + .../AhAuthProcessDataConstants.java | 9 - .../idaustriaclient/AhAuthProcessDataWrapper.java | 224 ---------- .../AhExtendedPvpAttributeDefinitions.java | 24 -- .../v2/idaustriaclient/AuthHandlerConstants.java | 141 ------- .../v2/idaustriaclient/IAhAuthProcessData.java | 190 --------- .../v2/idaustriaclient/IAhSpConfiguration.java | 151 ------- .../eidas/v2/idaustriaclient/IRawMandateDao.java | 32 -- .../eidas/v2/idaustriaclient/ISignedMandate.java | 19 - .../IdAustriaClientAuthConstants.java | 55 +-- .../IdAustriaClientAuthMetadataConfiguration.java | 16 +- .../eidas/v2/idaustriaclient/MisException.java | 17 - .../GenerateMobilePhoneSignatureRequestTask.java | 6 +- ...eSignatureResponseAndSearchInRegistersTask.java | 121 +++--- .../v2/test/tasks/InitialSearchTaskFirstTest.java | 463 --------------------- .../eidas/v2/test/tasks/InitialSearchTaskTest.java | 463 +++++++++++++++++++++ 16 files changed, 527 insertions(+), 1405 deletions(-) delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataConstants.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataWrapper.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhExtendedPvpAttributeDefinitions.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AuthHandlerConstants.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhAuthProcessData.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhSpConfiguration.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IRawMandateDao.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/ISignedMandate.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/MisException.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskFirstTest.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java (limited to 'connector/src') diff --git a/connector/src/test/resources/config/junit_config_1_springboot.properties b/connector/src/test/resources/config/junit_config_1_springboot.properties index 1cfeef37..fc0c7241 100644 --- a/connector/src/test/resources/config/junit_config_1_springboot.properties +++ b/connector/src/test/resources/config/junit_config_1_springboot.properties @@ -107,6 +107,7 @@ eidas.ms.modules.idaustriaclient.truststore.password=password eidas.ms.modules.idaustriaclient.truststore.type=jks eidas.ms.modules.idaustriaclient.node.entityId= +eidas.ms.modules.idaustriaclient.sp.entityId= eidas.ms.modules.idaustriaclient.node.metadataUrl= eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataConstants.java deleted file mode 100644 index 36ea2440..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataConstants.java +++ /dev/null @@ -1,9 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; - -import at.gv.egiz.eaaf.core.api.idp.EaafAuthProcessDataConstants; - -public interface AhAuthProcessDataConstants extends EaafAuthProcessDataConstants { - - - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataWrapper.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataWrapper.java deleted file mode 100644 index 1b20960b..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataWrapper.java +++ /dev/null @@ -1,224 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; - - -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.util.Map; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; -import iaik.x509.X509Certificate; - -public class AhAuthProcessDataWrapper extends AuthProcessDataWrapper - implements IAhAuthProcessData, AhAuthProcessDataConstants { - private static final Logger log = LoggerFactory.getLogger(AhAuthProcessDataWrapper.class); - - public static final String VALUE_SIGNER_CERT = "direct_signerCert"; - public static final String VALUE_VDAURL = "direct_bkuUrl"; - - public static final String VALUE_MANDATES_REFVALUE = "direct_mis_refvalue"; - - public static final String VALUE_EID_QCBIND = "direct_eid_qcBind"; - public static final String VALUE_EID_VSZ = "direct_eid_vsz"; - public static final String VALUE_EID_SIGNEDAUTHBLOCK = "direct_eid_authblock"; - public static final String VALUE_EID_SIGNEDAUTHBLOCK_TYPE = "direct_eid_authblock_type"; - public static final String VALUE_EID_MIS_MANDATE = "direct_eid_mis_mandate"; - - public static final String VALUE_INTERNAL_BPK = "direct_internal_bpk"; - public static final String VALUE_INTERNAL_BPKYPE = "direct_internal_bpktype"; - - public static final String VALUE_INTERNAL_MANDATE_ELGA_PROCESS = "direct_is_elga_mandate_process"; - public static final String VALUE_INTERNAL_VDA_AUTHENTICATION_PROCESS = "direct_is_vda_auth_process"; - - public AhAuthProcessDataWrapper(final Map authProcessData) { - super(authProcessData); - - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSignerCertificate() - */ - @Override - public X509Certificate getSignerCertificate() { - final byte[] encCert = getEncodedSignerCertificate(); - - if (encCert != null) { - try { - return new X509Certificate(encCert); - } catch (final CertificateException e) { - log.warn("Signer certificate can not be loaded from session database!", e); - - } - } - return null; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getEncodedSignerCertificate() - */ - @Override - public byte[] getEncodedSignerCertificate() { - return wrapStoredObject(VALUE_SIGNER_CERT, null, byte[].class); - - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSignerCertificate(iaik.x509. - * X509Certificate) - */ - @Override - public void setSignerCertificate(final java.security.cert.X509Certificate signerCertificate) { - try { - authProcessData.put(VALUE_SIGNER_CERT, signerCertificate.getEncoded()); - - } catch (final CertificateEncodingException e) { - log.warn("Signer certificate can not be stored to session database!", e); - } - - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getBkuURL() - */ - @Override - public String getVdaUrl() { - return wrapStoredObject(VALUE_VDAURL, null, String.class); - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setBkuURL(java.lang.String) - */ - @Override - public void setVdaUrl(final String vdaUrl) { - authProcessData.put(VALUE_VDAURL, vdaUrl); - - } - - @Override - public String getMandateReferenceValue() { - return wrapStoredObject(VALUE_MANDATES_REFVALUE, null, String.class); - } - - @Override - public void setMandateReferenceValue(final String refValue) { - authProcessData.put(VALUE_MANDATES_REFVALUE, refValue); - - } - - @Override - public String getQcBind() { - return wrapStoredObject(VALUE_EID_QCBIND, null, String.class); - } - - @Override - public void setQcBind(final String qcBind) { - authProcessData.put(VALUE_EID_QCBIND, qcBind); - - } - - @Override - public String getVsz() { - return wrapStoredObject(VALUE_EID_VSZ, null, String.class); - } - - @Override - public void setVsz(final String vsz) { - authProcessData.put(VALUE_EID_VSZ, vsz); - - } - - @Override - public byte[] getSignedAuthBlock() { - return wrapStoredObject(VALUE_EID_SIGNEDAUTHBLOCK, null, byte[].class); - } - - @Override - public void setSignedAuthBlock(final byte[] signedConsent) { - authProcessData.put(VALUE_EID_SIGNEDAUTHBLOCK, signedConsent); - - } - - @Override - public AuthHandlerConstants.AuthBlockType getSignedAuthBlockType() { - return wrapStoredObject(VALUE_EID_SIGNEDAUTHBLOCK_TYPE, AuthHandlerConstants.AuthBlockType.NONE, - AuthHandlerConstants.AuthBlockType.class); - } - - @Override - public void setSignedAuthBlockType(final AuthHandlerConstants.AuthBlockType authBlockType) { - authProcessData.put(VALUE_EID_SIGNEDAUTHBLOCK_TYPE, authBlockType); - - } - - @Override - public ISignedMandate getMandateDate() { - return wrapStoredObject(VALUE_EID_MIS_MANDATE, null, ISignedMandate.class); - - } - - @Override - public void setMandateDate(final ISignedMandate mandateDate) { - authProcessData.put(VALUE_EID_MIS_MANDATE, mandateDate); - - } - - @Override - public String getInternalBpk() { - return wrapStoredObject(VALUE_INTERNAL_BPK, null, String.class); - } - - @Override - public void setInternalBpk(final String bpk) { - authProcessData.put(VALUE_INTERNAL_BPK, bpk); - - } - - @Override - public String getInternalBpkType() { - return wrapStoredObject(VALUE_INTERNAL_BPKYPE, null, String.class); - - } - - @Override - public void setInternalBpkType(final String bpkType) { - authProcessData.put(VALUE_INTERNAL_BPKYPE, bpkType); - - } - - @Override - public boolean isElgaMandateProcess() { - return wrapStoredObject(VALUE_INTERNAL_MANDATE_ELGA_PROCESS, false, Boolean.class); - - } - - @Override - public void setElgaMandateProcess(boolean flag) { - authProcessData.put(VALUE_INTERNAL_MANDATE_ELGA_PROCESS, flag); - - } - - @Override - public boolean isVdaAuthentication() { - return wrapStoredObject(VALUE_INTERNAL_VDA_AUTHENTICATION_PROCESS, false, Boolean.class); - - } - - @Override - public void setVdaAuthentication(boolean flag) { - authProcessData.put(VALUE_INTERNAL_VDA_AUTHENTICATION_PROCESS, flag); - - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhExtendedPvpAttributeDefinitions.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhExtendedPvpAttributeDefinitions.java deleted file mode 100644 index b74767de..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhExtendedPvpAttributeDefinitions.java +++ /dev/null @@ -1,24 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; - -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class AhExtendedPvpAttributeDefinitions implements ExtendedPvpAttributeDefinitions { - private static final Logger log = - LoggerFactory.getLogger(AhExtendedPvpAttributeDefinitions.class); - - private AhExtendedPvpAttributeDefinitions() { - log.trace("Instance class: {} for SonarQube", - AhExtendedPvpAttributeDefinitions.class.getName()); - - } - - public static final String EID_BCBIND_NAME = "urn:eidgvat:attributes.bcbind"; - public static final String EID_BCBIND_FRIENDLY_NAME = "bcBind"; - - public static final String EID_BINDING_PUBKEY_NAME = "urn:eidgvat:attributes.binding.pubkey"; - public static final String EID_BINDING_PUBKEY_FRIENDLY_NAME = "BindingPubKey"; - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AuthHandlerConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AuthHandlerConstants.java deleted file mode 100644 index 1bbc31e0..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AuthHandlerConstants.java +++ /dev/null @@ -1,141 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; - - -public class AuthHandlerConstants { - - private AuthHandlerConstants() { - - } - - // TODO: maybe update to another target - public static final String DEFAULT_INTERNAL_BPK_TARGET = "urn:publicid:gv.at:cdid+ZP-MH"; - - // configuration parameters - public static final String PROP_CONFIG_APPLICATION_PREFIX = "authhandler."; - public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX = "core.context.url.prefix"; - public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION = - "core.context.url.request.validation"; - public static final String PROP_CONFIG_LEGACY_ALLOW = "core.legacy.allowLegacyMode"; - - public static final String PROP_CONFIG_WEBCONTENT_STATIC_PATH = - "core.webcontent.static.directory"; - public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH = "core.webcontent.templates"; - public static final String PROP_CONFIG_WEBCONTENT_PROPERTIES_PATH = "core.webcontent.properties"; - - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_NAME = "core.cache.transaction.name"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_ENABLED = - "core.cache.transaction.encryption.enabled"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEY_TYPE = - "core.cache.transaction.encryption.type"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_PASSPHRASE = - "core.cache.transaction.encryption.passphrase"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_SALT = - "core.cache.transaction.encryption.salt"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEYSTORE_NAME = - "core.cache.transaction.encryption.keystore.name"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEY_ALIAS = - "core.cache.transaction.encryption.key.alias"; - - public static final String PROP_CONFIG_CACHE_ATTRIBUTEPROXY_NAME = - "core.cache.attributeproxy.name"; - - public static final String PROP_CONFIG_BACKEND_ENDPOINT_GETALLSUPPORTEDATTRIBUTES = - "backend.endpoints.getallsupportedattributes"; - public static final String PROP_CONFIG_BACKEND_ENDPOINT_GETAPPLICATIONCONFIGURATION = - "backend.endpoints.getapplicationconfiguration"; - - public static final String PROP_CONFIG_INTERNAL_BPK_TARGET = "core.internal.bpk.target"; - - public static final String PROP_CONFIG_INTERNAL_FRONTEND_ONLY_MODE = "core.internal.frontend.only.mode"; - public static final boolean PROP_DEFAULT_CONFIG_INTERNAL_FRONTEND_ONLY_MODE = false; - - // Servlet End-Points - public static final String ENDPOINT_PROCESSENGINE_CONTROLLER = "/api/process"; - public static final String ENDPOINT_ERROR_IFRAME_HOPPING = "/error/parenthop"; - - - // GUI template directories - public static final String CLASSPATH_TEMPLATE_DIR = "/templates/"; - public static final String FILESYSTEM_TEMPLATE_DIR = "./templates/"; - public static final String TEMPLATE_HTML_ERROR = "error_message.html"; - - // GUI template defaultfiles - public static final String TEMPLATE_AUTHPROCESS_SELECTION_VDA_FULLFRAME = "authSelection.html"; - public static final String TEMPLATE_AUTHPROCESS_SELECTION_VDA_IFRAME = "authSelection_iframe.html"; - public static final String TEMPLATE_USER_CONSENT_REQUEST = "userConsent.html"; - public static final String TEMPLATE_IFRAME_TO_PARENT_HOPE = "iframe_parent_hope.html"; - public static final String TEMPLATE_MANDATE_SELECTION = "mandateSelection.html"; - public static final String TEMPLATE_PROF_REP_MANDATE_SELECTION = "profRepMandateSelection.html"; - public static final String TEMPLATE_MANDATE_SELECTION_DUMMY = "mandateSelection_dummy.html"; - - - - // http request parameters - public static final String HTTP_PARAM_APPLICATION_ID = "appId"; - public static final String HTTP_PARAM_STOP_PROCESS = "stopAuthProcess"; - public static final String HTTP_PARAM_EIDAS_PROCESS = "useeIDAS"; - public static final String HTTP_PARAM_EID_PROCESS = "useeID"; - public static final String HTTP_PARAM_EID_BINDING_AUTH_PROCESS = "useBindingAuth"; - public static final String HTTP_PARAM_USE_MANDATES = "useMandate"; - public static final String HTTP_PARAM_AUTHMETHOD = "authMethod"; - public static final String HTTP_PARAM_CONSENT_RELEASE_ATTRIBUTES = "releaseAttributes"; - public static final String HTTP_PARAM_CONSENT_STORE_CONSENT = "storeConsent"; - - @Deprecated - public static final String HTTP_PARAM_EIDMIGRATIONPILOT_PROCESS = "pilotMigration"; - @Deprecated - public static final String HTTP_PARAM_EIDMIGRATIONPILOT_SHOW_INFO_PAGE = "pilotMigrationInfoPage"; - @Deprecated - public static final String HTTP_PARAM_MOBILESIGNATURE_PROCESS = "usemobileSig"; - - // UI options - public static final String UI_PARAM_USE_MANDATES = HTTP_PARAM_USE_MANDATES; - public static final String UI_PARAM_USE_ONLY_MANDATES = "useOnlyMandate"; - public static final String UI_PARAM_USE_EIDAS = HTTP_PARAM_EIDAS_PROCESS; - public static final String UI_PARAM_DSGVO_SHORT_INFO = "dsgvoShortText"; - public static final String UI_PARAM_DSGVO_SP_PRIVACY_STATEMENT_URL = "dsgvoPrivacyStatementUrl"; - public static final String UI_PARAM_DSGVO_SP_SERVICE_URL = "dsgvoServiceUrl"; - public static final String UI_PARAM_DSGVO_SP_LOGO = "dsgvoSpLogo"; - public static final String UI_PARAM_DSGVO_SP_LOGO_SET = "dsgvoSpLogoSet"; - public static final String UI_PARAM_DSGVO_SP_LOGO_SET_DATAURL = "dataUrl"; - public static final String UI_PARAM_DSGVO_SP_LOGO_SET_THEME = "theme"; - public static final String UI_PARAM_DSGVO_SP_LOGO_SET_RESOLUTION = "resolution"; - public static final String UI_PARAM_DSGVO_SP_LOGO_SET_TYPE = "type"; - - public enum LogoType { SVG, PNG, UNKNOWN } - - public enum AuthBlockType { - CADES("CAdES"), JWS("JWS"), NONE("none"); - - private final String internalType; - - AuthBlockType(final String type) { - this.internalType = type; - - } - - /** - * Get Type identifier for this AuthBlock. - * - * @return - */ - public String getAuthBlockType() { - return this.internalType; - } - - @Override - public String toString() { - return getAuthBlockType(); - - } - } - - // process context parameters - public static final String PROCESSCONTEXT_USERCONSENT_NEEDED = "userConsentNeeded"; - public static final String PROCESSCONTEXT_AUTHPROCESSSELECTION_DONE = "authProcSelectDone"; - public static final String PROCESSCONTEXT_SWITCH_LANGUAGE = "changeLanguage"; - public static final String PROCESSCONTEXT_IFRAME_PARENT_NEEDED = "iframeParentNeeded"; - - public static final String PROCESSCONTEXT_WAS_EID_PROCESS = "wasEidProcess"; - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhAuthProcessData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhAuthProcessData.java deleted file mode 100644 index 47d3d37c..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhAuthProcessData.java +++ /dev/null @@ -1,190 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; - -import java.security.cert.X509Certificate; - -import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; - -public interface IAhAuthProcessData extends IAuthProcessDataContainer { - - /** - * Get the certificate that was used to sign the Consent. - * - * @return {@link X509Certificate} - */ - X509Certificate getSignerCertificate(); - - /** - * Get the certificate that was used to sign the Consent. - * - * @return Serialized certificate - */ - byte[] getEncodedSignerCertificate(); - - /** - * Set the certificate that was used to sign the Consent. - * - * @param signerCertificate Signer certificate of the user - */ - void setSignerCertificate(X509Certificate signerCertificate); - - - /** - * Get URL to VDA that was used for authentication. - * - * @return - */ - String getVdaUrl(); - - /** - * Set URL to VDA that was used for authentication. - * - * @param vdaUrl URL to VDA that was used for authentication - */ - void setVdaUrl(String vdaUrl); - - /** - * Get the reference-value that used to interact with MIS service. - * - * @return - */ - String getMandateReferenceValue(); - - /** - * Set the reference-value that used to interact with MIS service. - * - * @param refValue Mandate reference value - */ - void setMandateReferenceValue(String refValue); - - /** - * Get the qcBind of the user that was received by VDA or other storage during authentication. - * - * @return - */ - String getQcBind(); - - /** - * Set the qcBind of the user that was received by VDA or other storage during authentication. - * - * @param qcBind raw qcBind data-structure (serialized JSON) - */ - void setQcBind(String qcBind); - - /** - * Get the vSZ of the user. - * - * @return - */ - String getVsz(); - - /** - * Set the vSZ of the user. - * - * @param vsz user's encrypted baseId - */ - void setVsz(String vsz); - - /** - * Get the signed AuthBlock of the user. - * - * @return - */ - byte[] getSignedAuthBlock(); - - /** - * Set the signed AuthBlock of the user. - * - * @param authBlock raw signed consent - */ - void setSignedAuthBlock(byte[] authBlock); - - /** - * Get a textual type identifier of the AuthBlock. - * - * @return AuthBlock type - */ - AuthHandlerConstants.AuthBlockType getSignedAuthBlockType(); - - /** - * Set a textual identifier for the type of the AuthBlock. - * - * @param authBlockType AuthBlock type - */ - void setSignedAuthBlockType(final AuthHandlerConstants.AuthBlockType authBlockType); - - /** - * Get the selected mandate of the user that was issued by MIS. - * - * @return - */ - ISignedMandate getMandateDate(); - - /** - * Set the selected mandate of the user that is issued by MIS. - * - * @param signedMandate Raw mandate structure for E-ID backend - */ - void setMandateDate(ISignedMandate signedMandate); - - - /** - * Get bPK for this entity.
- * THIS bPK is only for AuthHandler internal usage - * - * @return bPK, or null if no bPK is set - */ - String getInternalBpk(); - - /** - * Get bPK type for this entity.
- * THIS bPK is only for AuthHandler internal usage - * - * @return bPKType, or null if no bPKType is set - */ - String getInternalBpkType(); - - /** - * Set the bPK for INTERNAL USAGE of the current entity. - * - * @param bpk bPK for internal usage - */ - void setInternalBpk(String bpk); - - /** - * Set the bPK for INTERNAL USAGE of the current entity. - * - * @param bpkType bPK for internal usage - */ - void setInternalBpkType(String bpkType); - - - /** - * Indicate if the current process uses ELGA mandates. - * - * @return true if ELGA mandates are used, otherwise false - */ - boolean isElgaMandateProcess(); - - /** - * Set flag if the current process is an ELGA mandate process. - * - * @param flag true if it is an ELGA mandate-process, otherwise false - */ - void setElgaMandateProcess(boolean flag); - - - /** - * Indicate if the current process was authenticated by a VDA. - * - * @return true if the current process was authenticated by VDA, otherwise false - */ - boolean isVdaAuthentication(); - - /** - * Set flag that indicates if the current process was authenticated by a VDA. - * - * @param flag true in case of VDA authentication, otherwise false - */ - void setVdaAuthentication(boolean flag); - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhSpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhSpConfiguration.java deleted file mode 100644 index 081b215a..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhSpConfiguration.java +++ /dev/null @@ -1,151 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; - -import java.util.List; - -import javax.annotation.Nonnull; -import javax.annotation.Nullable; - -import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; -import at.gv.egiz.eaaf.core.impl.data.Pair; - -public interface IAhSpConfiguration extends ISpConfiguration { - - - /** - * Flag if this Service Provider is enabled. - * - * @return true if the SP is enabled, otherwise false - */ - boolean isEnabled(); - - /** - * Get unique identifier that is used in Application-Register from BM.I. - * - *

If no BM.I specific identifier is available then this method returns - * the same identifier as getUniqueIdentifier()

Default: If it is not set or has an unknown value, its private by default

A restricted service-provider can only used by test-identities that contains a - * valid application-restriction in User-Certificate Pinning

- * - *

Default: true

- * - * @return true if it is restricted, otherwise false - */ - boolean isRestrictedServiceProvider(); - - - /** - * Defines the time in minutes how long the last VDA registration h@Override - ave passed as maximum. - * - * @return time in minutes - */ - long lastVdaAuthenticationDelay(); - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IRawMandateDao.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IRawMandateDao.java deleted file mode 100644 index 7e3b2aa1..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IRawMandateDao.java +++ /dev/null @@ -1,32 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; - -import java.io.Serializable; -import java.util.Date; - -public interface IRawMandateDao extends Serializable { - - boolean isNaturalPerson(); - - boolean isProfRepresentation(); - - String getIdentifier(); - - String getIdentifierType(); - - String getGivenName(); - - String getFamilyName(); - - Date getDateOfBirth(); - - String getCommonName(); - - String getMandateTypeOid(); - - String getMandateAnnotation(); - - String getMandateId(); - - String getMandateContent(); - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/ISignedMandate.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/ISignedMandate.java deleted file mode 100644 index edd167fb..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/ISignedMandate.java +++ /dev/null @@ -1,19 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; - -public interface ISignedMandate extends IRawMandateDao { - - /** - * Get the full signed mandate issued by the MIS component. - * - * @return serialized JWS that contains the mandate - */ - String getSignedMandate(); - - /** - * Get formated date-of-birth. - * - * @return date-of-birth as 'yyyy-MM-dd' - */ - String getDateOfBirthFormated(); - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java index 7d8b9dc8..1a590aa1 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java @@ -58,6 +58,7 @@ public class IdAustriaClientAuthConstants { public static final String CONFIG_PROPS_REQUIRED_LOA = CONFIG_PROPS_PREFIX + "required.loa"; public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "node.entityId"; + public static final String CONFIG_PROPS_SP_ENTITYID = CONFIG_PROPS_PREFIX + "sp.entityId"; public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "node.metadataUrl"; public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID"; @@ -77,55 +78,9 @@ public class IdAustriaClientAuthConstants { public static final String CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL = "auth.eidas.node.entityId"; - public static final String CONFIG_PROPS_SEMPER_MANDATES_ACTIVE = CONFIG_PROPS_PREFIX - + "semper.mandates.active"; - public static final String CONFIG_PROPS_SEMPER_MANDATES_MS_PROXY_LIST = CONFIG_PROPS_PREFIX - + "semper.msproxy.list"; public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EaafConstants.EIDAS_LOA_HIGH; - @Deprecated - public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES_WITHOUT_EID = - Collections.unmodifiableList(new ArrayList>() { - private static final long serialVersionUID = 1L; - { - // add PVP Version attribute - add(Triple.newInstance(PvpAttributeDefinitions.PVP_VERSION_NAME, - PvpAttributeDefinitions.PVP_VERSION_FRIENDLY_NAME, true)); - - // request entity information - add(Triple.newInstance(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, - PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false)); - add(Triple.newInstance(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, - PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true)); - add(Triple.newInstance(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, - PvpAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, true)); - - // entity eID information - add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME, - AhExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, false)); - add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME, - AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, false)); - - // Deprecated information - add(Triple.newInstance(PvpAttributeDefinitions.GIVEN_NAME_NAME, - PvpAttributeDefinitions.GIVEN_NAME_FRIENDLY_NAME, false)); - add(Triple.newInstance(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, - PvpAttributeDefinitions.PRINCIPAL_NAME_FRIENDLY_NAME, false)); - add(Triple.newInstance(PvpAttributeDefinitions.BIRTHDATE_NAME, - PvpAttributeDefinitions.BIRTHDATE_FRIENDLY_NAME, false)); - add(Triple.newInstance(PvpAttributeDefinitions.BPK_NAME, PvpAttributeDefinitions.BPK_FRIENDLY_NAME, - false)); - add(Triple.newInstance(PvpAttributeDefinitions.EID_IDENTITY_LINK_NAME, - PvpAttributeDefinitions.EID_IDENTITY_LINK_FRIENDLY_NAME, false)); - - //request pII transactionId from MS-Connector - add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, - ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_FRIENDLY_NAME, false)); - - } - }); - public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES = Collections.unmodifiableList(new ArrayList>() { private static final long serialVersionUID = 1L; @@ -141,10 +96,10 @@ public class IdAustriaClientAuthConstants { PvpAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, true)); // entity eID information - add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME, - AhExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, true)); - add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME, - AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, true)); + add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME, + ExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, true)); + add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME, + ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, true)); //request pII transactionId from MS-Connector add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java index 93aefb42..4e7f86f1 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java @@ -356,18 +356,12 @@ public class IdAustriaClientAuthMetadataConfiguration implements IPvpMetadataBui public Collection getSpRequiredAttributes() { final Map requestedAttributes = new HashMap<>(); - if (pvpConfiguration.getBasicConfiguration().getBasicConfigurationBoolean( - AuthHandlerConstants.PROP_CONFIG_LEGACY_ALLOW, false)) { - log.trace("Build required attributes for legacy operaton ... "); - injectDefinedAttributes(requestedAttributes, - IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES_WITHOUT_EID); - } else { - log.trace("Build required attributes for E-ID operaton ... "); - injectDefinedAttributes(requestedAttributes, - IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES); + log.trace("Build required attributes for E-ID operaton ... "); + injectDefinedAttributes(requestedAttributes, + IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES); + - } if (additionalAttributes != null) { log.trace("Add additional PVP attributes into metadata ... "); @@ -376,9 +370,7 @@ public class IdAustriaClientAuthMetadataConfiguration implements IPvpMetadataBui log.debug("Attribute " + el.getName() + " is already added by default configuration. Overwrite it by user configuration"); } - requestedAttributes.put(el.getName(), el); - } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/MisException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/MisException.java deleted file mode 100644 index 71826d23..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/MisException.java +++ /dev/null @@ -1,17 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; - -import at.gv.egiz.eaaf.core.exceptions.EaafException; - -public class MisException extends EaafException { - - private static final long serialVersionUID = 1L; - - public MisException(final String errorId, final Object[] params) { - super(errorId, params); - } - - public MisException(final String errorId, final Object[] params, final Throwable e) { - super(errorId, params, e); - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java index aa8deb2b..546a2039 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java @@ -27,7 +27,6 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustri import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthRequestBuilderConfiguration; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IAhSpConfiguration; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; @@ -117,9 +116,8 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet IdAustriaClientAuthConstants.CONFIG_PROPS_REQUIRED_LOA, IdAustriaClientAuthConstants.CONFIG_DEFAULT_LOA_EIDAS_LEVEL)); - authnReqConfig.setScopeRequesterId( - pendingReq.getServiceProviderConfiguration(IAhSpConfiguration.class) - .getUniqueApplicationRegisterIdentifier()); + authnReqConfig.setScopeRequesterId(authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_SP_ENTITYID)); authnReqConfig.setProviderName(pendingReq.getServiceProviderConfiguration().getFriendlyName()); authnReqConfig.setRequestedAttributes(buildRequestedAttributes(pendingReq)); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java index 9e6aa7cc..9d30b581 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java @@ -29,20 +29,15 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.AhAuthProcessDataWrapper; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.AuthHandlerConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.EidasAuthEventConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.MisException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; -import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; @@ -78,10 +73,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.transform.TransformerException; import java.io.IOException; -import java.util.Arrays; -import java.util.Base64; import java.util.List; -import java.util.Set; /** * Task that searches ErnB and ZMR before adding person to SZR. @@ -211,10 +203,10 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends requestStoreage.storePendingRequest(pendingReq); //set E-ID process flag to execution context - final AhAuthProcessDataWrapper session = pendingReq.getSessionData( - AhAuthProcessDataWrapper.class); - executionContext.put(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS, session.isEidProcess()); - executionContext.put(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES, session.isMandateUsed()); + // final AhAuthProcessDataWrapper session = pendingReq.getSessionData( + // AhAuthProcessDataWrapper.class); + // executionContext.put(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS, session.isEidProcess()); + // executionContext.put(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES, session.isMandateUsed()); log.info("Receive a valid assertion from IDP " + msg.getEntityID()); @@ -337,15 +329,6 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends throws EaafBuilderException, ConfigurationException { List requiredEidasNodeAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES; - if (authConfig.getBasicConfigurationBoolean( - AuthHandlerConstants.PROP_CONFIG_LEGACY_ALLOW, false)) { - log.trace("Build required attributes for legacy operaton ... "); - requiredEidasNodeAttributes = Arrays.asList( - PvpAttributeDefinitions.PVP_VERSION_NAME, - PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, - PvpAttributeDefinitions.EID_ISSUING_NATION_NAME); - - } try { // check if all attributes are include @@ -359,14 +342,14 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends } // copy attributes into MOASession - final AhAuthProcessDataWrapper session = pendingReq.getSessionData( - AhAuthProcessDataWrapper.class); - final Set includedAttrNames = extractor.getAllIncludeAttributeNames(); - for (final String attrName : includedAttrNames) { - injectAuthInfosIntoSession(session, attrName, - extractor.getSingleAttributeValue(attrName)); - - } + // final AhAuthProcessDataWrapper session = pendingReq.getSessionData( + // AhAuthProcessDataWrapper.class); + // final Set includedAttrNames = extractor.getAllIncludeAttributeNames(); + // for (final String attrName : includedAttrNames) { + // injectAuthInfosIntoSession(session, attrName, + // extractor.getSingleAttributeValue(attrName)); + // + // } //set piiTransactionId from eIDAS Connector String piiTransactionId = extractor.getSingleAttributeValue( @@ -381,58 +364,58 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends } // set foreigner flag - session.setForeigner(true); + // session.setForeigner(true); // set IssuerInstant from Assertion - session.setIssueInstant(extractor.getAssertionIssuingDate()); + // session.setIssueInstant(extractor.getAssertionIssuingDate()); // set CCE URL - if (extractor.getFullAssertion().getIssuer() != null - && StringUtils.isNotEmpty(extractor.getFullAssertion().getIssuer().getValue())) { - session.setVdaUrl(extractor.getFullAssertion().getIssuer().getValue()); + //if (extractor.getFullAssertion().getIssuer() != null + //&& StringUtils.isNotEmpty(extractor.getFullAssertion().getIssuer().getValue())) { + // session.setVdaUrl(extractor.getFullAssertion().getIssuer().getValue()); - } else { - session.setVdaUrl("eIDAS_Authentication"); + //} //else { + // session.setVdaUrl("eIDAS_Authentication"); - } + //} - } catch (final EaafStorageException | MisException | AssertionValidationExeption | IOException e) { + } catch (final AssertionValidationExeption e) { throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e); } } - private void injectAuthInfosIntoSession(AhAuthProcessDataWrapper session, String attrName, String attrValue) - throws EaafStorageException, MisException, IOException { - log.trace("Inject attribute: {} with value: {} into AuthSession", attrName, attrValue); - log.debug("Inject attribute: {} into AuthSession", attrName); - - if (ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME.equals(attrName)) { - log.debug("Find eidasBind attribute. Switching to E-ID mode ... "); - session.setEidProcess(true); - session.setQcBind(attrValue); - // session.setVsz(extractVszFromEidasBind(attrValue)); - //T - - } else if (ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME.equals(attrName)) { - session.setSignedAuthBlock(Base64.getDecoder().decode(attrValue)); - session.setSignedAuthBlockType(AuthHandlerConstants.AuthBlockType.JWS); - - } else if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) { - session.setQaaLevel(attrValue); - - // } else if (ExtendedPvpAttributeDefinitions.EID_MIS_MANDATE_NAME.equals(attrName) - // && authConfig.getBasicConfigurationBoolean( - // IdAustriaClientAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) { - // session.setMandateDate(new SignedMandateDao(attrValue)); - // session.setUseMandates(true); - // - } else { - session.setGenericDataToSession(attrName, attrValue); - - } - - } + // private void injectAuthInfosIntoSession(AhAuthProcessDataWrapper session, String attrName, String attrValue) + // throws EaafStorageException, MisException, IOException { + // log.trace("Inject attribute: {} with value: {} into AuthSession", attrName, attrValue); + // log.debug("Inject attribute: {} into AuthSession", attrName); + // + // if (ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME.equals(attrName)) { + // log.debug("Find eidasBind attribute. Switching to E-ID mode ... "); + // session.setEidProcess(true); + // session.setQcBind(attrValue); + // // session.setVsz(extractVszFromEidasBind(attrValue)); + // //T + // + // } else if (ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME.equals(attrName)) { + // session.setSignedAuthBlock(Base64.getDecoder().decode(attrValue)); + // session.setSignedAuthBlockType(AuthHandlerConstants.AuthBlockType.JWS); + // + // } else if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) { + // session.setQaaLevel(attrValue); + // + // // } else if (ExtendedPvpAttributeDefinitions.EID_MIS_MANDATE_NAME.equals(attrName) + // // && authConfig.getBasicConfigurationBoolean( + // // IdAustriaClientAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) { + // // session.setMandateDate(new SignedMandateDao(attrValue)); + // // session.setUseMandates(true); + // // + // } else { + // session.setGenericDataToSession(attrName, attrValue); + // + // } + // + // } private MergedRegisterSearchResult searchInZmrAndErnp(String bpkzp) { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskFirstTest.java deleted file mode 100644 index f2dc6d55..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskFirstTest.java +++ /dev/null @@ -1,463 +0,0 @@ -/* - * Copyright 2020 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeSpecificDetailSearchProcessor; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ItSpecificDetailSearchProcessor; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.InitialSearchTask; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; -import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; -import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; -import eu.eidas.auth.commons.attribute.AttributeDefinition; -import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; -import eu.eidas.auth.commons.attribute.PersonType; -import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse; -import lombok.val; -import org.apache.commons.lang3.RandomStringUtils; -import org.jetbrains.annotations.NotNull; -import org.junit.Assert; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.MockitoAnnotations; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.test.annotation.DirtiesContext; -import org.springframework.test.annotation.DirtiesContext.ClassMode; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; - -import javax.xml.namespace.QName; -import java.io.IOException; -import java.net.URI; -import java.net.URISyntaxException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Random; - -import static org.junit.Assert.assertThrows; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration(locations = { - "/SpringTest-context_tasks_test.xml", - "/SpringTest-context_basic_mapConfig.xml" -}) -@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) -public class InitialSearchTaskFirstTest { - - private static final String DE_ST = "de/st/"; - private static final String IT_ST = "it/st/"; - - private InitialSearchTask task; - @Mock - private IZmrClient zmrClient; - @Mock - private IErnpClient ernpClient; - - final ExecutionContext executionContext = new ExecutionContextImpl(); - private TestRequestImpl pendingReq; - private final String randomBpk = RandomStringUtils.randomNumeric(6); - private final String randomIdentifier = RandomStringUtils.randomNumeric(10); - private final String randomPseudonym = DE_ST + randomIdentifier; - private final String randomFamilyName = RandomStringUtils.randomAlphabetic(10); - private final String randomGivenName = RandomStringUtils.randomAlphabetic(10); - private final String randomPlaceOfBirth = RandomStringUtils.randomAlphabetic(10); - private final String randomBirthName = RandomStringUtils.randomAlphabetic(10); - private final String randomDate = "2011-01-" + (10 + new Random().nextInt(18)); - -// /** -// * jUnit class initializer. -// * -// * @throws IOException In case of an error -// */ -// @BeforeClass -// public static void classInitializer() throws IOException { -// final String current = new java.io.File(".").toURI().toString(); -// System.setProperty("eidas.ms.configuration", current -// + "src/test/resources/config/junit_config_1.properties"); -// } - - /** - * jUnit test set-up. - */ - @Before - public void setUp() throws URISyntaxException, EaafStorageException { - MockitoAnnotations.initMocks(this); - task = new InitialSearchTask(new ArrayList<>(), ernpClient, zmrClient); - - MockHttpServletRequest httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); - MockHttpServletResponse httpResp = new MockHttpServletResponse(); - RequestContextHolder.resetRequestAttributes(); - RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - - final AuthenticationResponse response = buildDummyAuthResponseRandomPerson(); - pendingReq = new TestRequestImpl(); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - } - - /** - * One match, but register update needed - */ - @Test - @DirtiesContext - public void testNode100_UserIdentifiedUpdateNecessary_a() throws Exception { - String newFirstName = RandomStringUtils.randomAlphabetic(10); - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList( - new RegisterResult(randomBpk, randomIdentifier, newFirstName, randomFamilyName, randomDate))); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - - task.execute(pendingReq, executionContext); - String bPk = (String) - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - - Assert.assertEquals("Wrong bpk", bPk, randomBpk); - } - - /** - * One match, but register update needed - */ - @Test - @DirtiesContext - public void testNode100_UserIdentifiedUpdateNecessary_b() throws TaskExecutionException { - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - String newRandomGivenName = RandomStringUtils.randomAlphabetic(10); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList( - new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomDate))); - - task.execute(pendingReq, executionContext); - String bPk = (String) - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - - Assert.assertEquals("Wrong bpk", bPk, randomBpk); - } - - /** - * Two matches found in ZMR - */ - @Test - @DirtiesContext - public void testNode101_ManualFixNecessary_a() { - ArrayList zmrResult = new ArrayList<>(); - zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate)); - String newRandomGivenName = randomGivenName + RandomStringUtils.randomAlphabetic(2); - zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomDate)); - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - - TaskExecutionException exception = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq, executionContext)); - - Throwable origE = exception.getOriginalException(); - Assert.assertTrue("Wrong exception", (origE.getCause() instanceof ManualFixNecessaryException)); - } - - - /** - * Two matches found in ErnP - */ - @Test - @DirtiesContext - public void testNode101_ManualFixNecessary_b() { - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - ArrayList ernpResult = new ArrayList<>(); - ernpResult.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName, randomFamilyName, randomDate)); - String newRandomGivenName = randomGivenName + RandomStringUtils.randomAlphabetic(2); - ernpResult.add( - new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomDate)); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - - TaskExecutionException exception = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq, executionContext)); - - Throwable origE = exception.getOriginalException(); - Assert.assertTrue("Wrong exception", (origE.getCause() instanceof ManualFixNecessaryException)); - } - - /** - * One match, no register update needed - */ - @Test - @DirtiesContext - public void testNode102_UserIdentified_a() throws Exception { - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList( - new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate))); - - task.execute(pendingReq, executionContext); - String bPk = (String) - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertEquals("Wrong bpk", bPk, randomBpk); - } - - /** - * One match, no register update needed - */ - @Test - @DirtiesContext - public void testNode102_UserIdentified_b() throws Exception { - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList( - new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate))); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - - task.execute(pendingReq, executionContext); - - String bPk = (String) - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertEquals("Wrong bpk", bPk, randomBpk); - } - - /** - * One match found in ZMR and ErnP with detail search - */ - @Test - @DirtiesContext - public void testNode103_UserIdentified_IT() throws Exception { - String taxNumber = RandomStringUtils.randomNumeric(14); - final AuthenticationResponse response = buildDummyAuthResponseRandomPersonIT_Tax(taxNumber); - TestRequestImpl pendingReq1 = new TestRequestImpl(); - pendingReq1.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - String newRandomIdentifier = randomIdentifier + RandomStringUtils.randomNumeric(2); - Mockito.when(zmrClient.searchItSpecific(taxNumber)).thenReturn(Collections.singletonList( - new RegisterResult(randomBpk, newRandomIdentifier, randomGivenName, randomFamilyName, - randomDate, null, null, taxNumber, null))); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - task = new InitialSearchTask( - Collections.singletonList(new ItSpecificDetailSearchProcessor(ernpClient, zmrClient)), - ernpClient, zmrClient); - - task.execute(pendingReq1, executionContext); - - String bPk = (String) - pendingReq1.getSessionData(AuthProcessDataWrapper.class) - .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertEquals("Wrong bpk", bPk, randomBpk); - } - - /** - * Multiple matches found in ZMR and ErnP with detail search - */ - @Test - @DirtiesContext - public void testNode103_UserIdentified_DE() throws Exception { - final AuthenticationResponse response = buildDummyAuthResponseDE(randomGivenName, randomFamilyName, - randomPseudonym, - randomDate, randomPlaceOfBirth, randomBirthName); - TestRequestImpl pendingReq1 = new TestRequestImpl(); - pendingReq1.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomDate, randomPlaceOfBirth, - randomBirthName)) - .thenReturn(Collections.singletonList(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, - randomFamilyName, randomDate, randomPlaceOfBirth, randomBirthName, null, null))); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - task = new InitialSearchTask( - Collections.singletonList(new DeSpecificDetailSearchProcessor(ernpClient, zmrClient)), - ernpClient, zmrClient); - - task.execute(pendingReq1, executionContext); - - String resultBpk = (String) - pendingReq1.getSessionData(AuthProcessDataWrapper.class) - .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertEquals("Wrong bpk", resultBpk, randomBpk); - } - - /** - * Multiple matches found in ZMR and ErnP with detail search - */ - @Test - @DirtiesContext - public void testNode104_ManualFixNecessary_DE() throws Exception { - String newRandomPseudonym = randomPseudonym + RandomStringUtils.randomNumeric(2); - String newRandomBpk = randomBpk + RandomStringUtils.randomNumeric(6); - final AuthenticationResponse response = buildDummyAuthResponseDE(randomGivenName, randomFamilyName, - randomPseudonym, - randomDate, randomPlaceOfBirth, randomBirthName); - TestRequestImpl pendingReq1 = new TestRequestImpl(); - pendingReq1.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - ArrayList zmrResultSpecific = new ArrayList<>(); - zmrResultSpecific.add( - new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate, - randomPlaceOfBirth, randomBirthName, null, null)); - zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName, randomFamilyName, randomDate, - randomPlaceOfBirth, randomBirthName, null, null)); - Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomDate, randomPlaceOfBirth, - randomBirthName)).thenReturn(zmrResultSpecific); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - task = new InitialSearchTask( - Collections.singletonList(new DeSpecificDetailSearchProcessor(ernpClient, zmrClient)), - ernpClient, zmrClient); - - TaskExecutionException exception = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq1, executionContext)); - - Throwable origE = exception.getOriginalException(); - Assert.assertTrue("Wrong exception", (origE.getCause() instanceof ManualFixNecessaryException)); - } - - /** - * Multiple matches found in ZMR and ErnP with detail search - */ - @Test - @DirtiesContext - public void testNode104_ManualFixNecessary_IT() throws Exception { - String randomTaxNumber = RandomStringUtils.randomNumeric(14); - final AuthenticationResponse response = buildDummyAuthResponseRandomPersonIT_Tax(randomTaxNumber); - TestRequestImpl pendingReq1 = new TestRequestImpl(); - pendingReq1.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - ArrayList zmrResultSpecific = new ArrayList<>(); - String randomPseudonym = IT_ST + randomIdentifier + "4"; - zmrResultSpecific.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName, - randomFamilyName, randomDate, null, null, randomTaxNumber, null)); - String newRandomPseudonym = IT_ST + randomIdentifier + "5"; - String newRandomBpk = RandomStringUtils.randomNumeric(6); - zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName, - randomFamilyName, randomDate, null, null, randomTaxNumber, null)); - Mockito.when(zmrClient.searchItSpecific(randomTaxNumber)).thenReturn(zmrResultSpecific); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - task = new InitialSearchTask( - Collections.singletonList(new ItSpecificDetailSearchProcessor(ernpClient, zmrClient)), - ernpClient, zmrClient); - - TaskExecutionException exception = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq1, executionContext)); - - Throwable origE = exception.getOriginalException(); - Assert.assertTrue("Wrong exception", (origE.getCause() instanceof ManualFixNecessaryException)); - } - - /** - * NO match found in ZMR and ErnP with Initial search - */ - @Test - @DirtiesContext - public void testNode105_TemporaryEnd() throws TaskExecutionException { - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - - task.execute(pendingReq, executionContext); - - String bPk = (String) - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertEquals("Wrong bpk", "TODO-Temporary-Endnode-105", bPk); - } - - - @NotNull - private AuthenticationResponse buildDummyAuthResponseRandomPerson() throws URISyntaxException { - return buildDummyAuthResponse(randomGivenName, randomFamilyName, DE_ST + randomIdentifier, randomDate); - } - - private AuthenticationResponse buildDummyAuthResponseRandomPersonIT_Tax(String taxNumber) - throws URISyntaxException { - return buildDummyAuthResponse(randomGivenName, randomFamilyName, IT_ST + randomIdentifier, randomDate, - taxNumber, null, null); - } - - @NotNull - private AuthenticationResponse buildDummyAuthResponse(String givenName, String familyName, String identifier, - String dateOfBirth) throws URISyntaxException { - return buildDummyAuthResponse(givenName, familyName, identifier, dateOfBirth, null, null, null); - } - - @NotNull - private AuthenticationResponse buildDummyAuthResponseDE(String givenName, String familyName, String identifier, - String dateOfBirth, String placeOfBirth, - String birthName) throws URISyntaxException { - return buildDummyAuthResponse(givenName, familyName, identifier, dateOfBirth, null, placeOfBirth, birthName); - } - - @NotNull - private AuthenticationResponse buildDummyAuthResponse(String givenName, String familyName, String identifier, - String dateOfBirth, String taxNumber, String placeOfBirth, - String birthName) throws URISyntaxException { - ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder() - .put(generateStringAttribute(Constants.eIDAS_ATTR_PERSONALIDENTIFIER, "ff", "af"), identifier) - .put(generateStringAttribute(Constants.eIDAS_ATTR_CURRENTFAMILYNAME, "fff", "aff"), familyName) - .put(generateStringAttribute(Constants.eIDAS_ATTR_CURRENTGIVENNAME, "ffff", "afff"), givenName) - .put(generateDateTimeAttribute(Constants.eIDAS_ATTR_DATEOFBIRTH, "fffff", "affff"), dateOfBirth); - if (taxNumber != null) { - builder.put(generateStringAttribute(Constants.eIDAS_ATTR_TAXREFERENCE, "ffffff", "afffff"), taxNumber); - } - if (birthName != null) { - builder.put(generateStringAttribute(Constants.eIDAS_ATTR_BIRTHNAME, "fffffff", "affffff"), birthName); - } - if (placeOfBirth != null) { - builder.put(generateStringAttribute(Constants.eIDAS_ATTR_PLACEOFBIRTH, "ffffffff", "afffffff"), - placeOfBirth); - } - final ImmutableAttributeMap attributeMap = builder.build(); - - val b = new AuthenticationResponse.Builder(); - return b.id("aasdf").issuer("asd").subject("asf").statusCode("200").inResponseTo("asdf").subjectNameIdFormat( - "afaf").attributes(attributeMap).build(); - } - - private AttributeDefinition