From 5649772eedcb67d79ebb95e2074455bef6d3ba56 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Thu, 3 Dec 2020 10:13:44 +0100 Subject: general workflow steps 1-8 --- .../src/main/resources/eIDAS.Authentication.process.xml | 4 ++++ .../authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml | 4 ++++ 2 files changed, 8 insertions(+) (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index 55bb1ace..e199d379 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -10,6 +10,8 @@ class="FinalizeAuthenticationTask" /> + @@ -18,6 +20,8 @@ + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 6cc704ab..9c28bf07 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -87,4 +87,8 @@ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask" scope="prototype" /> + + \ No newline at end of file -- cgit v1.2.3 From 078fb6a05a4bff2bb7595458b4154f76fe1caea7 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Fri, 4 Dec 2020 12:59:42 +0100 Subject: added dummy ZMR & ERnB client --- .../auth/eidas/v2/dao/InitialSearchResult.java | 12 -- .../eidas/v2/dao/MergedRegisterSearchResult.java | 16 ++ .../modules/auth/eidas/v2/dao/RegisterResult.java | 59 ++++++++ .../modules/auth/eidas/v2/dao/SimpleEidasData.java | 52 +++++++ .../auth/eidas/v2/ernb/DummyErnbClient.java | 49 ++++++ .../modules/auth/eidas/v2/ernb/IErnbClient.java | 12 ++ .../v2/exception/ManualFixNecessaryException.java | 6 +- .../eidas/v2/handler/AbstractEidProcessor.java | 136 ++++------------- .../ICountrySpecificDetailSearchProcessor.java | 6 +- .../auth/eidas/v2/tasks/InitialSearchTask.java | 147 +++++++++++++----- .../auth/eidas/v2/utils/EidasResponseUtils.java | 168 +++++++++++++++++++++ .../modules/auth/eidas/v2/zmr/DummyZmrClient.java | 49 ++++++ .../modules/auth/eidas/v2/zmr/IZmrClient.java | 12 ++ .../src/main/resources/eidas_v2_auth.beans.xml | 6 + 14 files changed, 569 insertions(+), 161 deletions(-) delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/InitialSearchResult.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/DummyErnbClient.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/IErnbClient.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/InitialSearchResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/InitialSearchResult.java deleted file mode 100644 index 8fe69414..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/InitialSearchResult.java +++ /dev/null @@ -1,12 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; - -public class InitialSearchResult { - - int resultsZmr; - int resultsErnb; - - public int getResultCount() { - return resultsErnb + resultsZmr; - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java new file mode 100644 index 00000000..bc5b358d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java @@ -0,0 +1,16 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; + +import lombok.Data; + +import java.util.ArrayList; + +@Data public class MergedRegisterSearchResult { + + ArrayList resultsZmr = new ArrayList<>(); + ArrayList resultsErnb = new ArrayList<>(); + + public int getResultCount() { + return resultsZmr.size() + resultsErnb.size(); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java new file mode 100644 index 00000000..9509e7de --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java @@ -0,0 +1,59 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; + +import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; +import lombok.Data; + +@Data public class RegisterResult { + + // MDS + private String pseudonym = null; + private String givenName = null; + private String familyName = null; + private String dateOfBirth = null; + + // additional attributes + private String placeOfBirth = null; + private String birthName = null; + private String taxNumber = null; + private PostalAddressType address = null; + + /** + * Register search result. + * @param pseudonym The pseudonym + * @param givenName The givenName + * @param familyName The familyName + * @param dateOfBirth The dateOfBirth + * @param placeOfBirth The placeOfBirth + */ + public RegisterResult(String pseudonym, String givenName, String familyName, String dateOfBirth, + String placeOfBirth) { + this.pseudonym = pseudonym; + this.givenName = givenName; + this.familyName = familyName; + this.dateOfBirth = dateOfBirth; + this.placeOfBirth = placeOfBirth; + } + + /** + * Register search result. + * @param pseudonym The pseudonym + * @param givenName The givenName + * @param familyName The familyName + * @param dateOfBirth The dateOfBirth + * @param placeOfBirth The placeOfBirth + * @param birthName The birthName + * @param taxNumber The taxNumber + * @param address The address + */ + public RegisterResult(String pseudonym, String givenName, String familyName, String dateOfBirth, + String placeOfBirth, String birthName, String taxNumber, PostalAddressType address) { + this.pseudonym = pseudonym; + this.givenName = givenName; + this.familyName = familyName; + this.dateOfBirth = dateOfBirth; + this.placeOfBirth = placeOfBirth; + this.birthName = birthName; + this.taxNumber = taxNumber; + this.address = address; + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java new file mode 100644 index 00000000..0b116bfb --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java @@ -0,0 +1,52 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; + +import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; +import lombok.Data; +import org.joda.time.DateTime; + +import java.text.SimpleDateFormat; + +@Data public class SimpleEidasData { + + private String citizenCountryCode = null; + + // MDS + private String pseudonym = null; + private String givenName = null; + private String familyName = null; + private DateTime dateOfBirth = null; + + // additional attributes + private String placeOfBirth = null; + private String birthName = null; + private PostalAddressType address = null; + private String taxNumber; + + public String getFormatedDateOfBirth() { + return new SimpleDateFormat("yyyy-MM-dd").format(dateOfBirth.toDate()); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/DummyErnbClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/DummyErnbClient.java new file mode 100644 index 00000000..8b2379bf --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/DummyErnbClient.java @@ -0,0 +1,49 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import org.springframework.stereotype.Service; + +import java.util.ArrayList; + +@Service("ErnbClientForeIDAS") +public class DummyErnbClient implements IErnbClient { + + @Override + public ArrayList searchWithPersonIdentifer(String personIdentifer) { + switch (personIdentifer) { + case "a12345": + case "a12345-": + return result1(); + case "a123456": + return result2(); + default: + return resultEmpty(); + } + } + + @Override + public ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth) { + return resultEmpty();//TODO will I only receive matches where all three values match perfectly? + } + + private ArrayList resultEmpty() { + return new ArrayList();//Nobody found + } + + private ArrayList result1() { + ArrayList results = new ArrayList<>(); + RegisterResult result1 = new RegisterResult("a12345", "Tom", "Mustermann", "1950-01-01", "Wien"); + results.add(result1); + RegisterResult result2 = new RegisterResult("a12345-", "Tom", "Mustermann", "1950-01-01", "Wien"); + results.add(result2); + return results; + } + + private ArrayList result2() { + ArrayList results = new ArrayList<>(); + RegisterResult result = new RegisterResult("a123456", "Max", "Mustermann", "2000-01-01", "Wien"); + results.add(result); + return results; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/IErnbClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/IErnbClient.java new file mode 100644 index 00000000..4873b939 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/IErnbClient.java @@ -0,0 +1,12 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; + +import java.util.ArrayList; + +public interface IErnbClient { + + ArrayList searchWithPersonIdentifer(String personIdentifer); + + ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth); +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java index f3916ed6..c22e8135 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java @@ -23,18 +23,16 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; public class ManualFixNecessaryException extends EidasSAuthenticationException { private static final long serialVersionUID = 1L; public ManualFixNecessaryException(String personIdentifier) { super("eidas.00", new Object[] { personIdentifier });//TODO "eidas.00" - } - public ManualFixNecessaryException(ErnbEidData eidData) { - + public ManualFixNecessaryException(SimpleEidasData eidData) { super("eidas.00", new Object[] { eidData.getPseudonym() });//TODO "eidas.00" => what info to pass??? } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java index fe839c37..e3c1e00f 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java @@ -23,18 +23,6 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; -import java.util.Map; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import org.apache.commons.lang3.StringUtils; -import org.joda.time.DateTime; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; - -import com.google.common.collect.ImmutableSortedSet; - import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; @@ -46,12 +34,21 @@ import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.impl.data.Triple; +import com.google.common.collect.ImmutableSortedSet; import edu.umd.cs.findbugs.annotations.NonNull; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.light.impl.LightRequest.Builder; import eu.eidas.auth.commons.protocol.eidas.SpType; -import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import java.util.Map; +import java.util.regex.Matcher; +import java.util.regex.Pattern; public abstract class AbstractEidProcessor implements INationalEidProcessor { private static final Logger log = LoggerFactory.getLogger(AbstractEidProcessor.class); @@ -66,7 +63,6 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { buildProviderNameAttribute(pendingReq, authnRequestBuilder); buildRequestedAttributes(authnRequestBuilder); - } @Override @@ -91,13 +87,12 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { result.setAddress(processAddress(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTADDRESS))); return result; - } - + /** * Get a Map of country-specific requested attributes. - * + * * @return */ @NonNull @@ -105,7 +100,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { /** * Post-Process the eIDAS CurrentAddress attribute. - * + * * @param currentAddressObj eIDAS current address information * @return current address or null if no attribute is available * @throws EidPostProcessingException if post-processing fails @@ -113,34 +108,12 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { */ protected PostalAddressType processAddress(Object currentAddressObj) throws EidPostProcessingException, EidasAttributeException { - - if (currentAddressObj != null) { - if (currentAddressObj instanceof PostalAddress) { - final PostalAddressType result = new PostalAddressType(); - result.setPostalCode(((PostalAddress) currentAddressObj).getPostCode()); - result.setMunicipality(((PostalAddress) currentAddressObj).getPostName()); - - // TODO: add more mappings - - return result; - - } else { - log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_CURRENTADDRESS + " is of WRONG type"); - throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTADDRESS); - - } - - } else { - log.debug("NO '" + Constants.eIDAS_ATTR_CURRENTADDRESS + "' attribute. Post-Processing skipped ... "); - } - - return null; - + return EidasResponseUtils.processAddress(currentAddressObj); } /** * Post-Process the eIDAS BirthName attribute. - * + * * @param birthNameObj eIDAS birthname information * @return birthName or null if no attribute is available * @throws EidPostProcessingException if post-processing fails @@ -148,27 +121,12 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { */ protected String processBirthName(Object birthNameObj) throws EidPostProcessingException, EidasAttributeException { - if (birthNameObj != null) { - if (birthNameObj instanceof String) { - return (String) birthNameObj; - - } else { - log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_BIRTHNAME + " is of WRONG type"); - throw new EidasAttributeException(Constants.eIDAS_ATTR_BIRTHNAME); - - } - - } else { - log.debug("NO '" + Constants.eIDAS_ATTR_BIRTHNAME + "' attribute. Post-Processing skipped ... "); - } - - return null; - + return EidasResponseUtils.processBirthName(birthNameObj); } /** * Post-Process the eIDAS PlaceOfBirth attribute. - * + * * @param placeOfBirthObj eIDAS Place-of-Birth information * @return place of Birth or null if no attribute is available * @throws EidPostProcessingException if post-processing fails @@ -176,27 +134,12 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { */ protected String processPlaceOfBirth(Object placeOfBirthObj) throws EidPostProcessingException, EidasAttributeException { - if (placeOfBirthObj != null) { - if (placeOfBirthObj instanceof String) { - return (String) placeOfBirthObj; - - } else { - log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_PLACEOFBIRTH + " is of WRONG type"); - throw new EidasAttributeException(Constants.eIDAS_ATTR_PLACEOFBIRTH); - - } - - } else { - log.debug("NO '" + Constants.eIDAS_ATTR_PLACEOFBIRTH + "' attribute. Post-Processing skipped ... "); - } - - return null; - + return EidasResponseUtils.processPlaceOfBirth(placeOfBirthObj); } /** * Post-Process the eIDAS DateOfBirth attribute. - * + * * @param dateOfBirthObj eIDAS date-of-birth attribute information * @return formated user's date-of-birth * @throws EidasAttributeException if NO attribute is available @@ -204,17 +147,12 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { */ protected DateTime processDateOfBirth(Object dateOfBirthObj) throws EidPostProcessingException, EidasAttributeException { - if (dateOfBirthObj == null || !(dateOfBirthObj instanceof DateTime)) { - throw new EidasAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); - } - - return (DateTime) dateOfBirthObj; - + return EidasResponseUtils.processDateOfBirth(dateOfBirthObj); } /** * Post-Process the eIDAS GivenName attribute. - * + * * @param givenNameObj eIDAS givenName attribute information * @return formated user's givenname * @throws EidasAttributeException if NO attribute is available @@ -222,17 +160,12 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { */ protected String processGivenName(Object givenNameObj) throws EidPostProcessingException, EidasAttributeException { - if (givenNameObj == null || !(givenNameObj instanceof String)) { - throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); - } - - return (String) givenNameObj; - + return EidasResponseUtils.processGivenName(givenNameObj); } /** * Post-Process the eIDAS FamilyName attribute. - * + * * @param familyNameObj eIDAS familyName attribute information * @return formated user's familyname * @throws EidasAttributeException if NO attribute is available @@ -240,17 +173,12 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { */ protected String processFamilyName(Object familyNameObj) throws EidPostProcessingException, EidasAttributeException { - if (familyNameObj == null || !(familyNameObj instanceof String)) { - throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); - } - - return (String) familyNameObj; - + return EidasResponseUtils.processFamilyName(familyNameObj); } /** * Post-Process the eIDAS pseudonym to ERnB unique identifier. - * + * * @param personalIdObj eIDAS PersonalIdentifierAttribute * @return Unique personal identifier without country-code information * @throws EidasAttributeException if NO attribute is available @@ -258,15 +186,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { */ protected String processPseudonym(Object personalIdObj) throws EidPostProcessingException, EidasAttributeException { - if (personalIdObj == null || !(personalIdObj instanceof String)) { - throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); - } - - final Triple eIdentifier = - EidasResponseUtils.parseEidasPersonalIdentifier((String) personalIdObj); - - return eIdentifier.getThird(); - + return EidasResponseUtils.processPseudonym(personalIdObj); } private void buildRequestedAttributes(Builder authnRequestBuilder) { @@ -332,8 +252,8 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); if (StringUtils.isNotEmpty(providerName) && basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME, - false)) { + Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME, + false)) { authnRequestBuilder.providerName(providerName); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java index c35f6e16..13d9117d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java @@ -24,7 +24,7 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.CountrySpecificDetailSearchResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; public interface ICountrySpecificDetailSearchProcessor { @@ -52,7 +52,7 @@ public interface ICountrySpecificDetailSearchProcessor { * @param eidData eID data * @return true if this implementation can handle the country, otherwise false */ - boolean canHandle(String countryCode, ErnbEidData eidData); + boolean canHandle(String countryCode, SimpleEidasData eidData); - CountrySpecificDetailSearchResult search(ErnbEidData eidData); + CountrySpecificDetailSearchResult search(SimpleEidasData eidData); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index d9f70a81..6f4cfefc 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -25,14 +25,19 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.CountrySpecificDetailSearchResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.InitialSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb.IErnbClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ICountrySpecificDetailSearchProcessor; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.data.Triple; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import com.google.common.collect.ImmutableMap; @@ -75,13 +80,19 @@ public class InitialSearchTask extends AbstractAuthServletTask { // private IConfiguration basicConfig; // @Autowired // private SzrClient szrClient; - @Autowired - private ICcSpecificEidProcessingService eidPostProcessor; + // @Autowired + // private ICcSpecificEidProcessingService eidPostProcessor; // private static final String EID_STATUS = "urn:eidgvat:eid.status.eidas"; @Autowired private ApplicationContext context; + @Autowired + private IErnbClient ernbClient; + + @Autowired + private IZmrClient zmrClient; + @PostConstruct private void initialize() { log.debug("Initialize country specific detail search services ... "); @@ -127,36 +138,82 @@ public class InitialSearchTask extends AbstractAuthServletTask { eidasResponse.getAttributes().getAttributeMap()); // post-process eIDAS attributes - final ErnbEidData eidData = eidPostProcessor.postProcess(simpleAttrMap); - - String personIdentifier = eidData.getPseudonym(); - - //search in register(step 2) - InitialSearchResult result = searchInZmrAndErnp(personIdentifier); - switch (result.getResultCount()) { - case 0: - step5(result, eidData); - break; - case 1: - step3(result, eidData); - break; - default://should not happen - throw new TaskExecutionException(pendingReq, "Initial search - Kitt Process necessary.", - new ManualFixNecessaryException(personIdentifier)); - } + final SimpleEidasData eidData = convertSimpleMapToSimpleData(simpleAttrMap); + step2(eidData); } catch (final Exception e) { log.error("Initial search FAILED.", e); throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); } } - private void step3(InitialSearchResult result, ErnbEidData eidData) { + private void step2(SimpleEidasData eidData) throws TaskExecutionException { + String personIdentifier = eidData.getPseudonym(); + //search in register(step 2) + MergedRegisterSearchResult result = searchInZmrAndErnp(personIdentifier); + switch (result.getResultCount()) { + case 0: + step5(result, eidData); + break; + case 1: + step3(result, eidData); + break; + default://should not happen + throw new TaskExecutionException(pendingReq, "Initial search - Kitt Process necessary.", + new ManualFixNecessaryException(personIdentifier)); + } + } + + private SimpleEidasData convertSimpleMapToSimpleData(Map eidasAttrMap) + throws EidasAttributeException, EidPostProcessingException { + SimpleEidasData simpleEidasData = new SimpleEidasData(); + + final Object eIdentifierObj = eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + final Triple eIdentifier = + EidasResponseUtils.parseEidasPersonalIdentifier((String) eIdentifierObj); + simpleEidasData.setCitizenCountryCode(eIdentifier.getFirst()); + + // MDS attributes + simpleEidasData.setPseudonym(EidasResponseUtils.processPseudonym( + eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))); + simpleEidasData.setFamilyName(EidasResponseUtils.processFamilyName( + eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))); + simpleEidasData.setGivenName(EidasResponseUtils.processGivenName( + eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME))); + simpleEidasData.setDateOfBirth(EidasResponseUtils.processDateOfBirth( + eidasAttrMap.get(Constants.eIDAS_ATTR_DATEOFBIRTH))); + + // additional attributes + simpleEidasData.setPlaceOfBirth(EidasResponseUtils.processPlaceOfBirth( + eidasAttrMap.get(Constants.eIDAS_ATTR_PLACEOFBIRTH))); + simpleEidasData.setBirthName(EidasResponseUtils.processBirthName( + eidasAttrMap.get(Constants.eIDAS_ATTR_BIRTHNAME))); + simpleEidasData.setAddress(EidasResponseUtils.processAddress( + eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTADDRESS))); + + //TODO other additional attributes + return simpleEidasData; + } + + private void step3(MergedRegisterSearchResult result, SimpleEidasData eidData) { //check if data from eidas authentication matches with data from register - //TODO + log.debug("Compare " + result + " with " + eidData); + //TODO check if data matches + boolean match = true; + if (match) { + return; + } else { + step4(result, eidData); + } } - private void step5(InitialSearchResult result, ErnbEidData eidData) throws TaskExecutionException { + private void step4(MergedRegisterSearchResult result, SimpleEidasData eidData) { + log.debug("Update " + result + " with " + eidData); + //TODO + } + + private void step5(MergedRegisterSearchResult result, SimpleEidasData eidData) + throws TaskExecutionException { String citizenCountry = eidData.getCitizenCountryCode(); ICountrySpecificDetailSearchProcessor foundHandler = null; for (final ICountrySpecificDetailSearchProcessor el : handlers) { @@ -178,7 +235,8 @@ public class InitialSearchTask extends AbstractAuthServletTask { } private void step6(ICountrySpecificDetailSearchProcessor countrySpecificDetailSearchProcessor, - InitialSearchResult initialSearchResult, ErnbEidData eidData) throws TaskExecutionException { + MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidData) + throws TaskExecutionException { //6 country specific search CountrySpecificDetailSearchResult countrySpecificDetailSearchResult = countrySpecificDetailSearchProcessor.search(eidData); @@ -196,19 +254,40 @@ public class InitialSearchTask extends AbstractAuthServletTask { } } - private void step7a(InitialSearchResult initialSearchResult, - CountrySpecificDetailSearchResult countrySpecificDetailSearchResult, ErnbEidData eidData) { + private void step7a(MergedRegisterSearchResult initialSearchResult, + CountrySpecificDetailSearchResult countrySpecificDetailSearchResult, SimpleEidasData eidData) { //TODO automerge - + log.debug("Automerge " + initialSearchResult + " with " + eidData + " " + countrySpecificDetailSearchResult); } - private void step8(InitialSearchResult initialSearchResult, ErnbEidData eidData) { - //TODO MDS Suche + private void step8(MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidData) { + MergedRegisterSearchResult mdsSearchResult = new MergedRegisterSearchResult(); + + ArrayList resultsZmr = + zmrClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getFormatedDateOfBirth()); + mdsSearchResult.setResultsZmr(resultsZmr); + + ArrayList resultsErnb = + ernbClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getFormatedDateOfBirth()); + mdsSearchResult.setResultsErnb(resultsErnb); + + log.debug("Automerge " + initialSearchResult + " with " + eidData + " " + mdsSearchResult); + //TODO + } - private InitialSearchResult searchInZmrAndErnp(String personIdentifier) { - //search TODO - return new InitialSearchResult();//TODO + private MergedRegisterSearchResult searchInZmrAndErnp(String personIdentifier) { + MergedRegisterSearchResult initialSearchResult = new MergedRegisterSearchResult(); + + ArrayList resultsZmr = + zmrClient.searchWithPersonIdentifer(personIdentifier); + initialSearchResult.setResultsZmr(resultsZmr); + + ArrayList resultsErnb = + ernbClient.searchWithPersonIdentifer(personIdentifier); + initialSearchResult.setResultsErnb(resultsErnb); + + return initialSearchResult; } private Map convertEidasAttrToSimpleMap( diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java index ebd2ae78..c68a602b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java @@ -30,6 +30,9 @@ import java.util.regex.Pattern; import javax.annotation.Nullable; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; import org.slf4j.Logger; @@ -169,4 +172,169 @@ public class EidasResponseUtils { } + /** + * Post-Process the eIDAS CurrentAddress attribute. + * + * @param currentAddressObj eIDAS current address information + * @return current address or null if no attribute is available + * @throws EidPostProcessingException if post-processing fails + * @throws EidasAttributeException if eIDAS attribute is of a wrong type + */ + public static PostalAddressType processAddress(Object currentAddressObj) throws EidPostProcessingException, + EidasAttributeException { + + if (currentAddressObj != null) { + if (currentAddressObj instanceof PostalAddress) { + final PostalAddressType result = new PostalAddressType(); + result.setPostalCode(((PostalAddress) currentAddressObj).getPostCode()); + result.setMunicipality(((PostalAddress) currentAddressObj).getPostName()); + + // TODO: add more mappings + + return result; + + } else { + log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_CURRENTADDRESS + " is of WRONG type"); + throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTADDRESS); + + } + + } else { + log.debug("NO '" + Constants.eIDAS_ATTR_CURRENTADDRESS + "' attribute. Post-Processing skipped ... "); + } + + return null; + + } + + /** + * Post-Process the eIDAS BirthName attribute. + * + * @param birthNameObj eIDAS birthname information + * @return birthName or null if no attribute is available + * @throws EidPostProcessingException if post-processing fails + * @throws EidasAttributeException if eIDAS attribute is of a wrong type + */ + public static String processBirthName(Object birthNameObj) throws EidPostProcessingException, + EidasAttributeException { + if (birthNameObj != null) { + if (birthNameObj instanceof String) { + return (String) birthNameObj; + + } else { + log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_BIRTHNAME + " is of WRONG type"); + throw new EidasAttributeException(Constants.eIDAS_ATTR_BIRTHNAME); + + } + + } else { + log.debug("NO '" + Constants.eIDAS_ATTR_BIRTHNAME + "' attribute. Post-Processing skipped ... "); + } + + return null; + + } + + /** + * Post-Process the eIDAS PlaceOfBirth attribute. + * + * @param placeOfBirthObj eIDAS Place-of-Birth information + * @return place of Birth or null if no attribute is available + * @throws EidPostProcessingException if post-processing fails + * @throws EidasAttributeException if eIDAS attribute is of a wrong type + */ + public static String processPlaceOfBirth(Object placeOfBirthObj) throws EidPostProcessingException, + EidasAttributeException { + if (placeOfBirthObj != null) { + if (placeOfBirthObj instanceof String) { + return (String) placeOfBirthObj; + + } else { + log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_PLACEOFBIRTH + " is of WRONG type"); + throw new EidasAttributeException(Constants.eIDAS_ATTR_PLACEOFBIRTH); + + } + + } else { + log.debug("NO '" + Constants.eIDAS_ATTR_PLACEOFBIRTH + "' attribute. Post-Processing skipped ... "); + } + + return null; + + } + + /** + * Post-Process the eIDAS DateOfBirth attribute. + * + * @param dateOfBirthObj eIDAS date-of-birth attribute information + * @return formated user's date-of-birth + * @throws EidasAttributeException if NO attribute is available + * @throws EidPostProcessingException if post-processing fails + */ + public static DateTime processDateOfBirth(Object dateOfBirthObj) throws EidPostProcessingException, + EidasAttributeException { + if (dateOfBirthObj == null || !(dateOfBirthObj instanceof DateTime)) { + throw new EidasAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); + } + + return (DateTime) dateOfBirthObj; + + } + + /** + * Post-Process the eIDAS GivenName attribute. + * + * @param givenNameObj eIDAS givenName attribute information + * @return formated user's givenname + * @throws EidasAttributeException if NO attribute is available + * @throws EidPostProcessingException if post-processing fails + */ + public static String processGivenName(Object givenNameObj) throws EidPostProcessingException, + EidasAttributeException { + if (givenNameObj == null || !(givenNameObj instanceof String)) { + throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); + } + + return (String) givenNameObj; + + } + + /** + * Post-Process the eIDAS FamilyName attribute. + * + * @param familyNameObj eIDAS familyName attribute information + * @return formated user's familyname + * @throws EidasAttributeException if NO attribute is available + * @throws EidPostProcessingException if post-processing fails + */ + public static String processFamilyName(Object familyNameObj) throws EidPostProcessingException, + EidasAttributeException { + if (familyNameObj == null || !(familyNameObj instanceof String)) { + throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); + } + + return (String) familyNameObj; + + } + + /** + * Post-Process the eIDAS pseudonym to ERnB unique identifier. + * + * @param personalIdObj eIDAS PersonalIdentifierAttribute + * @return Unique personal identifier without country-code information + * @throws EidasAttributeException if NO attribute is available + * @throws EidPostProcessingException if post-processing fails + */ + public static String processPseudonym(Object personalIdObj) throws EidPostProcessingException, + EidasAttributeException { + if (personalIdObj == null || !(personalIdObj instanceof String)) { + throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + } + + final Triple eIdentifier = + EidasResponseUtils.parseEidasPersonalIdentifier((String) personalIdObj); + + return eIdentifier.getThird(); + + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java new file mode 100644 index 00000000..9a7cc9b3 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java @@ -0,0 +1,49 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import org.springframework.stereotype.Service; + +import java.util.ArrayList; + +@Service("ZmrClientForeIDAS") +public class DummyZmrClient implements IZmrClient { + + @Override + public ArrayList searchWithPersonIdentifer(String personIdentifer) { + switch (personIdentifer) { + case "a12345": + case "a12345-": + return result1(); + case "a123456": + return result2(); + default: + return resultEmpty(); + } + } + + @Override + public ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth) { + return resultEmpty();//TODO will I only receive matches where all three values match perfectly? + } + + private ArrayList resultEmpty() { + return new ArrayList();//Nobody found + } + + private ArrayList result1() { + ArrayList results = new ArrayList<>(); + RegisterResult result1 = new RegisterResult("12345", "Tom", "Mustermann", "1950-01-01", "Wien"); + results.add(result1); + RegisterResult result2 = new RegisterResult("12345-", "Tom", "Mustermann", "1950-01-01", "Wien"); + results.add(result2); + return results; + } + + private ArrayList result2() { + ArrayList results = new ArrayList<>(); + RegisterResult result = new RegisterResult("123456", "Max", "Mustermann", "2000-01-01", "Wien"); + results.add(result); + return results; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java new file mode 100644 index 00000000..1f7e4949 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java @@ -0,0 +1,12 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; + +import java.util.ArrayList; + +public interface IZmrClient { + + ArrayList searchWithPersonIdentifer(String personIdentifer); + + ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth); +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 9c28bf07..0f6277c0 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -17,6 +17,12 @@ + + + + -- cgit v1.2.3 From cbbd53e6b88682045e5b8789c46a94035be30827 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Wed, 16 Dec 2020 10:47:09 +0100 Subject: added country specific search classes --- .../v2/dao/CountrySpecificDetailSearchResult.java | 2 +- .../handler/DeSpecificDetailSearchProcessor.java | 32 ++++++++++++++++++++++ .../ICountrySpecificDetailSearchProcessor.java | 11 +------- .../handler/ItSpecificDetailSearchProcessor.java | 29 ++++++++++++++++++++ .../auth/eidas/v2/tasks/InitialSearchTask.java | 13 ++++----- .../src/main/resources/eidas_v2_auth.beans.xml | 8 ++++++ 6 files changed, 77 insertions(+), 18 deletions(-) create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/CountrySpecificDetailSearchResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/CountrySpecificDetailSearchResult.java index b74172f9..6e1f8653 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/CountrySpecificDetailSearchResult.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/CountrySpecificDetailSearchResult.java @@ -6,7 +6,7 @@ import java.util.ArrayList; public class CountrySpecificDetailSearchResult { - //TODO is the result the same as the one form the initial search? + //TODO is the result the same as the one from the initial search? ArrayList resultsZmr = new ArrayList<>(); ArrayList resultsErnb = new ArrayList<>(); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java new file mode 100644 index 00000000..727aa718 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java @@ -0,0 +1,32 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.CountrySpecificDetailSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; + +public class DeSpecificDetailSearchProcessor implements ICountrySpecificDetailSearchProcessor { + + @Override + public String getName() { + return this.getClass().getName(); + } + + @Override + public boolean canHandle(String countryCode, SimpleEidasData eidData) { + if (!countryCode.equalsIgnoreCase("de")) { + return false; + } + if (eidData.getBirthName() == null || eidData.getBirthName().isEmpty()) { + return false; + } + if (eidData.getPlaceOfBirth() == null || eidData.getPlaceOfBirth().isEmpty()) { + return false; + } + return true; + } + + @Override + public CountrySpecificDetailSearchResult search(SimpleEidasData eidData) { + //TODO + return new CountrySpecificDetailSearchResult(); + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java index 13d9117d..8ddd79bb 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java @@ -35,16 +35,6 @@ public interface ICountrySpecificDetailSearchProcessor { */ String getName(); - /** - * Get the priority of this eID Post-Processor
- * If more than one Post-Processor implementations can handle the eID data, the - * post-processor with the highest priority are selected. The Default-Processor - * has priority '0' - * - * @return Priority of this handler - */ - int getPriority(); - /** * Check if this postProcessor is sensitive for a specific country. * @@ -55,4 +45,5 @@ public interface ICountrySpecificDetailSearchProcessor { boolean canHandle(String countryCode, SimpleEidasData eidData); CountrySpecificDetailSearchResult search(SimpleEidasData eidData); + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java new file mode 100644 index 00000000..bb0a5262 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java @@ -0,0 +1,29 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.CountrySpecificDetailSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; + +public class ItSpecificDetailSearchProcessor implements ICountrySpecificDetailSearchProcessor { + + @Override + public String getName() { + return this.getClass().getName(); + } + + @Override + public boolean canHandle(String countryCode, SimpleEidasData eidData) { + if (!countryCode.equalsIgnoreCase("it")) { + return false; + } + if (eidData.getTaxNumber() == null || eidData.getTaxNumber().isEmpty()) { + return false; + } + return true; + } + + @Override + public CountrySpecificDetailSearchResult search(SimpleEidasData eidData) { + //TODO + return new CountrySpecificDetailSearchResult(); + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index ec56a6dd..91edbaef 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -58,7 +58,6 @@ import javax.annotation.PostConstruct; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.ArrayList; -import java.util.Collections; import java.util.HashMap; import java.util.Iterator; import java.util.List; @@ -108,12 +107,12 @@ public class InitialSearchTask extends AbstractAuthServletTask { } - log.trace("Sorting country specific detail search services on priority ... "); - Collections.sort(handlers, (thisAuthModule, otherAuthModule) -> { - final int thisOrder = thisAuthModule.getPriority(); - final int otherOrder = otherAuthModule.getPriority(); - return thisOrder < otherOrder ? 1 : thisOrder == otherOrder ? 0 : -1; - }); + // log.trace("Sorting country specific detail search services on priority ... "); + // Collections.sort(handlers, (thisAuthModule, otherAuthModule) -> { + // final int thisOrder = thisAuthModule.getPriority(); + // final int otherOrder = otherAuthModule.getPriority(); + // return thisOrder < otherOrder ? 1 : thisOrder == otherOrder ? 0 : -1; + // }); log.info("# " + handlers.size() + " country specific detail search services are registrated"); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 0f6277c0..ca6eba20 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -80,6 +80,14 @@ + + + + + + Date: Thu, 7 Jan 2021 18:16:45 +0100 Subject: Resolve merge comments --- .../properties/status_messages_en.properties | 3 + .../specific/modules/auth/eidas/v2/Constants.java | 2 +- .../modules/auth/eidas/v2/dao/ErnbEidData.java | 2 +- .../eidas/v2/dao/MergedRegisterSearchResult.java | 57 ++- .../modules/auth/eidas/v2/dao/RegisterResult.java | 61 +-- .../modules/auth/eidas/v2/dao/SimpleEidasData.java | 27 +- .../auth/eidas/v2/ernb/DummyErnbClient.java | 43 -- .../modules/auth/eidas/v2/ernb/IErnbClient.java | 20 - .../auth/eidas/v2/ernp/DummyErnpClient.java | 66 ++++ .../modules/auth/eidas/v2/ernp/IErnpClient.java | 43 ++ .../v2/exception/ManualFixNecessaryException.java | 6 +- .../auth/eidas/v2/exception/WorkflowException.java | 6 +- .../CountrySpecificDetailSearchProcessor.java | 61 +++ .../handler/DeSpecificDetailSearchProcessor.java | 35 +- .../ICountrySpecificDetailSearchProcessor.java | 61 --- .../handler/ItSpecificDetailSearchProcessor.java | 34 +- .../auth/eidas/v2/tasks/InitialSearchTask.java | 188 ++++----- .../eidas/v2/tasks/ReceiveAuthnResponseTask.java | 2 +- .../auth/eidas/v2/utils/EidasResponseUtils.java | 107 ++--- .../modules/auth/eidas/v2/zmr/DummyZmrClient.java | 27 +- .../modules/auth/eidas/v2/zmr/IZmrClient.java | 27 +- .../src/main/resources/eidas_v2_auth.beans.xml | 2 +- .../v2/test/tasks/InitialSearchTaskFirstTest.java | 438 +++++++++------------ .../resources/SpringTest-context_tasks_test.xml | 2 +- 24 files changed, 694 insertions(+), 626 deletions(-) delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/DummyErnbClient.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/IErnbClient.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/connector/src/main/resources/properties/status_messages_en.properties b/connector/src/main/resources/properties/status_messages_en.properties index 80228a47..c430fc90 100644 --- a/connector/src/main/resources/properties/status_messages_en.properties +++ b/connector/src/main/resources/properties/status_messages_en.properties @@ -6,6 +6,9 @@ eidas.04=Request contains no sessionToken. Authentication process stops eidas.05=Received eIDAS response-message is not valid. Reason: {0} eidas.06=LoA from eIDAS response-message {0} does not match to requested LoA eidas.07=eIDAS Response attribute-validation FAILED. Attribute:{0} Reason: {1} +eidas.08=An unexpected error occurred. +eidas.09=An error occurred while loading your data from official registers. Please contact the support. + config.01=No configuration-file parameter found. Maybe Java SystemD parameter is missing config.03=Can not load configuration from path {0} (See logs for more details) diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 9104c55f..54f7f8fa 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -32,7 +32,7 @@ public class Constants { public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA"; public static final String DATA_REQUESTED_LOA_COMPERISON = "req_requestedLoAComperision"; public static final String DATA_FULL_EIDAS_RESPONSE = "resp_fulleIDASResponse"; - public static final String DATA_RESULT_MATCHING_BPK = "matching-result-bpk";//TODO? + public static final String DATA_RESULT_MATCHING_BPK = "matching-result-bpk"; // templates for post-binding forwarding public static final String TEMPLATE_POST_FORWARD_NAME = "eidas_node_forward.html"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/ErnbEidData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/ErnbEidData.java index 6c7eeb6b..b780d3e8 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/ErnbEidData.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/ErnbEidData.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2020 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java index 056b0450..7703af2a 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java @@ -1,3 +1,26 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; @@ -5,28 +28,48 @@ import lombok.Data; import java.util.ArrayList; -@Data public class MergedRegisterSearchResult { +@Data +public class MergedRegisterSearchResult { + + final ArrayList resultsZmr; + final ArrayList resultsErnp; - ArrayList resultsZmr = new ArrayList<>(); - ArrayList resultsErnb = new ArrayList<>(); + public MergedRegisterSearchResult(ArrayList resultsZmr, ArrayList resultsErnp) { + this.resultsZmr = resultsZmr; + this.resultsErnp = resultsErnp; + } public int getResultCount() { - return resultsZmr.size() + resultsErnb.size(); + return resultsZmr.size() + resultsErnp.size(); } /** - * Verfies that there is only one match and retunrs the bpk. + * Verifies that there is only one match and returns the bpk. + * * @return bpk bpk of the match * @throws WorkflowException if multiple results have been found */ public String getBpk() throws WorkflowException { + if (getResultCount() != 1) { + throw new WorkflowException("getResultCount() != 1"); + } + return getResult().getBpk(); + } + + /** + * Returns the results, if there is exactly one, throws exception otherwise. + * + * @return The result + * @throws WorkflowException Results does not contain exactly one result + */ + public RegisterResult getResult() throws WorkflowException { if (getResultCount() != 1) { throw new WorkflowException("getResultCount() != 1"); } if (resultsZmr.size() == 1) { - return resultsZmr.get(0).getBpk(); + return resultsZmr.get(0); } else { - return resultsErnb.get(0).getBpk(); + return resultsErnp.get(0); } } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java index c92808a1..1cc36fe9 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java @@ -1,3 +1,26 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; @@ -7,18 +30,18 @@ import lombok.Data; public class RegisterResult { // MDS - private String pseudonym = null; - private String givenName = null; - private String familyName = null; - private String dateOfBirth = null; + private String pseudonym; + private String givenName; + private String familyName; + private String dateOfBirth; // additional attributes - private String placeOfBirth = null; - private String birthName = null; - private String taxNumber = null; - private PostalAddressType address = null; + private String placeOfBirth; + private String birthName; + private String taxNumber; + private PostalAddressType address; - private String bpk = null; + private String bpk; /** * Register search result. @@ -37,26 +60,6 @@ public class RegisterResult { this.dateOfBirth = dateOfBirth; } - /** - * Register search result. - * - * @param bpk The bpk - * @param pseudonym The pseudonym - * @param givenName The givenName - * @param familyName The familyName - * @param dateOfBirth The dateOfBirth - * @param placeOfBirth The placeOfBirth - */ - public RegisterResult(String bpk, String pseudonym, String givenName, String familyName, String dateOfBirth, - String placeOfBirth) { - this.bpk = bpk; - this.pseudonym = pseudonym; - this.givenName = givenName; - this.familyName = familyName; - this.dateOfBirth = dateOfBirth; - this.placeOfBirth = placeOfBirth; - } - /** * Register search result. * diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java index 674f5b48..57597122 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2020 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * @@ -30,18 +30,18 @@ import lombok.Data; @Data public class SimpleEidasData { - private String citizenCountryCode = null; + private String citizenCountryCode; // MDS - private String pseudonym = null; - private String givenName = null; - private String familyName = null; - private String dateOfBirth = null; + private String pseudonym; + private String givenName; + private String familyName; + private String dateOfBirth; // additional attributes - private String placeOfBirth = null; - private String birthName = null; - private PostalAddressType address = null; + private String placeOfBirth; + private String birthName; + private PostalAddressType address; private String taxNumber; /** @@ -51,14 +51,7 @@ public class SimpleEidasData { * @throws WorkflowException if multiple results have been found */ public boolean equalsRegisterData(MergedRegisterSearchResult result) throws WorkflowException { - if (result.getResultCount() != 1) { - throw new WorkflowException("result.getResultCount() != 1"); - } - if (result.getResultsErnb().size() == 1) { - return equalsRegisterData(result.getResultsErnb().get(0)); - } else { - return equalsRegisterData(result.getResultsZmr().get(0)); - } + return equalsRegisterData(result.getResult()); } private boolean equalsRegisterData(RegisterResult result) { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/DummyErnbClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/DummyErnbClient.java deleted file mode 100644 index 2d2fa76d..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/DummyErnbClient.java +++ /dev/null @@ -1,43 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import org.springframework.stereotype.Service; - -import java.util.ArrayList; - -@Service("ErnbClientForeIDAS") -public class DummyErnbClient implements IErnbClient { - - @Override - public ArrayList searchWithPersonIdentifer(String personIdentifer) { - return resultEmpty(); - } - - @Override - public ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth) { - return resultEmpty();//TODO will I only receive matches where all three values match perfectly? - } - - @Override - public ArrayList searchDeSpecific(String givenName, String familyName, String dateOfBirth, - String birthPlace, String birthName) { - return resultEmpty();//TODO - } - - @Override - public ArrayList searchItSpecific(String txNumber) { - return resultEmpty();//TODO - } - - @Override - public void update(RegisterResult registerResult, SimpleEidasData eidData) { - //TODO - } - - private ArrayList resultEmpty() { - return new ArrayList();//Nobody found - } - - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/IErnbClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/IErnbClient.java deleted file mode 100644 index cda4c426..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/IErnbClient.java +++ /dev/null @@ -1,20 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; - -import java.util.ArrayList; - -public interface IErnbClient { - - ArrayList searchWithPersonIdentifer(String personIdentifer); - - ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth); - - ArrayList searchDeSpecific(String givenName, String familyName, String dateOfBirth, - String birthPlace, String birthName); - - ArrayList searchItSpecific(String txNumber); - - void update(RegisterResult registerResult, SimpleEidasData eidData); -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java new file mode 100644 index 00000000..3b49ab95 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java @@ -0,0 +1,66 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import org.springframework.stereotype.Service; + +import java.util.ArrayList; + +@Service("ErnbClientForeIDAS") +public class DummyErnpClient implements IErnpClient { + + @Override + public ArrayList searchWithPersonIdentifier(String personIdentifier) { + return resultEmpty(); + } + + @Override + public ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth) { + return resultEmpty();//TODO will I only receive matches where all three values match perfectly? + } + + @Override + public ArrayList searchDeSpecific(String givenName, String familyName, String dateOfBirth, + String birthPlace, String birthName) { + return resultEmpty();//TODO + } + + @Override + public ArrayList searchItSpecific(String taxNumber) { + return resultEmpty();//TODO + } + + @Override + public void update(RegisterResult registerResult, SimpleEidasData eidData) { + //TODO + } + + private ArrayList resultEmpty() { + return new ArrayList();//Nobody found + } + + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java new file mode 100644 index 00000000..01ac88fb --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java @@ -0,0 +1,43 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; + +import java.util.ArrayList; + +public interface IErnpClient { + + ArrayList searchWithPersonIdentifier(String personIdentifier); + + ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth); + + ArrayList searchDeSpecific(String givenName, String familyName, String dateOfBirth, + String birthPlace, String birthName); + + ArrayList searchItSpecific(String taxNumber); + + void update(RegisterResult registerResult, SimpleEidasData eidData); +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java index c22e8135..2fecaa6b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2020 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * @@ -29,10 +29,10 @@ public class ManualFixNecessaryException extends EidasSAuthenticationException { private static final long serialVersionUID = 1L; public ManualFixNecessaryException(String personIdentifier) { - super("eidas.00", new Object[] { personIdentifier });//TODO "eidas.00" + super("eidas.09", new Object[] { personIdentifier }); } public ManualFixNecessaryException(SimpleEidasData eidData) { - super("eidas.00", new Object[] { eidData.getPseudonym() });//TODO "eidas.00" => what info to pass??? + super("eidas.09", new Object[] { eidData.getPseudonym() });//TODO what info to pass??? } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/WorkflowException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/WorkflowException.java index aa879bcc..b6f3309b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/WorkflowException.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/WorkflowException.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2020 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * @@ -19,7 +19,7 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. -*/ + */ package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; @@ -27,7 +27,7 @@ public class WorkflowException extends EidasSAuthenticationException { private static final long serialVersionUID = 1L; public WorkflowException(String data) { - super("eidas.00", new Object[] { data }); + super("eidas.08", new Object[]{data}); } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java new file mode 100644 index 00000000..c5b3b231 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java @@ -0,0 +1,61 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; + +public abstract class CountrySpecificDetailSearchProcessor { + + protected IErnpClient ernbClient; + protected IZmrClient zmrClient; + + public CountrySpecificDetailSearchProcessor(IErnpClient ernbClient, IZmrClient zmrClient) { + this.ernbClient = ernbClient; + this.zmrClient = zmrClient; + } + + /** + * Get a friendlyName of this post-processor implementation. + * + * @return + */ + public String getName() { + return this.getClass().getName(); + } + + /** + * Check if this postProcessor is sensitive for a specific country. + * + * @param countryCode of the eID data that should be processed + * @param eidData eID data + * @return true if this implementation can handle the country, otherwise false + */ + public abstract boolean canHandle(String countryCode, SimpleEidasData eidData); + + public abstract MergedRegisterSearchResult search(SimpleEidasData eidData); + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java index e8cb7a1a..a29725c8 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java @@ -1,17 +1,40 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb.IErnbClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; import java.util.ArrayList; -public class DeSpecificDetailSearchProcessor extends ICountrySpecificDetailSearchProcessor { +public class DeSpecificDetailSearchProcessor extends CountrySpecificDetailSearchProcessor { - public DeSpecificDetailSearchProcessor(IErnbClient ernbClient, IZmrClient zmrClient) { + public DeSpecificDetailSearchProcessor(IErnpClient ernbClient, IZmrClient zmrClient) { super(ernbClient, zmrClient); } @@ -31,17 +54,17 @@ public class DeSpecificDetailSearchProcessor extends ICountrySpecificDetailSearc @Override public MergedRegisterSearchResult search(SimpleEidasData eidData) { - MergedRegisterSearchResult searchResult = new MergedRegisterSearchResult(); + ArrayList resultsZmr = zmrClient.searchDeSpecific(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth(), eidData.getPlaceOfBirth(), eidData.getBirthName()); - searchResult.setResultsZmr(resultsZmr); ArrayList resultsErnb = ernbClient.searchDeSpecific(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth(), eidData.getPlaceOfBirth(), eidData.getBirthName()); - searchResult.setResultsErnb(resultsErnb); + + MergedRegisterSearchResult searchResult = new MergedRegisterSearchResult(resultsZmr, resultsErnb); return searchResult; } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java deleted file mode 100644 index 6a2b2c0a..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb.IErnbClient; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; - -public abstract class ICountrySpecificDetailSearchProcessor { - - protected IErnbClient ernbClient; - protected IZmrClient zmrClient; - - public ICountrySpecificDetailSearchProcessor(IErnbClient ernbClient, IZmrClient zmrClient) { - this.ernbClient = ernbClient; - this.zmrClient = zmrClient; - } - - /** - * Get a friendlyName of this post-processor implementation. - * - * @return - */ - public String getName() { - return this.getClass().getName(); - } - - /** - * Check if this postProcessor is sensitive for a specific country. - * - * @param countryCode of the eID data that should be processed - * @param eidData eID data - * @return true if this implementation can handle the country, otherwise false - */ - public abstract boolean canHandle(String countryCode, SimpleEidasData eidData); - - public abstract MergedRegisterSearchResult search(SimpleEidasData eidData); - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java index a94a67b3..e730066d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java @@ -1,17 +1,40 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb.IErnbClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; import java.util.ArrayList; -public class ItSpecificDetailSearchProcessor extends ICountrySpecificDetailSearchProcessor { +public class ItSpecificDetailSearchProcessor extends CountrySpecificDetailSearchProcessor { - public ItSpecificDetailSearchProcessor(IErnbClient ernbClient, IZmrClient zmrClient) { + public ItSpecificDetailSearchProcessor(IErnpClient ernbClient, IZmrClient zmrClient) { super(ernbClient, zmrClient); } @@ -28,15 +51,14 @@ public class ItSpecificDetailSearchProcessor extends ICountrySpecificDetailSearc @Override public MergedRegisterSearchResult search(SimpleEidasData eidData) { - MergedRegisterSearchResult searchResult = new MergedRegisterSearchResult(); ArrayList resultsZmr = zmrClient.searchItSpecific(eidData.getTaxNumber()); - searchResult.setResultsZmr(resultsZmr); ArrayList resultsErnb = ernbClient.searchItSpecific(eidData.getTaxNumber()); - searchResult.setResultsErnb(resultsErnb); + + MergedRegisterSearchResult searchResult = new MergedRegisterSearchResult(resultsZmr, resultsErnb); return searchResult; } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index a87be6c5..ba05ef0d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2020 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * @@ -27,12 +27,11 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb.IErnbClient; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ICountrySpecificDetailSearchProcessor; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificDetailSearchProcessor; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -59,29 +58,32 @@ import java.util.List; import java.util.Map; /** - * Task that searches ErnB and ZMR before adding person to SZR. + * Task that searches ErnP and ZMR before adding person to SZR. * - * @author tlenz + * @author amarsalek */ @Slf4j @Component("InitialSearchTask") -// NOTE: General: Please rebase git commit and squash them where useful, i.e. "remove unused import" should -// not be a separate commit. public class InitialSearchTask extends AbstractAuthServletTask { - private List handlers = new ArrayList<>(); + private final List handlers; + private final IErnpClient ernpClient; + private final IZmrClient zmrClient; - private IErnbClient ernbClient; - private IZmrClient zmrClient; - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv. - * egovernment.moa.id.process.api.ExecutionContext, - * javax.servlet.http.HttpServletRequest, - * javax.servlet.http.HttpServletResponse) + /** + * Constructor. + * @param handlers List of countrySpecificSearchProcessors + * @param ernpClient Ernp client + * @param zmrClient ZMR client */ + public InitialSearchTask(List handlers, IErnpClient ernpClient, + IZmrClient zmrClient) { + this.ernpClient = ernpClient; + this.zmrClient = zmrClient; + this.handlers = handlers; + log.info("# " + handlers.size() + " country specific detail search services are registered"); + } + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { @@ -90,7 +92,6 @@ public class InitialSearchTask extends AbstractAuthServletTask { final ILightResponse eidasResponse = authProcessData .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); - // post-process eIDAS attributes final SimpleEidasData eidData = convertSimpleMapToSimpleData(convertEidasAttrToSimpleMap( eidasResponse.getAttributes().getAttributeMap())); @@ -103,10 +104,11 @@ public class InitialSearchTask extends AbstractAuthServletTask { } private String step2RegisterSearchWithPersonidentifier(SimpleEidasData eidData) throws TaskExecutionException { + log.trace("Starting step2RegisterSearchWithPersonidentifier"); String personIdentifier = eidData.getPseudonym(); MergedRegisterSearchResult result = searchInZmrAndErnp(personIdentifier); if (result.getResultCount() == 0) { - return step5CheckCountrySpecificSearchPossible(result, eidData); + return step5CheckAndPerformCountrySpecificSearchIfPossible(result, eidData); } else if (result.getResultCount() == 1) { return step3CheckRegisterUpdateNecessary(result, eidData); } @@ -114,46 +116,9 @@ public class InitialSearchTask extends AbstractAuthServletTask { new ManualFixNecessaryException(personIdentifier)); } - private SimpleEidasData convertSimpleMapToSimpleData(Map eidasAttrMap) - throws EidasAttributeException, EidPostProcessingException { - SimpleEidasData simpleEidasData = new SimpleEidasData(); - - final Object eIdentifierObj = eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); - final Triple eIdentifier = - EidasResponseUtils.parseEidasPersonalIdentifier((String) eIdentifierObj); - simpleEidasData.setCitizenCountryCode(eIdentifier.getFirst()); - - // MDS attributes - simpleEidasData.setPseudonym(EidasResponseUtils.processPseudonym( - eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))); - simpleEidasData.setFamilyName(EidasResponseUtils.processFamilyName( - eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))); - simpleEidasData.setGivenName(EidasResponseUtils.processGivenName( - eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME))); - simpleEidasData.setDateOfBirth(EidasResponseUtils.processDateOfBirthToString( - eidasAttrMap.get(Constants.eIDAS_ATTR_DATEOFBIRTH))); - - // additional attributes - simpleEidasData.setPlaceOfBirth(EidasResponseUtils.processPlaceOfBirth( - eidasAttrMap.get(Constants.eIDAS_ATTR_PLACEOFBIRTH))); - simpleEidasData.setBirthName(EidasResponseUtils.processBirthName( - eidasAttrMap.get(Constants.eIDAS_ATTR_BIRTHNAME))); - simpleEidasData.setAddress(EidasResponseUtils.processAddress( - eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTADDRESS))); - - if (eidasAttrMap.containsKey(Constants.eIDAS_ATTR_TAXREFERENCE)) { - simpleEidasData.setTaxNumber(EidasResponseUtils.processTaxReference( - eidasAttrMap.get(Constants.eIDAS_ATTR_TAXREFERENCE))); - } - - //TODO other additional attributes - return simpleEidasData; - } - private String step3CheckRegisterUpdateNecessary(MergedRegisterSearchResult result, SimpleEidasData eidData) throws TaskExecutionException { - //check if data from eidas authentication matches with data from register - log.debug("Compare " + result + " with " + eidData); + log.trace("Starting step3CheckRegisterUpdateNecessary"); try { if (eidData.equalsRegisterData(result)) { //No update necessary, just return bpk @@ -168,18 +133,19 @@ public class InitialSearchTask extends AbstractAuthServletTask { private String step4UpdateRegisterData(MergedRegisterSearchResult result, SimpleEidasData eidData) throws WorkflowException { + log.trace("Starting step4UpdateRegisterData"); log.debug("Update " + result + " with " + eidData); //TODO wann rechtlich möglich? return result.getBpk(); } - private String step5CheckCountrySpecificSearchPossible(MergedRegisterSearchResult result, SimpleEidasData eidData) - throws TaskExecutionException { + private String step5CheckAndPerformCountrySpecificSearchIfPossible( + MergedRegisterSearchResult result, SimpleEidasData eidData) throws TaskExecutionException { + log.trace("Starting step5CheckAndPerformCountrySpecificSearchIfPossible"); String citizenCountry = eidData.getCitizenCountryCode(); - ICountrySpecificDetailSearchProcessor foundHandler = null; - for (final ICountrySpecificDetailSearchProcessor el : handlers) { - //5 check if country specific search is possible + CountrySpecificDetailSearchProcessor foundHandler = null; + for (final CountrySpecificDetailSearchProcessor el : handlers) { if (el.canHandle(citizenCountry, eidData)) { log.debug("Found suitable country specific search handler for " + citizenCountry + " by using: " + el.getName()); @@ -188,18 +154,16 @@ public class InitialSearchTask extends AbstractAuthServletTask { } } if (foundHandler == null) { - //MDS search return step8RegisterSearchWithMds(result, eidData); } else { - //country specific search return step6CountrySpecificSearch(foundHandler, result, eidData); } } - private String step6CountrySpecificSearch(ICountrySpecificDetailSearchProcessor countrySpecificDetailSearchProcessor, + private String step6CountrySpecificSearch(CountrySpecificDetailSearchProcessor countrySpecificDetailSearchProcessor, MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidData) throws TaskExecutionException { - //6 country specific search + log.trace("Starting step6CountrySpecificSearch"); MergedRegisterSearchResult countrySpecificDetailSearchResult = countrySpecificDetailSearchProcessor.search(eidData); @@ -208,7 +172,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { return step8RegisterSearchWithMds(initialSearchResult, eidData); case 1: return step7aKittProcess(initialSearchResult, countrySpecificDetailSearchResult, eidData); - default://should not happen + default: throw new TaskExecutionException(pendingReq, "Detail search - Kitt Process necessary.", new ManualFixNecessaryException(eidData)); } @@ -217,8 +181,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { private String step7aKittProcess(MergedRegisterSearchResult initialSearchResult, MergedRegisterSearchResult countrySpecificDetailSearchResult, SimpleEidasData eidData) throws TaskExecutionException { - //Automerge data - log.debug("Automerge " + initialSearchResult + " with " + eidData + " " + countrySpecificDetailSearchResult); + log.trace("Starting step7aKittProcess"); try { if (initialSearchResult.getResultCount() != 0) { throw new WorkflowException("initialSearchResult.getResultCount() != 0"); @@ -227,14 +190,11 @@ public class InitialSearchTask extends AbstractAuthServletTask { throw new WorkflowException("countrySpecificDetailSearchResult.getResultCount() != 1"); } if (countrySpecificDetailSearchResult.getResultsZmr().size() == 1) { - //update ZMR zmrClient.update(countrySpecificDetailSearchResult.getResultsZmr().get(0), eidData); } - if (countrySpecificDetailSearchResult.getResultsErnb().size() == 1) { - //update ErnB - ernbClient.update(countrySpecificDetailSearchResult.getResultsErnb().get(0), eidData); + if (countrySpecificDetailSearchResult.getResultsErnp().size() == 1) { + ernpClient.update(countrySpecificDetailSearchResult.getResultsErnp().get(0), eidData); } - String bpK = countrySpecificDetailSearchResult.getBpk(); return bpK; } catch (WorkflowException e) { @@ -244,35 +204,70 @@ public class InitialSearchTask extends AbstractAuthServletTask { private String step8RegisterSearchWithMds(MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidData) { - MergedRegisterSearchResult mdsSearchResult = new MergedRegisterSearchResult(); - + log.trace("Starting step8RegisterSearchWithMds"); ArrayList resultsZmr = zmrClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); - mdsSearchResult.setResultsZmr(resultsZmr); - ArrayList resultsErnb = - ernbClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); - mdsSearchResult.setResultsErnb(resultsErnb); + ArrayList resultsErnp = + ernpClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); + MergedRegisterSearchResult mdsSearchResult = new MergedRegisterSearchResult(resultsZmr, resultsErnp); log.debug("Automerge " + initialSearchResult + " with " + eidData + " " + mdsSearchResult); //TODO implement next phase and return correct value return "TODO-Temporary-Endnode-105"; } private MergedRegisterSearchResult searchInZmrAndErnp(String personIdentifier) { - MergedRegisterSearchResult initialSearchResult = new MergedRegisterSearchResult(); ArrayList resultsZmr = - zmrClient.searchWithPersonIdentifer(personIdentifier); - initialSearchResult.setResultsZmr(resultsZmr); + zmrClient.searchWithPersonIdentifier(personIdentifier); - ArrayList resultsErnb = - ernbClient.searchWithPersonIdentifer(personIdentifier); - initialSearchResult.setResultsErnb(resultsErnb); + ArrayList resultsErnp = + ernpClient.searchWithPersonIdentifier(personIdentifier); + MergedRegisterSearchResult initialSearchResult = new MergedRegisterSearchResult(resultsZmr, resultsErnp); return initialSearchResult; } + private SimpleEidasData convertSimpleMapToSimpleData(Map eidasAttrMap) + throws EidasAttributeException { + SimpleEidasData simpleEidasData = new SimpleEidasData(); + + final Object eIdentifierObj = eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + final Triple eIdentifier = + EidasResponseUtils.parseEidasPersonalIdentifier((String) eIdentifierObj); + if (eIdentifier == null) { + throw new EidasAttributeException("Error processing eIdentifier"); + } + simpleEidasData.setCitizenCountryCode(eIdentifier.getFirst()); + + // MDS attributes + simpleEidasData.setPseudonym(EidasResponseUtils.processPseudonym( + eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))); + simpleEidasData.setFamilyName(EidasResponseUtils.processFamilyName( + eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))); + simpleEidasData.setGivenName(EidasResponseUtils.processGivenName( + eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME))); + simpleEidasData.setDateOfBirth(EidasResponseUtils.processDateOfBirthToString( + eidasAttrMap.get(Constants.eIDAS_ATTR_DATEOFBIRTH))); + + // additional attributes + simpleEidasData.setPlaceOfBirth(EidasResponseUtils.processPlaceOfBirth( + eidasAttrMap.get(Constants.eIDAS_ATTR_PLACEOFBIRTH))); + simpleEidasData.setBirthName(EidasResponseUtils.processBirthName( + eidasAttrMap.get(Constants.eIDAS_ATTR_BIRTHNAME))); + simpleEidasData.setAddress(EidasResponseUtils.processAddress( + eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTADDRESS))); + + if (eidasAttrMap.containsKey(Constants.eIDAS_ATTR_TAXREFERENCE)) { + simpleEidasData.setTaxNumber(EidasResponseUtils.processTaxReference( + eidasAttrMap.get(Constants.eIDAS_ATTR_TAXREFERENCE))); + } + + //TODO other additional attributes + return simpleEidasData; + } + private Map convertEidasAttrToSimpleMap( ImmutableMap, ImmutableSet>> attributeMap) { final Map result = new HashMap<>(); @@ -289,7 +284,6 @@ public class InitialSearchTask extends AbstractAuthServletTask { } else { log.info("Ignore empty 'DateTime' attribute"); } - } else if (PostalAddress.class.equals(parameterizedType)) { final PostalAddress addressAttribute = EidasResponseUtils .translateAddressAttribute(el, attributeMap.get(el).asList()); @@ -300,7 +294,6 @@ public class InitialSearchTask extends AbstractAuthServletTask { } else { log.info("Ignore empty 'PostalAddress' attribute"); } - } else { final List natPersonIdObj = EidasResponseUtils .translateStringListAttribute(el, attributeMap.get(el).asList()); @@ -308,7 +301,6 @@ public class InitialSearchTask extends AbstractAuthServletTask { if (StringUtils.isNotEmpty(stringAttr)) { result.put(el.getFriendlyName(), stringAttr); log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + stringAttr); - } else { log.info("Ignore empty 'String' attribute"); } @@ -317,18 +309,4 @@ public class InitialSearchTask extends AbstractAuthServletTask { log.debug("Receive #" + result.size() + " attributes with names: " + result.keySet().toString()); return result; } - - /** - * Constructor. - * @param handlers List of countrySpecificSearchProcessors - * @param ernbClient Ernb client - * @param zmrClient ZMR client - */ - public InitialSearchTask(List handlers, IErnbClient ernbClient, - IZmrClient zmrClient) { - this.ernbClient = ernbClient; - this.zmrClient = zmrClient; - this.handlers = handlers; - log.info("# " + handlers.size() + " country specific detail search services are registered"); - } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java index 684546f7..0f733e8d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java @@ -94,7 +94,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { attrRegistry); // ********************************************************** - // ******* Store resonse infos into session object ********** + // ******* Store response infos into session object ********** // ********************************************************** // update MOA-Session data with received information diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java index 55c1c31a..fb223ee7 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java @@ -23,32 +23,28 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.utils; -import java.text.SimpleDateFormat; -import java.util.ArrayList; -import java.util.List; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import javax.annotation.Nullable; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; -import org.apache.commons.lang3.StringUtils; -import org.joda.time.DateTime; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.collect.ImmutableList; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.gv.egiz.eaaf.core.impl.data.Triple; +import com.google.common.collect.ImmutableList; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.AttributeValue; import eu.eidas.auth.commons.attribute.AttributeValueMarshaller; import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException; import eu.eidas.auth.commons.attribute.AttributeValueTransliterator; import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.annotation.Nullable; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.List; +import java.util.regex.Matcher; +import java.util.regex.Pattern; public class EidasResponseUtils { private static final Logger log = LoggerFactory.getLogger(EidasResponseUtils.class); @@ -170,7 +166,6 @@ public class EidasResponseUtils { ImmutableList> attributeValues) { final AttributeValue firstAttributeValue = attributeValues.get(0); return (PostalAddress) firstAttributeValue.getValue(); - } /** @@ -178,34 +173,24 @@ public class EidasResponseUtils { * * @param currentAddressObj eIDAS current address information * @return current address or null if no attribute is available - * @throws EidPostProcessingException if post-processing fails * @throws EidasAttributeException if eIDAS attribute is of a wrong type */ - public static PostalAddressType processAddress(Object currentAddressObj) throws EidPostProcessingException, - EidasAttributeException { - + public static PostalAddressType processAddress(Object currentAddressObj) throws EidasAttributeException { if (currentAddressObj != null) { if (currentAddressObj instanceof PostalAddress) { final PostalAddressType result = new PostalAddressType(); result.setPostalCode(((PostalAddress) currentAddressObj).getPostCode()); result.setMunicipality(((PostalAddress) currentAddressObj).getPostName()); - // TODO: add more mappings - return result; - } else { log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_CURRENTADDRESS + " is of WRONG type"); throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTADDRESS); - } - } else { log.debug("NO '" + Constants.eIDAS_ATTR_CURRENTADDRESS + "' attribute. Post-Processing skipped ... "); } - return null; - } /** @@ -213,27 +198,20 @@ public class EidasResponseUtils { * * @param birthNameObj eIDAS birthname information * @return birthName or null if no attribute is available - * @throws EidPostProcessingException if post-processing fails * @throws EidasAttributeException if eIDAS attribute is of a wrong type */ - public static String processBirthName(Object birthNameObj) throws EidPostProcessingException, - EidasAttributeException { + public static String processBirthName(Object birthNameObj) throws EidasAttributeException { if (birthNameObj != null) { if (birthNameObj instanceof String) { return (String) birthNameObj; - } else { log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_BIRTHNAME + " is of WRONG type"); throw new EidasAttributeException(Constants.eIDAS_ATTR_BIRTHNAME); - } - } else { log.debug("NO '" + Constants.eIDAS_ATTR_BIRTHNAME + "' attribute. Post-Processing skipped ... "); } - return null; - } /** @@ -241,11 +219,9 @@ public class EidasResponseUtils { * * @param placeOfBirthObj eIDAS Place-of-Birth information * @return place of Birth or null if no attribute is available - * @throws EidPostProcessingException if post-processing fails * @throws EidasAttributeException if eIDAS attribute is of a wrong type */ - public static String processPlaceOfBirth(Object placeOfBirthObj) throws EidPostProcessingException, - EidasAttributeException { + public static String processPlaceOfBirth(Object placeOfBirthObj) throws EidasAttributeException { if (placeOfBirthObj != null) { if (placeOfBirthObj instanceof String) { return (String) placeOfBirthObj; @@ -259,9 +235,7 @@ public class EidasResponseUtils { } else { log.debug("NO '" + Constants.eIDAS_ATTR_PLACEOFBIRTH + "' attribute. Post-Processing skipped ... "); } - return null; - } /** @@ -270,16 +244,12 @@ public class EidasResponseUtils { * @param dateOfBirthObj eIDAS date-of-birth attribute information * @return formated user's date-of-birth * @throws EidasAttributeException if NO attribute is available - * @throws EidPostProcessingException if post-processing fails */ - public static DateTime processDateOfBirth(Object dateOfBirthObj) throws EidPostProcessingException, - EidasAttributeException { - if (dateOfBirthObj == null || !(dateOfBirthObj instanceof DateTime)) { + public static DateTime processDateOfBirth(Object dateOfBirthObj) throws EidasAttributeException { + if (!(dateOfBirthObj instanceof DateTime)) { throw new EidasAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); } - return (DateTime) dateOfBirthObj; - } /** @@ -288,11 +258,9 @@ public class EidasResponseUtils { * @param dateOfBirthObj eIDAS date-of-birth attribute information * @return formated user's date-of-birth as string * @throws EidasAttributeException if NO attribute is available - * @throws EidPostProcessingException if post-processing fails */ - public static String processDateOfBirthToString(Object dateOfBirthObj) throws EidPostProcessingException, - EidasAttributeException { - if (dateOfBirthObj == null || !(dateOfBirthObj instanceof DateTime)) { + public static String processDateOfBirthToString(Object dateOfBirthObj) throws EidasAttributeException { + if (!(dateOfBirthObj instanceof DateTime)) { throw new EidasAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); } return new SimpleDateFormat("yyyy-MM-dd").format(((DateTime) dateOfBirthObj).toDate()); @@ -304,16 +272,12 @@ public class EidasResponseUtils { * @param givenNameObj eIDAS givenName attribute information * @return formated user's givenname * @throws EidasAttributeException if NO attribute is available - * @throws EidPostProcessingException if post-processing fails */ - public static String processGivenName(Object givenNameObj) throws EidPostProcessingException, - EidasAttributeException { - if (givenNameObj == null || !(givenNameObj instanceof String)) { + public static String processGivenName(Object givenNameObj) throws EidasAttributeException { + if (!(givenNameObj instanceof String)) { throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); } - return (String) givenNameObj; - } /** @@ -322,16 +286,12 @@ public class EidasResponseUtils { * @param familyNameObj eIDAS familyName attribute information * @return formated user's familyname * @throws EidasAttributeException if NO attribute is available - * @throws EidPostProcessingException if post-processing fails */ - public static String processFamilyName(Object familyNameObj) throws EidPostProcessingException, - EidasAttributeException { - if (familyNameObj == null || !(familyNameObj instanceof String)) { + public static String processFamilyName(Object familyNameObj) throws EidasAttributeException { + if (!(familyNameObj instanceof String)) { throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); } - return (String) familyNameObj; - } /** @@ -340,17 +300,16 @@ public class EidasResponseUtils { * @param personalIdObj eIDAS PersonalIdentifierAttribute * @return Unique personal identifier without country-code information * @throws EidasAttributeException if NO attribute is available - * @throws EidPostProcessingException if post-processing fails */ - public static String processPseudonym(Object personalIdObj) throws EidPostProcessingException, - EidasAttributeException { - if (personalIdObj == null || !(personalIdObj instanceof String)) { + public static String processPseudonym(Object personalIdObj) throws EidasAttributeException { + if (!(personalIdObj instanceof String)) { throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); } - final Triple eIdentifier = EidasResponseUtils.parseEidasPersonalIdentifier((String) personalIdObj); - + if (eIdentifier.getThird() == null) { + throw new EidasAttributeException("Error processing eIdentifier"); + } return eIdentifier.getThird(); } @@ -360,15 +319,11 @@ public class EidasResponseUtils { * @param taxReferenceObj eIDAS TaxReference attribute information * @return formated user's TaxReference * @throws EidasAttributeException if NO attribute is available - * @throws EidPostProcessingException if post-processing fails */ - public static String processTaxReference(Object taxReferenceObj) throws EidPostProcessingException, - EidasAttributeException { - if (taxReferenceObj == null || !(taxReferenceObj instanceof String)) { + public static String processTaxReference(Object taxReferenceObj) throws EidasAttributeException { + if (!(taxReferenceObj instanceof String)) { throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); } - return (String) taxReferenceObj; - } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java index f4d77b03..60dd2ef2 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java @@ -1,3 +1,26 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; @@ -10,7 +33,7 @@ import java.util.ArrayList; public class DummyZmrClient implements IZmrClient { @Override - public ArrayList searchWithPersonIdentifer(String personIdentifer) { + public ArrayList searchWithPersonIdentifier(String personIdentifier) { return resultEmpty(); } @@ -26,7 +49,7 @@ public class DummyZmrClient implements IZmrClient { } @Override - public ArrayList searchItSpecific(String txNumber) { + public ArrayList searchItSpecific(String taxNumber) { return resultEmpty();//TODO } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java index 4af7bfe9..3a518e64 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java @@ -1,3 +1,26 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; @@ -7,14 +30,14 @@ import java.util.ArrayList; public interface IZmrClient { - ArrayList searchWithPersonIdentifer(String personIdentifer); + ArrayList searchWithPersonIdentifier(String personIdentifier); ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth); ArrayList searchDeSpecific(String givenName, String familyName, String dateOfBirth, String birthPlace, String birthName); - ArrayList searchItSpecific(String txNumber); + ArrayList searchItSpecific(String taxNumber); void update(RegisterResult registerResult, SimpleEidasData eidData); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index ca6eba20..52404bab 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -18,7 +18,7 @@ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient" /> + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.DummyErnpClient" /> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskFirstTest.java index f7fc6b06..a1dce0f2 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskFirstTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskFirstTest.java @@ -1,11 +1,34 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb.IErnbClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeSpecificDetailSearchProcessor; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ICountrySpecificDetailSearchProcessor; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificDetailSearchProcessor; import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ItSpecificDetailSearchProcessor; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.InitialSearchTask; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; @@ -27,10 +50,7 @@ import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; -import org.mockito.InjectMocks; -import org.mockito.Mock; import org.mockito.Mockito; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.test.annotation.DirtiesContext; @@ -46,6 +66,7 @@ import java.net.URI; import java.net.URISyntaxException; import java.util.ArrayList; import java.util.List; +import java.util.Random; @RunWith(SpringJUnit4ClassRunner.class) @@ -53,13 +74,9 @@ import java.util.List; @DirtiesContext(classMode = ClassMode.BEFORE_CLASS) public class InitialSearchTaskFirstTest { - @Autowired(required = true) - @Mock - @InjectMocks private InitialSearchTask task; - private IZmrClient zmrClient; - private IErnbClient ernbClient; + private IErnpClient ernpClient; final ExecutionContext executionContext = new ExecutionContextImpl(); private MockHttpServletRequest httpReq; @@ -68,6 +85,12 @@ public class InitialSearchTaskFirstTest { private String randomIdentifier = RandomStringUtils.randomNumeric(10); private String randomFamilyName = RandomStringUtils.randomNumeric(11); private String randomGivenName = RandomStringUtils.randomNumeric(12); + private String randomPlaceOfBirth = RandomStringUtils.randomNumeric(12); + private String randomBirthName = RandomStringUtils.randomNumeric(12); + private String randomDate = "2011-01-"+ (10 + new Random().nextInt(18)); + private String DE_ST = "de/st/"; + private String IT_ST = "it/st/"; + /** * jUnit class initializer. * @@ -101,68 +124,52 @@ public class InitialSearchTaskFirstTest { /** * One match, but register update needed */ - // NOTE: Why is the method named "testNode100a"? - public void testNode100a() throws Exception { + public void testNode100_UserIdentifiedUpdateNecessary_a() throws Exception { - //Mock ZMR ArrayList zmrResult = new ArrayList<>(); String randomBpk = RandomStringUtils.randomNumeric(6); - zmrResult.add(new RegisterResult(randomBpk, "de/st/"+randomIdentifier, "Max_new", randomFamilyName, "2011-01-01")); + String newFirstName = RandomStringUtils.randomAlphabetic(5); + zmrResult.add(new RegisterResult(randomBpk, DE_ST+randomIdentifier, newFirstName, randomFamilyName, randomDate)); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResult); - - //Mock ernb - ArrayList ernbResult = new ArrayList<>(); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResult); - - task = new InitialSearchTask(emptyHandlers(), ernbClient, zmrClient); - try { - task.execute(pendingReq, executionContext); - String bPk = (String) - pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); + ArrayList ernpResult = new ArrayList<>(); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - } catch (final TaskExecutionException e) { - // NOTE: assertTrue is probably the wrong method to use ... why catch the exception anyway? - Assert.assertTrue("Wrong workflow, should not reach this point", false); - } + task = new InitialSearchTask(emptyHandlers(), ernpClient, zmrClient); + task.execute(pendingReq, executionContext); + String bPk = (String) + pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); } @Test - // NOTE: Why is @DirtiesContext after each test necessary? What is changed in the context and why? @DirtiesContext /** * One match, but register update needed */ - public void testNode100b() throws Exception { + public void testNode100_UserIdentifiedUpdateNecessary_b() throws TaskExecutionException { - //Mock ZMR ArrayList zmrResult = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResult);//"de/st/max123"??? + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - //Mock ernb - ArrayList ernbResult = new ArrayList<>(); + ArrayList ernpResult = new ArrayList<>(); String randomBpk = RandomStringUtils.randomNumeric(6); - ernbResult.add(new RegisterResult(randomBpk, "de/st/"+randomIdentifier, "Max_new", randomFamilyName, "2011-01-01")); + ernpResult.add(new RegisterResult(randomBpk, DE_ST+randomIdentifier, "Max_new", randomFamilyName, randomDate)); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResult); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - task = new InitialSearchTask(emptyHandlers(), ernbClient, zmrClient); - try { - task.execute(pendingReq, executionContext); - String bPk = (String) - pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); + task = new InitialSearchTask(emptyHandlers(), ernpClient, zmrClient); + task.execute(pendingReq, executionContext); + String bPk = (String) + pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); - } catch (final TaskExecutionException e) { - Assert.assertTrue("Wrong workflow, should not reach this point", false); - } } @@ -171,21 +178,19 @@ public class InitialSearchTaskFirstTest { /** * Two matches found in ZMR */ - public void testNode101a() throws Exception { + public void testNode101_ManualFixNecessary_a() throws Exception { - //Mock ZMR ArrayList zmrResult = new ArrayList<>(); - zmrResult.add(new RegisterResult("bpkMax", "de/st/"+randomIdentifier, randomGivenName, randomFamilyName, "2011-01-01")); - zmrResult.add(new RegisterResult("bpkMax", "de/st/"+randomIdentifier, "Maximilian", randomFamilyName, "2011-01-01")); + zmrResult.add(new RegisterResult("bpkMax", DE_ST+randomIdentifier, randomGivenName, randomFamilyName, randomDate)); + zmrResult.add(new RegisterResult("bpkMax", DE_ST+randomIdentifier, "Maximilian", randomFamilyName, randomDate)); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResult); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - //Mock ernb - ArrayList ernbResult = new ArrayList<>(); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResult); + ArrayList ernpResult = new ArrayList<>(); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - task = new InitialSearchTask(emptyHandlers(), ernbClient, zmrClient); + task = new InitialSearchTask(emptyHandlers(), ernpClient, zmrClient); try { task.execute(pendingReq, executionContext); Assert.assertTrue("Wrong workflow, should not reach this point/ get a bpk", false); @@ -199,24 +204,24 @@ public class InitialSearchTaskFirstTest { @Test @DirtiesContext /** - * Two matches found in ErnB + * Two matches found in ErnP */ - public void testNode101b() throws Exception { - - //Mock ZMR + public void testNode101_ManualFixNecessary_b() throws Exception { + String randombpk = RandomStringUtils.random(5); ArrayList zmrResult = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResult); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - //Mock ernb - ArrayList ernbResult = new ArrayList<>(); - ernbResult.add(new RegisterResult("bpkMax", "de/st/"+randomIdentifier, randomGivenName, randomFamilyName, "2011-01-01")); - ernbResult.add(new RegisterResult("bpkMax", "de/st/"+randomIdentifier, "Maximilian", randomFamilyName, "2011-01-01")); + ArrayList ernpResult = new ArrayList<>(); + ernpResult.add(new RegisterResult(randombpk, DE_ST+randomIdentifier, randomGivenName, randomFamilyName, randomDate)); + ernpResult.add(new RegisterResult(randombpk, DE_ST+randomIdentifier, randomGivenName+RandomStringUtils.random(2), + randomFamilyName, + randomDate)); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResult); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - task = new InitialSearchTask(emptyHandlers(), ernbClient, zmrClient); + task = new InitialSearchTask(emptyHandlers(), ernpClient, zmrClient); try { task.execute(pendingReq, executionContext); Assert.assertTrue("Wrong workflow, should not reach this point/ get a bpk", false); @@ -231,30 +236,24 @@ public class InitialSearchTaskFirstTest { /** * One match, no register update needed */ - public void testNode102a() throws Exception { + public void testNode102_UserIdentified_a() throws Exception { - String randomBpk = RandomStringUtils.randomNumeric(12);; - //Mock ZMR + String randomBpk = RandomStringUtils.randomNumeric(12); ArrayList zmrResult = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResult); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - //Mock ernb - ArrayList ernbResult = new ArrayList<>(); - ernbResult.add(new RegisterResult(randomBpk, "de/st/"+randomIdentifier, randomGivenName, randomFamilyName, "2011-01-01")); + ArrayList ernpResult = new ArrayList<>(); + ernpResult.add(new RegisterResult(randomBpk, DE_ST+randomIdentifier, randomGivenName, randomFamilyName, randomDate)); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResult); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - task = new InitialSearchTask(emptyHandlers(), ernbClient, zmrClient); - try { - task.execute(pendingReq, executionContext); - String bPk = (String) - pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); - } catch (final TaskExecutionException e) { - Assert.assertTrue("Wrong workflow, should not reach this point", false); - } + task = new InitialSearchTask(emptyHandlers(), ernpClient, zmrClient); + task.execute(pendingReq, executionContext); + String bPk = (String) + pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); } @Test @@ -262,39 +261,33 @@ public class InitialSearchTaskFirstTest { /** * One match, no register update needed */ - public void testNode102b() throws Exception { + public void testNode102_UserIdentified_b() throws Exception { String randomBpk = RandomStringUtils.randomNumeric(14); - //Mock ZMR + ArrayList zmrResult = new ArrayList<>(); - zmrResult.add(new RegisterResult(randomBpk, "de/st/"+randomIdentifier, randomGivenName, randomFamilyName, "2011-01-01")); + zmrResult.add(new RegisterResult(randomBpk, DE_ST+randomIdentifier, randomGivenName, randomFamilyName, randomDate)); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResult); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - //Mock ernb - ArrayList ernbResult = new ArrayList<>(); + ArrayList ernpResult = new ArrayList<>(); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResult); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - task = new InitialSearchTask(emptyHandlers(), ernbClient, zmrClient); - try { - task.execute(pendingReq, executionContext); - String bPk = (String) - pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); - - } catch (final TaskExecutionException e) { - Assert.assertTrue("Wrong workflow, should not reach this point", false); - } + task = new InitialSearchTask(emptyHandlers(), ernpClient, zmrClient); + task.execute(pendingReq, executionContext); + String bPk = (String) + pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); } @Test @DirtiesContext /** - * One match found in ZMR and ErnB with detail search + * One match found in ZMR and ErnP with detail search */ - public void testNode103IT() throws Exception { + public void testNode103_UserIdentified_IT() throws Exception { String bpkRegister = RandomStringUtils.randomNumeric(14); String taxNumber = RandomStringUtils.randomNumeric(14); final AuthenticationResponse response = buildDummyAuthResponseRandomPersonIT_Tax(taxNumber); @@ -302,29 +295,26 @@ public class InitialSearchTaskFirstTest { pendingReq1.getSessionData(AuthProcessDataWrapper.class) .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - //Mock ZMR initial search ArrayList zmrResultInitial = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResultInitial); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResultInitial); ArrayList zmrResultSpecific = new ArrayList<>(); - //String bpk, String pseudonym, String givenName, String familyName, String dateOfBirth, - // String placeOfBirth, String birthName, String taxNumber, PostalAddressType address - zmrResultSpecific.add(new RegisterResult(bpkRegister, "it/st/"+randomIdentifier+"4", randomGivenName, randomFamilyName, - "2011-01-01", null, null, taxNumber, null)); - Mockito.when(zmrClient.searchItSpecific(taxNumber)).thenReturn(zmrResultSpecific); + zmrResultSpecific.add(new RegisterResult(bpkRegister, IT_ST+randomIdentifier+RandomStringUtils.random(2), + randomGivenName, + randomFamilyName, + randomDate, null, null, taxNumber, null)); - //Mock ernb initial search - ArrayList ernbResultInitial = new ArrayList<>(); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResultInitial); + Mockito.when(zmrClient.searchItSpecific(taxNumber)).thenReturn(zmrResultSpecific); + ArrayList ernpResultInitial = new ArrayList<>(); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResultInitial); - //Mock country specific search - List handlers = new ArrayList<>(); - ItSpecificDetailSearchProcessor it = new ItSpecificDetailSearchProcessor(ernbClient, zmrClient); + List handlers = new ArrayList<>(); + ItSpecificDetailSearchProcessor it = new ItSpecificDetailSearchProcessor(ernpClient, zmrClient); handlers.add(it); - task = new InitialSearchTask(handlers, ernbClient, zmrClient); + task = new InitialSearchTask(handlers, ernpClient, zmrClient); try { task.execute(pendingReq1, executionContext); @@ -340,26 +330,25 @@ public class InitialSearchTaskFirstTest { @Test @DirtiesContext /** - * Multiple matches found in ZMR and ErnB with detail search + * Multiple matches found in ZMR and ErnP with detail search */ - public void testNode103DE() throws Exception { + public void testNode103_UserIdentified_DE() throws Exception { String givenName = randomGivenName; String familyName = randomFamilyName; - String pseudonym = "de/st/max1234"; - String bpk = "bpkMax"; - String dateOfBirth = "2011-01-01"; - String placeOfBirth = "München"; - String birthName = "BabyMax"; + String pseudonym = DE_ST + RandomStringUtils.random(5); + String bpk = RandomStringUtils.random(5); + String dateOfBirth = randomDate; + String placeOfBirth = randomPlaceOfBirth; + String birthName = randomBirthName; final AuthenticationResponse response = buildDummyAuthResponseDE(givenName, familyName, pseudonym, dateOfBirth, placeOfBirth, birthName); TestRequestImpl pendingReq1 = new TestRequestImpl(); pendingReq1.getSessionData(AuthProcessDataWrapper.class) .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - //Mock ZMR initial search ArrayList zmrResultInitial = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResultInitial); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResultInitial); ArrayList zmrResultSpecific = new ArrayList<>(); zmrResultSpecific.add(new RegisterResult(bpk, pseudonym, givenName, familyName, dateOfBirth, placeOfBirth, @@ -368,16 +357,14 @@ public class InitialSearchTaskFirstTest { Mockito.when(zmrClient.searchDeSpecific(givenName, familyName, dateOfBirth, placeOfBirth, birthName)).thenReturn(zmrResultSpecific); - //Mock ernb initial search - ArrayList ernbResultInitial = new ArrayList<>(); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResultInitial); + ArrayList ernpResultInitial = new ArrayList<>(); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResultInitial); - //Mock country specific search - List handlers = new ArrayList<>(); - DeSpecificDetailSearchProcessor de = new DeSpecificDetailSearchProcessor(ernbClient, zmrClient); + List handlers = new ArrayList<>(); + DeSpecificDetailSearchProcessor de = new DeSpecificDetailSearchProcessor(ernpClient, zmrClient); handlers.add(de); - task = new InitialSearchTask(handlers, ernbClient, zmrClient); + task = new InitialSearchTask(handlers, ernpClient, zmrClient); try { task.execute(pendingReq1, executionContext); @@ -393,28 +380,27 @@ public class InitialSearchTaskFirstTest { @Test @DirtiesContext /** - * Multiple matches found in ZMR and ErnB with detail search + * Multiple matches found in ZMR and ErnP with detail search */ - public void testNode104DE() throws Exception { + public void testNode104_ManualFixNecessary_DE() throws Exception { String givenName = randomGivenName; String familyName = randomFamilyName; - String pseudonym1 = "de/st/max1234"; - String pseudonym2 = "de/st/max12345"; - String bpk1 = "bpkMax"; - String bpk2 = "bpkMax1"; - String dateOfBirth = "2011-01-01"; - String placeOfBirth = "München"; - String birthName = "BabyMax"; + String pseudonym1 = DE_ST + RandomStringUtils.random(5); + String pseudonym2 = pseudonym1 + RandomStringUtils.random(2); + String bpk1 = RandomStringUtils.random(5); + String bpk2 = bpk1 + RandomStringUtils.random(2); + String dateOfBirth = randomDate; + String placeOfBirth = randomPlaceOfBirth; + String birthName = randomBirthName; final AuthenticationResponse response = buildDummyAuthResponseDE(givenName, familyName, pseudonym1, dateOfBirth, placeOfBirth, birthName); TestRequestImpl pendingReq1 = new TestRequestImpl(); pendingReq1.getSessionData(AuthProcessDataWrapper.class) .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - //Mock ZMR initial search ArrayList zmrResultInitial = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResultInitial); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResultInitial); ArrayList zmrResultSpecific = new ArrayList<>(); zmrResultSpecific.add(new RegisterResult(bpk1, pseudonym1, givenName, familyName, dateOfBirth, placeOfBirth, @@ -425,23 +411,18 @@ public class InitialSearchTaskFirstTest { null, null)); Mockito.when(zmrClient.searchDeSpecific(givenName, familyName, dateOfBirth, placeOfBirth, birthName)).thenReturn(zmrResultSpecific); + ArrayList ernpResultInitial = new ArrayList<>(); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResultInitial); - //Mock ernb initial search - ArrayList ernbResultInitial = new ArrayList<>(); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResultInitial); - - //Mock country specific search - List handlers = new ArrayList<>(); - DeSpecificDetailSearchProcessor de = new DeSpecificDetailSearchProcessor(ernbClient, zmrClient); + List handlers = new ArrayList<>(); + DeSpecificDetailSearchProcessor de = new DeSpecificDetailSearchProcessor(ernpClient, zmrClient); handlers.add(de); - task = new InitialSearchTask(handlers, ernbClient, zmrClient); + task = new InitialSearchTask(handlers, ernpClient, zmrClient); try { task.execute(pendingReq1, executionContext); - Assert.assertTrue("Wrong workflow, should not reach this point/ get a bpk", false); - } catch (final TaskExecutionException e) { Throwable origE = e.getOriginalException(); Assert.assertTrue("Wrong exception", (origE.getCause() instanceof ManualFixNecessaryException)); @@ -451,43 +432,40 @@ public class InitialSearchTaskFirstTest { @Test @DirtiesContext /** - * Multiple matches found in ZMR and ErnB with detail search + * Multiple matches found in ZMR and ErnP with detail search */ - public void testNode104IT() throws Exception { + public void testNode104_ManualFixNecessary_IT() throws Exception { String fakeTaxNumber = RandomStringUtils.randomNumeric(14);; final AuthenticationResponse response = buildDummyAuthResponseRandomPersonIT_Tax(fakeTaxNumber); TestRequestImpl pendingReq1 = new TestRequestImpl(); pendingReq1.getSessionData(AuthProcessDataWrapper.class) .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - //Mock ZMR initial search ArrayList zmrResultInitial = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResultInitial); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResultInitial); ArrayList zmrResultSpecific = new ArrayList<>(); - zmrResultSpecific.add(new RegisterResult("bpkMax", "it/st/"+randomIdentifier+"4", randomGivenName, randomFamilyName, "2011-01-01", null, null, + zmrResultSpecific.add(new RegisterResult("bpkMax", IT_ST+randomIdentifier+"4", randomGivenName, randomFamilyName, + randomDate, null, null, fakeTaxNumber, null)); - zmrResultSpecific.add(new RegisterResult("bpkMax1", "it/st/"+randomIdentifier+"5", randomGivenName, randomFamilyName, "2011-01-01", null, null, + zmrResultSpecific.add(new RegisterResult("bpkMax1", IT_ST+randomIdentifier+"5", randomGivenName, randomFamilyName, + randomDate, null, null, fakeTaxNumber, null)); Mockito.when(zmrClient.searchItSpecific(fakeTaxNumber)).thenReturn(zmrResultSpecific); - //Mock ernb initial search - ArrayList ernbResultInitial = new ArrayList<>(); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResultInitial); + ArrayList ernpResultInitial = new ArrayList<>(); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResultInitial); - //Mock country specific search - List handlers = new ArrayList<>(); - ItSpecificDetailSearchProcessor it = new ItSpecificDetailSearchProcessor(ernbClient, zmrClient); + List handlers = new ArrayList<>(); + ItSpecificDetailSearchProcessor it = new ItSpecificDetailSearchProcessor(ernpClient, zmrClient); handlers.add(it); - task = new InitialSearchTask(handlers, ernbClient, zmrClient); + task = new InitialSearchTask(handlers, ernpClient, zmrClient); try { task.execute(pendingReq1, executionContext); - Assert.assertTrue("Wrong workflow, should not reach this point/ get a bpk", false); - } catch (final TaskExecutionException e) { Throwable origE = e.getOriginalException(); Assert.assertTrue("Wrong exception", (origE.getCause() instanceof ManualFixNecessaryException)); @@ -497,45 +475,35 @@ public class InitialSearchTaskFirstTest { @Test @DirtiesContext /** - * NO match found in ZMR and ErnB with Initial search + * NO match found in ZMR and ErnP with Initial search */ - public void testNode105() { + public void testNode105_TemporaryEnd() throws TaskExecutionException { - //Mock ZMR ArrayList zmrResult = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResult); - - //Mock ernb - ArrayList ernbResult = new ArrayList<>(); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResult); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - task = new InitialSearchTask(emptyHandlers(), ernbClient, zmrClient); - try { - task.execute(pendingReq, executionContext); + ArrayList ernpResult = new ArrayList<>(); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - String bPk = (String) - pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertTrue("Wrong bpk", bPk.equals("TODO-Temporary-Endnode-105")); - } catch (final TaskExecutionException e) { - Assert.assertTrue("Wrong workflow, should not reach this point", false); - } + task = new InitialSearchTask(emptyHandlers(), ernpClient, zmrClient); + task.execute(pendingReq, executionContext); + String bPk = (String) + pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + Assert.assertEquals("Wrong bpk", "TODO-Temporary-Endnode-105", bPk); } @NotNull private AuthenticationResponse buildDummyAuthResponseRandomPerson() throws URISyntaxException { - // NOTE: Those strings "de/st/max123" seem to be somehow relevant, but where do we need to use that exact string - // again? - // NOTE: If not, why not using random strings? return buildDummyAuthResponse(randomGivenName, randomFamilyName, - "de/st/"+randomIdentifier, "2011-01-01"); + DE_ST+randomIdentifier, randomDate); } private AuthenticationResponse buildDummyAuthResponseRandomPersonIT_Tax(String taxNumber) throws URISyntaxException { return buildDummyAuthResponse(randomGivenName, randomFamilyName, - "it/st/"+randomIdentifier, "2011-01-01", taxNumber, null, null); + IT_ST+randomIdentifier, randomDate, taxNumber, null, null); } @NotNull @@ -555,58 +523,46 @@ public class InitialSearchTaskFirstTest { private AuthenticationResponse buildDummyAuthResponse(String givenName, String familyName, String identifier, String dateOfBirth, String taxNumber, String placeOfBirth, String birthName) throws URISyntaxException { - final AttributeDefinition attributeDef = AttributeDefinition.builder() - .friendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).nameUri(new URI("ad", "sd", "ff")) - .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "af")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); - final AttributeDefinition attributeDef2 = AttributeDefinition.builder() - .friendlyName(Constants.eIDAS_ATTR_CURRENTFAMILYNAME).nameUri(new URI("ad", "sd", "fff")) - .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "aff")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); - final AttributeDefinition attributeDef3 = AttributeDefinition.builder() - .friendlyName(Constants.eIDAS_ATTR_CURRENTGIVENNAME).nameUri(new URI("ad", "sd", "ffff")) - .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "afff")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); - final AttributeDefinition attributeDef4 = AttributeDefinition.builder() - .friendlyName(Constants.eIDAS_ATTR_DATEOFBIRTH).nameUri(new URI("ad", "sd", "fffff")) - .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "affff")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller").build(); - final AttributeDefinition attributeDef5 = AttributeDefinition.builder() - .friendlyName(Constants.eIDAS_ATTR_TAXREFERENCE).nameUri(new URI("ad", "sd", "ffffff")) - .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "afffff")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); - final AttributeDefinition attributeDef6 = AttributeDefinition.builder() - .friendlyName(Constants.eIDAS_ATTR_PLACEOFBIRTH).nameUri(new URI("ad", "sd", "fffffff")) - .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "affffff")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); - final AttributeDefinition attributeDef7 = AttributeDefinition.builder() - .friendlyName(Constants.eIDAS_ATTR_BIRTHNAME).nameUri(new URI("ad", "sd", "ffffffff")) - .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "afffffff")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder() - .put(attributeDef, identifier) - .put(attributeDef2, familyName) - .put(attributeDef3, givenName) - .put(attributeDef4, dateOfBirth); - + .put(generateStringAttribute(Constants.eIDAS_ATTR_PERSONALIDENTIFIER,"ff","af"), identifier) + .put(generateStringAttribute(Constants.eIDAS_ATTR_CURRENTFAMILYNAME,"fff","aff"), familyName) + .put(generateStringAttribute(Constants.eIDAS_ATTR_CURRENTGIVENNAME,"ffff","afff"), givenName) + .put(generateDateTimeAttribute(Constants.eIDAS_ATTR_DATEOFBIRTH,"fffff","affff"), dateOfBirth); if (taxNumber != null) { - builder.put(attributeDef5, taxNumber); + builder.put(generateStringAttribute(Constants.eIDAS_ATTR_TAXREFERENCE,"ffffff","afffff"), taxNumber); } if (birthName != null) { - builder.put(attributeDef7, birthName); + builder.put(generateStringAttribute(Constants.eIDAS_ATTR_BIRTHNAME,"fffffff","affffff"), birthName); } if (placeOfBirth != null) { - builder.put(attributeDef6, placeOfBirth); + builder.put(generateStringAttribute(Constants.eIDAS_ATTR_PLACEOFBIRTH,"ffffffff","afffffff"), placeOfBirth); } final ImmutableAttributeMap attributeMap = builder.build(); val b = new AuthenticationResponse.Builder(); return b.id("aasdf").issuer("asd").subject("asf").statusCode("200").inResponseTo("asdf").subjectNameIdFormat( - "afaf") - .attributes(attributeMap).build(); + "afaf").attributes(attributeMap).build(); + } + + private AttributeDefinition generateStringAttribute(String friendlyName, String fragment, String prefix) throws URISyntaxException { + return generateAttribute(friendlyName, fragment, prefix, "eu.eidas.auth.commons.attribute.impl" + + ".LiteralStringAttributeValueMarshaller"); + } + + private AttributeDefinition generateDateTimeAttribute(String friendlyName, String fragment, String prefix) throws URISyntaxException { + return generateAttribute(friendlyName, fragment, prefix, "eu.eidas.auth.commons.attribute.impl" + + ".DateTimeAttributeValueMarshaller"); + } + + private AttributeDefinition generateAttribute(String friendlyName, String fragment, String prefix, + String marshaller) throws URISyntaxException { + return AttributeDefinition.builder() + .friendlyName(friendlyName).nameUri(new URI("ad", "sd", fragment)) + .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", prefix)) + .attributeValueMarshaller(marshaller).build(); } - private List emptyHandlers() { + private List emptyHandlers() { return new ArrayList<>(); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml index 10d480e0..1f3a984b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml @@ -66,7 +66,7 @@ scope="prototype" /> + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.DummyErnpClient" /> -- cgit v1.2.3 From f74e02f9f0735ff9a1e897c5eba10f69ff720f8f Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Tue, 12 Jan 2021 13:35:02 +0100 Subject: created tasks and beans --- .../config/templates/chooseOtherLoginMethod.html | 250 +++++++++++++++++++++ .../specific/connector/MsEidasNodeConstants.java | 4 +- .../eidas/v2/tasks/CreateNewErnbEntryTask.java | 66 ------ .../eidas/v2/tasks/CreateNewErnpEntryTask.java | 55 +++++ .../auth/eidas/v2/tasks/GenerateGuiTask.java | 14 +- .../GenerateMobilePhoneSignatureRequestTask.java | 14 +- .../eidas/v2/tasks/ReceiveGuiResponseTask.java | 20 +- .../ReceiveMobilePhoneSignatureResponseTask.java | 15 +- .../resources/eIDAS.Authentication.process.xml | 12 + .../src/main/resources/eidas_v2_auth.beans.xml | 20 ++ .../resources/SpringTest-context_tasks_test.xml | 20 ++ 11 files changed, 370 insertions(+), 120 deletions(-) create mode 100644 connector/src/test/resources/config/templates/chooseOtherLoginMethod.html delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnbEntryTask.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/connector/src/test/resources/config/templates/chooseOtherLoginMethod.html b/connector/src/test/resources/config/templates/chooseOtherLoginMethod.html new file mode 100644 index 00000000..134f7fba --- /dev/null +++ b/connector/src/test/resources/config/templates/chooseOtherLoginMethod.html @@ -0,0 +1,250 @@ + + + + + + + eIDAS-Login Login-Auswahl + + + + + +
+
+ + +
+
+
+
+

Zentraler eIDAS Knoten der Republik Österreich

+

Betrieben durch das Bundesministerium für Inneres

+
+ +

Wählen Sie Ihr Land / Select your country

+ +
+ +
+ + + +
+
+ + + +
+
+ + + +
+
+ + +
+ + + +
+ +
+
+
© BUNDESMINISTERIUM FÃœR INNERES
+
+
+ + diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java index 42fefaab..1300ad74 100644 --- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java @@ -46,8 +46,8 @@ public class MsEidasNodeConstants { public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH = "webcontent.templates"; public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_CCSELECTION = "webcontent.templates.countryselection"; - public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_OTHER_LOGIN_METHOD_SELECTION = "webcontent.templates" + - ".otherLoginMethodselection"; + public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_OTHER_LOGIN_METHOD_SELECTION = "webcontent.templates" + + ".otherLoginMethodselection"; public static final String PROP_CONFIG_MONITORING_EIDASNODE_METADATAURL = "monitoring.eIDASNode.metadata.url"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnbEntryTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnbEntryTask.java deleted file mode 100644 index 77d6ed41..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnbEntryTask.java +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; - -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import lombok.extern.slf4j.Slf4j; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -/** - * Task that searches ErnB and ZMR before adding person to SZR. - * - * @author tlenz - */ -@Slf4j -@Component("CreateNewErnbEntryTask") -// NOTE: General: Please rebase git commit and squash them where useful, i.e. "remove unused import" should -// not be a separate commit. -public class CreateNewErnbEntryTask extends AbstractAuthServletTask { - - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv. - * egovernment.moa.id.process.api.ExecutionContext, - * javax.servlet.http.HttpServletRequest, - * javax.servlet.http.HttpServletResponse) - */ - @Override - public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - try { - //TODO - } catch (final Exception e) { - log.error("Initial search FAILED.", e); - throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); - } - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java new file mode 100644 index 00000000..6f7304c9 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java @@ -0,0 +1,55 @@ +/* + * Copyright 2021 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * Task that searches ErnB and ZMR before adding person to SZR. + * + * @author amarsalek + */ +@Slf4j +@Component("CreateNewErnbEntryTask") +public class CreateNewErnpEntryTask extends AbstractAuthServletTask { + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + //TODO + } catch (final Exception e) { + log.error("Initial search FAILED.", e); + throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); + } + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateGuiTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateGuiTask.java index d55d4a7e..3d77f994 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateGuiTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateGuiTask.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2021 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * @@ -41,12 +41,10 @@ import javax.servlet.http.HttpServletResponse; /** * Task that searches ErnB and ZMR before adding person to SZR. * - * @author tlenz + * @author amarsalek */ @Slf4j @Component("GenerateGuiTask") -// NOTE: General: Please rebase git commit and squash them where useful, i.e. "remove unused import" should -// not be a separate commit. public class GenerateGuiTask extends AbstractAuthServletTask { @Autowired @@ -54,14 +52,6 @@ public class GenerateGuiTask extends AbstractAuthServletTask { @Autowired IConfiguration basicConfig; - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv. - * egovernment.moa.id.process.api.ExecutionContext, - * javax.servlet.http.HttpServletRequest, - * javax.servlet.http.HttpServletResponse) - */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java index c9974509..7c154705 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2021 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * @@ -35,23 +35,13 @@ import javax.servlet.http.HttpServletResponse; /** * Task that searches ErnB and ZMR before adding person to SZR. * - * @author tlenz + * @author amarsalek */ @Slf4j @Component("GenerateMobilePhoneSignatureRequestTask") -// NOTE: General: Please rebase git commit and squash them where useful, i.e. "remove unused import" should -// not be a separate commit. public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServletTask { - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv. - * egovernment.moa.id.process.api.ExecutionContext, - * javax.servlet.http.HttpServletRequest, - * javax.servlet.http.HttpServletResponse) - */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java index b0cb857e..fc51ce2d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2021 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * @@ -40,24 +40,14 @@ import java.util.Enumeration; /** * Task that searches ErnB and ZMR before adding person to SZR. * - * @author tlenz + * @author amarsalek */ @Slf4j @Component("ReceiveGuiResponseTask") -// NOTE: General: Please rebase git commit and squash them where useful, i.e. "remove unused import" should -// not be a separate commit. public class ReceiveGuiResponseTask extends AbstractAuthServletTask { - final String LOGIN_METHOD = "loginSelection"; + final String loginMethod = "loginSelection"; - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv. - * egovernment.moa.id.process.api.ExecutionContext, - * javax.servlet.http.HttpServletRequest, - * javax.servlet.http.HttpServletResponse) - */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { @@ -68,10 +58,10 @@ public class ReceiveGuiResponseTask extends AbstractAuthServletTask { final String paramName = reqParamNames.nextElement(); if (StringUtils.isNotEmpty(paramName) && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)) { - if (LOGIN_METHOD.equalsIgnoreCase(paramName)) { + if (loginMethod.equalsIgnoreCase(paramName)) { String value = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); SelectedLoginMethod selection = SelectedLoginMethod.valueOf(value); - executionContext.put(LOGIN_METHOD, selection); + executionContext.put(loginMethod, selection); } } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java index 28c351f2..95eeca4c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2021 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * @@ -35,23 +35,12 @@ import javax.servlet.http.HttpServletResponse; /** * Task that searches ErnB and ZMR before adding person to SZR. * - * @author tlenz + * @author amarsalek */ @Slf4j @Component("ReceiveMobilePhoneSignatureResponseTask") -// NOTE: General: Please rebase git commit and squash them where useful, i.e. "remove unused import" should -// not be a separate commit. public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServletTask { - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv. - * egovernment.moa.id.process.api.ExecutionContext, - * javax.servlet.http.HttpServletRequest, - * javax.servlet.http.HttpServletResponse) - */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index e199d379..5134982a 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -13,6 +13,18 @@ + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml index 10d480e0..7d7f2c59 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml @@ -78,4 +78,24 @@ + + + + + + + + + + \ No newline at end of file -- cgit v1.2.3 From c1b44dcd325e9e49ba38c384b9bfb981dca5a776 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Tue, 12 Jan 2021 16:10:10 +0100 Subject: add task transitions --- .../auth/eidas/v2/tasks/InitialSearchTask.java | 9 ++++++- .../resources/eIDAS.Authentication.process.xml | 31 ++++++++++++++++++---- 2 files changed, 34 insertions(+), 6 deletions(-) (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index a87be6c5..0812f55e 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -73,6 +73,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { private IErnbClient ernbClient; private IZmrClient zmrClient; + private ExecutionContext executionContext; /* * (non-Javadoc) @@ -86,6 +87,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { + this.executionContext = executionContext; final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); final ILightResponse eidasResponse = authProcessData .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); @@ -254,7 +256,12 @@ public class InitialSearchTask extends AbstractAuthServletTask { ernbClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); mdsSearchResult.setResultsErnb(resultsErnb); - log.debug("Automerge " + initialSearchResult + " with " + eidData + " " + mdsSearchResult); + if (mdsSearchResult.getResultCount() == 0) { + executionContext.put("TASK_CreateNewErnpEntryTask", true); + } else { + executionContext.put("TASK_GenerateGuiTask", true); + } + //TODO implement next phase and return correct value return "TODO-Temporary-Endnode-105"; } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index 5134982a..5299093e 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -13,15 +13,15 @@ - - - - - @@ -33,8 +33,29 @@ to="receiveAuthnResponse" /> + + + + + + + + + + + Date: Thu, 3 Dec 2020 10:13:44 +0100 Subject: general workflow steps 1-8 --- .../v2/dao/CountrySpecificDetailSearchResult.java | 14 ++ .../auth/eidas/v2/dao/InitialSearchResult.java | 12 + .../v2/exception/ManualFixNecessaryException.java | 40 ++++ .../ICountrySpecificDetailSearchProcessor.java | 58 +++++ .../auth/eidas/v2/tasks/InitialSearchTask.java | 258 +++++++++++++++++++++ .../resources/eIDAS.Authentication.process.xml | 4 + .../src/main/resources/eidas_v2_auth.beans.xml | 4 + .../EidasRequestPreProcessingSecondTest.java | 2 +- 8 files changed, 391 insertions(+), 1 deletion(-) create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/CountrySpecificDetailSearchResult.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/InitialSearchResult.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/CountrySpecificDetailSearchResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/CountrySpecificDetailSearchResult.java new file mode 100644 index 00000000..710e286c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/CountrySpecificDetailSearchResult.java @@ -0,0 +1,14 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; + +public class CountrySpecificDetailSearchResult { + + //TODO is the result the same as the one form the initial search? + int resultsZmr; + int resultsErnb; + + public int getResultCount() { + return resultsZmr + resultsErnb; + } + + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/InitialSearchResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/InitialSearchResult.java new file mode 100644 index 00000000..8fe69414 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/InitialSearchResult.java @@ -0,0 +1,12 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; + +public class InitialSearchResult { + + int resultsZmr; + int resultsErnb; + + public int getResultCount() { + return resultsErnb + resultsZmr; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java new file mode 100644 index 00000000..f3916ed6 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java @@ -0,0 +1,40 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; + +public class ManualFixNecessaryException extends EidasSAuthenticationException { + private static final long serialVersionUID = 1L; + + public ManualFixNecessaryException(String personIdentifier) { + super("eidas.00", new Object[] { personIdentifier });//TODO "eidas.00" + + } + + public ManualFixNecessaryException(ErnbEidData eidData) { + + super("eidas.00", new Object[] { eidData.getPseudonym() });//TODO "eidas.00" => what info to pass??? + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java new file mode 100644 index 00000000..c35f6e16 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java @@ -0,0 +1,58 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.CountrySpecificDetailSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; + +public interface ICountrySpecificDetailSearchProcessor { + + /** + * Get a friendlyName of this post-processor implementation. + * + * @return + */ + String getName(); + + /** + * Get the priority of this eID Post-Processor
+ * If more than one Post-Processor implementations can handle the eID data, the + * post-processor with the highest priority are selected. The Default-Processor + * has priority '0' + * + * @return Priority of this handler + */ + int getPriority(); + + /** + * Check if this postProcessor is sensitive for a specific country. + * + * @param countryCode of the eID data that should be processed + * @param eidData eID data + * @return true if this implementation can handle the country, otherwise false + */ + boolean canHandle(String countryCode, ErnbEidData eidData); + + CountrySpecificDetailSearchResult search(ErnbEidData eidData); +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java new file mode 100644 index 00000000..d9f70a81 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -0,0 +1,258 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.CountrySpecificDetailSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.InitialSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ICountrySpecificDetailSearchProcessor; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSet; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.AttributeValue; +import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.stereotype.Component; + +import javax.annotation.PostConstruct; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +/** + * Task that creates the IdentityLink for an eIDAS authenticated person. + * + * @author tlenz + */ +@Slf4j +@Component("InitialSearchTask") +public class InitialSearchTask extends AbstractAuthServletTask { + + private final List handlers = new ArrayList<>(); + + // @Autowired + // private AuthBlockSigningService authBlockSigner; + // @Autowired + // private IConfiguration basicConfig; + // @Autowired + // private SzrClient szrClient; + @Autowired + private ICcSpecificEidProcessingService eidPostProcessor; + + // private static final String EID_STATUS = "urn:eidgvat:eid.status.eidas"; + @Autowired + private ApplicationContext context; + + @PostConstruct + private void initialize() { + log.debug("Initialize country specific detail search services ... "); + final Map postProcessors = context.getBeansOfType( + ICountrySpecificDetailSearchProcessor.class); + final Iterator> iterator = + postProcessors.entrySet().iterator(); + while (iterator.hasNext()) { + final Map.Entry el = iterator.next(); + log.debug("Find country specific detail search services with name: " + el.getKey()); + handlers.add(el.getValue()); + + } + + log.trace("Sorting country specific detail search services on priority ... "); + Collections.sort(handlers, (thisAuthModule, otherAuthModule) -> { + final int thisOrder = thisAuthModule.getPriority(); + final int otherOrder = otherAuthModule.getPriority(); + return thisOrder < otherOrder ? 1 : thisOrder == otherOrder ? 0 : -1; + }); + + log.info("# " + handlers.size() + " country specific detail search services are registrated"); + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv. + * egovernment.moa.id.process.api.ExecutionContext, + * javax.servlet.http.HttpServletRequest, + * javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + final ILightResponse eidasResponse = authProcessData + .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); + + final Map simpleAttrMap = convertEidasAttrToSimpleMap( + eidasResponse.getAttributes().getAttributeMap()); + + // post-process eIDAS attributes + final ErnbEidData eidData = eidPostProcessor.postProcess(simpleAttrMap); + + String personIdentifier = eidData.getPseudonym(); + + //search in register(step 2) + InitialSearchResult result = searchInZmrAndErnp(personIdentifier); + switch (result.getResultCount()) { + case 0: + step5(result, eidData); + break; + case 1: + step3(result, eidData); + break; + default://should not happen + throw new TaskExecutionException(pendingReq, "Initial search - Kitt Process necessary.", + new ManualFixNecessaryException(personIdentifier)); + } + } catch (final Exception e) { + log.error("Initial search FAILED.", e); + throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); + } + } + + private void step3(InitialSearchResult result, ErnbEidData eidData) { + //check if data from eidas authentication matches with data from register + //TODO + + } + + private void step5(InitialSearchResult result, ErnbEidData eidData) throws TaskExecutionException { + String citizenCountry = eidData.getCitizenCountryCode(); + ICountrySpecificDetailSearchProcessor foundHandler = null; + for (final ICountrySpecificDetailSearchProcessor el : handlers) { + //5 check if country specific search is possible + if (el.canHandle(citizenCountry, eidData)) { + log.debug("Found suitable country specific search handler for " + citizenCountry + + " by using: " + el.getName()); + foundHandler = el; + break; + } + } + if (foundHandler == null) { + //MDS search + step8(result, eidData); + } else { + //country specific search + step6(foundHandler, result, eidData); + } + } + + private void step6(ICountrySpecificDetailSearchProcessor countrySpecificDetailSearchProcessor, + InitialSearchResult initialSearchResult, ErnbEidData eidData) throws TaskExecutionException { + //6 country specific search + CountrySpecificDetailSearchResult countrySpecificDetailSearchResult = + countrySpecificDetailSearchProcessor.search(eidData); + + switch (countrySpecificDetailSearchResult.getResultCount()) { + case 0: + step8(initialSearchResult, eidData); + break; + case 1: + step7a(initialSearchResult, countrySpecificDetailSearchResult, eidData); + break; + default://should not happen + throw new TaskExecutionException(pendingReq, "Detail search - Kitt Process necessary.", + new ManualFixNecessaryException(eidData)); + } + } + + private void step7a(InitialSearchResult initialSearchResult, + CountrySpecificDetailSearchResult countrySpecificDetailSearchResult, ErnbEidData eidData) { + //TODO automerge + + } + + private void step8(InitialSearchResult initialSearchResult, ErnbEidData eidData) { + //TODO MDS Suche + } + + private InitialSearchResult searchInZmrAndErnp(String personIdentifier) { + //search TODO + return new InitialSearchResult();//TODO + } + + private Map convertEidasAttrToSimpleMap( + ImmutableMap, ImmutableSet>> attributeMap) { + final Map result = new HashMap<>(); + + for (final AttributeDefinition el : attributeMap.keySet()) { + + final Class parameterizedType = el.getParameterizedType(); + if (DateTime.class.equals(parameterizedType)) { + final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el).asList()); + if (attribute != null) { + result.put(el.getFriendlyName(), attribute); + log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + attribute.toString()); + + } else { + log.info("Ignore empty 'DateTime' attribute"); + } + + } else if (PostalAddress.class.equals(parameterizedType)) { + final PostalAddress addressAttribute = EidasResponseUtils + .translateAddressAttribute(el, attributeMap.get(el).asList()); + if (addressAttribute != null) { + result.put(el.getFriendlyName(), addressAttribute); + log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + addressAttribute.toString()); + + } else { + log.info("Ignore empty 'PostalAddress' attribute"); + } + + } else { + final List natPersonIdObj = EidasResponseUtils + .translateStringListAttribute(el, attributeMap.get(el).asList()); + final String stringAttr = natPersonIdObj.get(0); + if (StringUtils.isNotEmpty(stringAttr)) { + result.put(el.getFriendlyName(), stringAttr); + log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + stringAttr); + + } else { + log.info("Ignore empty 'String' attribute"); + } + } + } + log.debug("Receive #" + result.size() + " attributes with names: " + result.keySet().toString()); + return result; + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index 55bb1ace..e199d379 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -10,6 +10,8 @@ class="FinalizeAuthenticationTask" /> + @@ -18,6 +20,8 @@ + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 6cc704ab..9c28bf07 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -87,4 +87,8 @@ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask" scope="prototype" /> + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java index c44e803b..23175a18 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java @@ -100,7 +100,7 @@ public class EidasRequestPreProcessingSecondTest { final LightRequest lightReq = authnRequestBuilder.build(); - Assert.assertEquals("ProviderName is not Static", "myNode", lightReq.getProviderName()); + Assert.assertEquals("ProviderName is not Static", "myNode", lightReq.getProviderName());//Fixme "myNode" Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); Assert.assertEquals("Requested attribute size not match", 8, lightReq.getRequestedAttributes().size()); -- cgit v1.2.3 From 4b7abac5a3090b924c3c2a6c6bc0c2da8cf05bdd Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Fri, 4 Dec 2020 12:59:42 +0100 Subject: added dummy ZMR & ERnB client --- .../auth/eidas/v2/dao/InitialSearchResult.java | 12 -- .../eidas/v2/dao/MergedRegisterSearchResult.java | 16 ++ .../modules/auth/eidas/v2/dao/RegisterResult.java | 59 +++++++ .../modules/auth/eidas/v2/dao/SimpleEidasData.java | 52 ++++++ .../auth/eidas/v2/ernb/DummyErnbClient.java | 49 ++++++ .../modules/auth/eidas/v2/ernb/IErnbClient.java | 12 ++ .../v2/exception/ManualFixNecessaryException.java | 6 +- .../eidas/v2/handler/AbstractEidProcessor.java | 115 +++---------- .../ICountrySpecificDetailSearchProcessor.java | 6 +- .../auth/eidas/v2/tasks/InitialSearchTask.java | 189 +++++++++++++++------ .../auth/eidas/v2/utils/EidasResponseUtils.java | 168 ++++++++++++++++++ .../modules/auth/eidas/v2/zmr/DummyZmrClient.java | 49 ++++++ .../modules/auth/eidas/v2/zmr/IZmrClient.java | 12 ++ .../src/main/resources/eidas_v2_auth.beans.xml | 6 + 14 files changed, 584 insertions(+), 167 deletions(-) delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/InitialSearchResult.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/DummyErnbClient.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/IErnbClient.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/InitialSearchResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/InitialSearchResult.java deleted file mode 100644 index 8fe69414..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/InitialSearchResult.java +++ /dev/null @@ -1,12 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; - -public class InitialSearchResult { - - int resultsZmr; - int resultsErnb; - - public int getResultCount() { - return resultsErnb + resultsZmr; - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java new file mode 100644 index 00000000..bc5b358d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java @@ -0,0 +1,16 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; + +import lombok.Data; + +import java.util.ArrayList; + +@Data public class MergedRegisterSearchResult { + + ArrayList resultsZmr = new ArrayList<>(); + ArrayList resultsErnb = new ArrayList<>(); + + public int getResultCount() { + return resultsZmr.size() + resultsErnb.size(); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java new file mode 100644 index 00000000..9509e7de --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java @@ -0,0 +1,59 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; + +import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; +import lombok.Data; + +@Data public class RegisterResult { + + // MDS + private String pseudonym = null; + private String givenName = null; + private String familyName = null; + private String dateOfBirth = null; + + // additional attributes + private String placeOfBirth = null; + private String birthName = null; + private String taxNumber = null; + private PostalAddressType address = null; + + /** + * Register search result. + * @param pseudonym The pseudonym + * @param givenName The givenName + * @param familyName The familyName + * @param dateOfBirth The dateOfBirth + * @param placeOfBirth The placeOfBirth + */ + public RegisterResult(String pseudonym, String givenName, String familyName, String dateOfBirth, + String placeOfBirth) { + this.pseudonym = pseudonym; + this.givenName = givenName; + this.familyName = familyName; + this.dateOfBirth = dateOfBirth; + this.placeOfBirth = placeOfBirth; + } + + /** + * Register search result. + * @param pseudonym The pseudonym + * @param givenName The givenName + * @param familyName The familyName + * @param dateOfBirth The dateOfBirth + * @param placeOfBirth The placeOfBirth + * @param birthName The birthName + * @param taxNumber The taxNumber + * @param address The address + */ + public RegisterResult(String pseudonym, String givenName, String familyName, String dateOfBirth, + String placeOfBirth, String birthName, String taxNumber, PostalAddressType address) { + this.pseudonym = pseudonym; + this.givenName = givenName; + this.familyName = familyName; + this.dateOfBirth = dateOfBirth; + this.placeOfBirth = placeOfBirth; + this.birthName = birthName; + this.taxNumber = taxNumber; + this.address = address; + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java new file mode 100644 index 00000000..0b116bfb --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java @@ -0,0 +1,52 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; + +import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; +import lombok.Data; +import org.joda.time.DateTime; + +import java.text.SimpleDateFormat; + +@Data public class SimpleEidasData { + + private String citizenCountryCode = null; + + // MDS + private String pseudonym = null; + private String givenName = null; + private String familyName = null; + private DateTime dateOfBirth = null; + + // additional attributes + private String placeOfBirth = null; + private String birthName = null; + private PostalAddressType address = null; + private String taxNumber; + + public String getFormatedDateOfBirth() { + return new SimpleDateFormat("yyyy-MM-dd").format(dateOfBirth.toDate()); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/DummyErnbClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/DummyErnbClient.java new file mode 100644 index 00000000..8b2379bf --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/DummyErnbClient.java @@ -0,0 +1,49 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import org.springframework.stereotype.Service; + +import java.util.ArrayList; + +@Service("ErnbClientForeIDAS") +public class DummyErnbClient implements IErnbClient { + + @Override + public ArrayList searchWithPersonIdentifer(String personIdentifer) { + switch (personIdentifer) { + case "a12345": + case "a12345-": + return result1(); + case "a123456": + return result2(); + default: + return resultEmpty(); + } + } + + @Override + public ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth) { + return resultEmpty();//TODO will I only receive matches where all three values match perfectly? + } + + private ArrayList resultEmpty() { + return new ArrayList();//Nobody found + } + + private ArrayList result1() { + ArrayList results = new ArrayList<>(); + RegisterResult result1 = new RegisterResult("a12345", "Tom", "Mustermann", "1950-01-01", "Wien"); + results.add(result1); + RegisterResult result2 = new RegisterResult("a12345-", "Tom", "Mustermann", "1950-01-01", "Wien"); + results.add(result2); + return results; + } + + private ArrayList result2() { + ArrayList results = new ArrayList<>(); + RegisterResult result = new RegisterResult("a123456", "Max", "Mustermann", "2000-01-01", "Wien"); + results.add(result); + return results; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/IErnbClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/IErnbClient.java new file mode 100644 index 00000000..4873b939 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/IErnbClient.java @@ -0,0 +1,12 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; + +import java.util.ArrayList; + +public interface IErnbClient { + + ArrayList searchWithPersonIdentifer(String personIdentifer); + + ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth); +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java index f3916ed6..c22e8135 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java @@ -23,18 +23,16 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; public class ManualFixNecessaryException extends EidasSAuthenticationException { private static final long serialVersionUID = 1L; public ManualFixNecessaryException(String personIdentifier) { super("eidas.00", new Object[] { personIdentifier });//TODO "eidas.00" - } - public ManualFixNecessaryException(ErnbEidData eidData) { - + public ManualFixNecessaryException(SimpleEidasData eidData) { super("eidas.00", new Object[] { eidData.getPseudonym() });//TODO "eidas.00" => what info to pass??? } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java index 42dbfeac..3691ee47 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java @@ -23,6 +23,7 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + import java.util.Map; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -52,7 +53,6 @@ import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.light.impl.LightRequest.Builder; import eu.eidas.auth.commons.protocol.eidas.SpType; -import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; public abstract class AbstractEidProcessor implements INationalEidProcessor { private static final Logger log = LoggerFactory.getLogger(AbstractEidProcessor.class); @@ -68,7 +68,6 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { buildLevelOfAssurance(pendingReq.getServiceProviderConfiguration(), authnRequestBuilder); buildProviderNameAttribute(pendingReq, authnRequestBuilder); buildRequestedAttributes(authnRequestBuilder); - } @@ -94,13 +93,12 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { result.setAddress(processAddress(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTADDRESS))); return result; - } - + /** * Get a Map of country-specific requested attributes. - * + * * @return */ @NonNull @@ -108,7 +106,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { /** * Post-Process the eIDAS CurrentAddress attribute. - * + * * @param currentAddressObj eIDAS current address information * @return current address or null if no attribute is available * @throws EidPostProcessingException if post-processing fails @@ -116,34 +114,12 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { */ protected PostalAddressType processAddress(Object currentAddressObj) throws EidPostProcessingException, EidasAttributeException { - - if (currentAddressObj != null) { - if (currentAddressObj instanceof PostalAddress) { - final PostalAddressType result = new PostalAddressType(); - result.setPostalCode(((PostalAddress) currentAddressObj).getPostCode()); - result.setMunicipality(((PostalAddress) currentAddressObj).getPostName()); - - // TODO: add more mappings - - return result; - - } else { - log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_CURRENTADDRESS + " is of WRONG type"); - throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTADDRESS); - - } - - } else { - log.debug("NO '" + Constants.eIDAS_ATTR_CURRENTADDRESS + "' attribute. Post-Processing skipped ... "); - } - - return null; - + return EidasResponseUtils.processAddress(currentAddressObj); } /** * Post-Process the eIDAS BirthName attribute. - * + * * @param birthNameObj eIDAS birthname information * @return birthName or null if no attribute is available * @throws EidPostProcessingException if post-processing fails @@ -151,27 +127,12 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { */ protected String processBirthName(Object birthNameObj) throws EidPostProcessingException, EidasAttributeException { - if (birthNameObj != null) { - if (birthNameObj instanceof String) { - return (String) birthNameObj; - - } else { - log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_BIRTHNAME + " is of WRONG type"); - throw new EidasAttributeException(Constants.eIDAS_ATTR_BIRTHNAME); - - } - - } else { - log.debug("NO '" + Constants.eIDAS_ATTR_BIRTHNAME + "' attribute. Post-Processing skipped ... "); - } - - return null; - + return EidasResponseUtils.processBirthName(birthNameObj); } /** * Post-Process the eIDAS PlaceOfBirth attribute. - * + * * @param placeOfBirthObj eIDAS Place-of-Birth information * @return place of Birth or null if no attribute is available * @throws EidPostProcessingException if post-processing fails @@ -179,27 +140,12 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { */ protected String processPlaceOfBirth(Object placeOfBirthObj) throws EidPostProcessingException, EidasAttributeException { - if (placeOfBirthObj != null) { - if (placeOfBirthObj instanceof String) { - return (String) placeOfBirthObj; - - } else { - log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_PLACEOFBIRTH + " is of WRONG type"); - throw new EidasAttributeException(Constants.eIDAS_ATTR_PLACEOFBIRTH); - - } - - } else { - log.debug("NO '" + Constants.eIDAS_ATTR_PLACEOFBIRTH + "' attribute. Post-Processing skipped ... "); - } - - return null; - + return EidasResponseUtils.processPlaceOfBirth(placeOfBirthObj); } /** * Post-Process the eIDAS DateOfBirth attribute. - * + * * @param dateOfBirthObj eIDAS date-of-birth attribute information * @return formated user's date-of-birth * @throws EidasAttributeException if NO attribute is available @@ -207,17 +153,12 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { */ protected DateTime processDateOfBirth(Object dateOfBirthObj) throws EidPostProcessingException, EidasAttributeException { - if (dateOfBirthObj == null || !(dateOfBirthObj instanceof DateTime)) { - throw new EidasAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); - } - - return (DateTime) dateOfBirthObj; - + return EidasResponseUtils.processDateOfBirth(dateOfBirthObj); } /** * Post-Process the eIDAS GivenName attribute. - * + * * @param givenNameObj eIDAS givenName attribute information * @return formated user's givenname * @throws EidasAttributeException if NO attribute is available @@ -225,17 +166,12 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { */ protected String processGivenName(Object givenNameObj) throws EidPostProcessingException, EidasAttributeException { - if (givenNameObj == null || !(givenNameObj instanceof String)) { - throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); - } - - return (String) givenNameObj; - + return EidasResponseUtils.processGivenName(givenNameObj); } /** * Post-Process the eIDAS FamilyName attribute. - * + * * @param familyNameObj eIDAS familyName attribute information * @return formated user's familyname * @throws EidasAttributeException if NO attribute is available @@ -243,17 +179,12 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { */ protected String processFamilyName(Object familyNameObj) throws EidPostProcessingException, EidasAttributeException { - if (familyNameObj == null || !(familyNameObj instanceof String)) { - throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); - } - - return (String) familyNameObj; - + return EidasResponseUtils.processFamilyName(familyNameObj); } /** * Post-Process the eIDAS pseudonym to ERnB unique identifier. - * + * * @param personalIdObj eIDAS PersonalIdentifierAttribute * @return Unique personal identifier without country-code information * @throws EidasAttributeException if NO attribute is available @@ -261,15 +192,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { */ protected String processPseudonym(Object personalIdObj) throws EidPostProcessingException, EidasAttributeException { - if (personalIdObj == null || !(personalIdObj instanceof String)) { - throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); - } - - final Triple eIdentifier = - EidasResponseUtils.parseEidasPersonalIdentifier((String) personalIdObj); - - return eIdentifier.getThird(); - + return EidasResponseUtils.processPseudonym(personalIdObj); } private void buildRequestedAttributes(Builder authnRequestBuilder) { @@ -335,8 +258,8 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); if (StringUtils.isNotEmpty(providerName) && basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME, - false)) { + Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME, + false)) { authnRequestBuilder.providerName(providerName); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java index c35f6e16..13d9117d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java @@ -24,7 +24,7 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.CountrySpecificDetailSearchResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; public interface ICountrySpecificDetailSearchProcessor { @@ -52,7 +52,7 @@ public interface ICountrySpecificDetailSearchProcessor { * @param eidData eID data * @return true if this implementation can handle the country, otherwise false */ - boolean canHandle(String countryCode, ErnbEidData eidData); + boolean canHandle(String countryCode, SimpleEidasData eidData); - CountrySpecificDetailSearchResult search(ErnbEidData eidData); + CountrySpecificDetailSearchResult search(SimpleEidasData eidData); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index d9f70a81..bcada70f 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -23,40 +23,48 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +import javax.annotation.PostConstruct; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.stereotype.Component; + +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSet; + import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.CountrySpecificDetailSearchResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.InitialSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb.IErnbClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ICountrySpecificDetailSearchProcessor; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.data.Triple; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import com.google.common.collect.ImmutableMap; -import com.google.common.collect.ImmutableSet; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.AttributeValue; import eu.eidas.auth.commons.light.ILightResponse; import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; import lombok.extern.slf4j.Slf4j; -import org.apache.commons.lang3.StringUtils; -import org.joda.time.DateTime; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.stereotype.Component; - -import javax.annotation.PostConstruct; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; /** * Task that creates the IdentityLink for an eIDAS authenticated person. @@ -75,13 +83,19 @@ public class InitialSearchTask extends AbstractAuthServletTask { // private IConfiguration basicConfig; // @Autowired // private SzrClient szrClient; - @Autowired - private ICcSpecificEidProcessingService eidPostProcessor; + // @Autowired + // private ICcSpecificEidProcessingService eidPostProcessor; // private static final String EID_STATUS = "urn:eidgvat:eid.status.eidas"; @Autowired private ApplicationContext context; + @Autowired + private IErnbClient ernbClient; + + @Autowired + private IZmrClient zmrClient; + @PostConstruct private void initialize() { log.debug("Initialize country specific detail search services ... "); @@ -127,36 +141,82 @@ public class InitialSearchTask extends AbstractAuthServletTask { eidasResponse.getAttributes().getAttributeMap()); // post-process eIDAS attributes - final ErnbEidData eidData = eidPostProcessor.postProcess(simpleAttrMap); - - String personIdentifier = eidData.getPseudonym(); - - //search in register(step 2) - InitialSearchResult result = searchInZmrAndErnp(personIdentifier); - switch (result.getResultCount()) { - case 0: - step5(result, eidData); - break; - case 1: - step3(result, eidData); - break; - default://should not happen - throw new TaskExecutionException(pendingReq, "Initial search - Kitt Process necessary.", - new ManualFixNecessaryException(personIdentifier)); - } + final SimpleEidasData eidData = convertSimpleMapToSimpleData(simpleAttrMap); + step2(eidData); } catch (final Exception e) { log.error("Initial search FAILED.", e); throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); } } - private void step3(InitialSearchResult result, ErnbEidData eidData) { + private void step2(SimpleEidasData eidData) throws TaskExecutionException { + String personIdentifier = eidData.getPseudonym(); + //search in register(step 2) + MergedRegisterSearchResult result = searchInZmrAndErnp(personIdentifier); + switch (result.getResultCount()) { + case 0: + step5(result, eidData); + break; + case 1: + step3(result, eidData); + break; + default://should not happen + throw new TaskExecutionException(pendingReq, "Initial search - Kitt Process necessary.", + new ManualFixNecessaryException(personIdentifier)); + } + } + + private SimpleEidasData convertSimpleMapToSimpleData(Map eidasAttrMap) + throws EidasAttributeException, EidPostProcessingException { + SimpleEidasData simpleEidasData = new SimpleEidasData(); + + final Object eIdentifierObj = eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + final Triple eIdentifier = + EidasResponseUtils.parseEidasPersonalIdentifier((String) eIdentifierObj); + simpleEidasData.setCitizenCountryCode(eIdentifier.getFirst()); + + // MDS attributes + simpleEidasData.setPseudonym(EidasResponseUtils.processPseudonym( + eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))); + simpleEidasData.setFamilyName(EidasResponseUtils.processFamilyName( + eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))); + simpleEidasData.setGivenName(EidasResponseUtils.processGivenName( + eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME))); + simpleEidasData.setDateOfBirth(EidasResponseUtils.processDateOfBirth( + eidasAttrMap.get(Constants.eIDAS_ATTR_DATEOFBIRTH))); + + // additional attributes + simpleEidasData.setPlaceOfBirth(EidasResponseUtils.processPlaceOfBirth( + eidasAttrMap.get(Constants.eIDAS_ATTR_PLACEOFBIRTH))); + simpleEidasData.setBirthName(EidasResponseUtils.processBirthName( + eidasAttrMap.get(Constants.eIDAS_ATTR_BIRTHNAME))); + simpleEidasData.setAddress(EidasResponseUtils.processAddress( + eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTADDRESS))); + + //TODO other additional attributes + return simpleEidasData; + } + + private void step3(MergedRegisterSearchResult result, SimpleEidasData eidData) { //check if data from eidas authentication matches with data from register - //TODO + log.debug("Compare " + result + " with " + eidData); + //TODO check if data matches + boolean match = true; + if (match) { + return; + } else { + step4(result, eidData); + } } - private void step5(InitialSearchResult result, ErnbEidData eidData) throws TaskExecutionException { + private void step4(MergedRegisterSearchResult result, SimpleEidasData eidData) { + log.debug("Update " + result + " with " + eidData); + //TODO + } + + private void step5(MergedRegisterSearchResult result, SimpleEidasData eidData) + throws TaskExecutionException { String citizenCountry = eidData.getCitizenCountryCode(); ICountrySpecificDetailSearchProcessor foundHandler = null; for (final ICountrySpecificDetailSearchProcessor el : handlers) { @@ -178,7 +238,8 @@ public class InitialSearchTask extends AbstractAuthServletTask { } private void step6(ICountrySpecificDetailSearchProcessor countrySpecificDetailSearchProcessor, - InitialSearchResult initialSearchResult, ErnbEidData eidData) throws TaskExecutionException { + MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidData) + throws TaskExecutionException { //6 country specific search CountrySpecificDetailSearchResult countrySpecificDetailSearchResult = countrySpecificDetailSearchProcessor.search(eidData); @@ -196,19 +257,40 @@ public class InitialSearchTask extends AbstractAuthServletTask { } } - private void step7a(InitialSearchResult initialSearchResult, - CountrySpecificDetailSearchResult countrySpecificDetailSearchResult, ErnbEidData eidData) { + private void step7a(MergedRegisterSearchResult initialSearchResult, + CountrySpecificDetailSearchResult countrySpecificDetailSearchResult, SimpleEidasData eidData) { //TODO automerge - + log.debug("Automerge " + initialSearchResult + " with " + eidData + " " + countrySpecificDetailSearchResult); } - private void step8(InitialSearchResult initialSearchResult, ErnbEidData eidData) { - //TODO MDS Suche + private void step8(MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidData) { + MergedRegisterSearchResult mdsSearchResult = new MergedRegisterSearchResult(); + + ArrayList resultsZmr = + zmrClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getFormatedDateOfBirth()); + mdsSearchResult.setResultsZmr(resultsZmr); + + ArrayList resultsErnb = + ernbClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getFormatedDateOfBirth()); + mdsSearchResult.setResultsErnb(resultsErnb); + + log.debug("Automerge " + initialSearchResult + " with " + eidData + " " + mdsSearchResult); + //TODO + } - private InitialSearchResult searchInZmrAndErnp(String personIdentifier) { - //search TODO - return new InitialSearchResult();//TODO + private MergedRegisterSearchResult searchInZmrAndErnp(String personIdentifier) { + MergedRegisterSearchResult initialSearchResult = new MergedRegisterSearchResult(); + + ArrayList resultsZmr = + zmrClient.searchWithPersonIdentifer(personIdentifier); + initialSearchResult.setResultsZmr(resultsZmr); + + ArrayList resultsErnb = + ernbClient.searchWithPersonIdentifer(personIdentifier); + initialSearchResult.setResultsErnb(resultsErnb); + + return initialSearchResult; } private Map convertEidasAttrToSimpleMap( @@ -241,7 +323,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { } else { final List natPersonIdObj = EidasResponseUtils - .translateStringListAttribute(el, attributeMap.get(el).asList()); + .translateStringListAttribute(el, attributeMap.get(el)); final String stringAttr = natPersonIdObj.get(0); if (StringUtils.isNotEmpty(stringAttr)) { result.put(el.getFriendlyName(), stringAttr); @@ -250,9 +332,12 @@ public class InitialSearchTask extends AbstractAuthServletTask { } else { log.info("Ignore empty 'String' attribute"); } + } } + log.debug("Receive #" + result.size() + " attributes with names: " + result.keySet().toString()); + return result; } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java index c8c5a069..ea4a4c76 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java @@ -30,6 +30,9 @@ import java.util.regex.Pattern; import javax.annotation.Nullable; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; import org.slf4j.Logger; @@ -176,4 +179,169 @@ public class EidasResponseUtils { } + /** + * Post-Process the eIDAS CurrentAddress attribute. + * + * @param currentAddressObj eIDAS current address information + * @return current address or null if no attribute is available + * @throws EidPostProcessingException if post-processing fails + * @throws EidasAttributeException if eIDAS attribute is of a wrong type + */ + public static PostalAddressType processAddress(Object currentAddressObj) throws EidPostProcessingException, + EidasAttributeException { + + if (currentAddressObj != null) { + if (currentAddressObj instanceof PostalAddress) { + final PostalAddressType result = new PostalAddressType(); + result.setPostalCode(((PostalAddress) currentAddressObj).getPostCode()); + result.setMunicipality(((PostalAddress) currentAddressObj).getPostName()); + + // TODO: add more mappings + + return result; + + } else { + log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_CURRENTADDRESS + " is of WRONG type"); + throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTADDRESS); + + } + + } else { + log.debug("NO '" + Constants.eIDAS_ATTR_CURRENTADDRESS + "' attribute. Post-Processing skipped ... "); + } + + return null; + + } + + /** + * Post-Process the eIDAS BirthName attribute. + * + * @param birthNameObj eIDAS birthname information + * @return birthName or null if no attribute is available + * @throws EidPostProcessingException if post-processing fails + * @throws EidasAttributeException if eIDAS attribute is of a wrong type + */ + public static String processBirthName(Object birthNameObj) throws EidPostProcessingException, + EidasAttributeException { + if (birthNameObj != null) { + if (birthNameObj instanceof String) { + return (String) birthNameObj; + + } else { + log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_BIRTHNAME + " is of WRONG type"); + throw new EidasAttributeException(Constants.eIDAS_ATTR_BIRTHNAME); + + } + + } else { + log.debug("NO '" + Constants.eIDAS_ATTR_BIRTHNAME + "' attribute. Post-Processing skipped ... "); + } + + return null; + + } + + /** + * Post-Process the eIDAS PlaceOfBirth attribute. + * + * @param placeOfBirthObj eIDAS Place-of-Birth information + * @return place of Birth or null if no attribute is available + * @throws EidPostProcessingException if post-processing fails + * @throws EidasAttributeException if eIDAS attribute is of a wrong type + */ + public static String processPlaceOfBirth(Object placeOfBirthObj) throws EidPostProcessingException, + EidasAttributeException { + if (placeOfBirthObj != null) { + if (placeOfBirthObj instanceof String) { + return (String) placeOfBirthObj; + + } else { + log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_PLACEOFBIRTH + " is of WRONG type"); + throw new EidasAttributeException(Constants.eIDAS_ATTR_PLACEOFBIRTH); + + } + + } else { + log.debug("NO '" + Constants.eIDAS_ATTR_PLACEOFBIRTH + "' attribute. Post-Processing skipped ... "); + } + + return null; + + } + + /** + * Post-Process the eIDAS DateOfBirth attribute. + * + * @param dateOfBirthObj eIDAS date-of-birth attribute information + * @return formated user's date-of-birth + * @throws EidasAttributeException if NO attribute is available + * @throws EidPostProcessingException if post-processing fails + */ + public static DateTime processDateOfBirth(Object dateOfBirthObj) throws EidPostProcessingException, + EidasAttributeException { + if (dateOfBirthObj == null || !(dateOfBirthObj instanceof DateTime)) { + throw new EidasAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); + } + + return (DateTime) dateOfBirthObj; + + } + + /** + * Post-Process the eIDAS GivenName attribute. + * + * @param givenNameObj eIDAS givenName attribute information + * @return formated user's givenname + * @throws EidasAttributeException if NO attribute is available + * @throws EidPostProcessingException if post-processing fails + */ + public static String processGivenName(Object givenNameObj) throws EidPostProcessingException, + EidasAttributeException { + if (givenNameObj == null || !(givenNameObj instanceof String)) { + throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); + } + + return (String) givenNameObj; + + } + + /** + * Post-Process the eIDAS FamilyName attribute. + * + * @param familyNameObj eIDAS familyName attribute information + * @return formated user's familyname + * @throws EidasAttributeException if NO attribute is available + * @throws EidPostProcessingException if post-processing fails + */ + public static String processFamilyName(Object familyNameObj) throws EidPostProcessingException, + EidasAttributeException { + if (familyNameObj == null || !(familyNameObj instanceof String)) { + throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); + } + + return (String) familyNameObj; + + } + + /** + * Post-Process the eIDAS pseudonym to ERnB unique identifier. + * + * @param personalIdObj eIDAS PersonalIdentifierAttribute + * @return Unique personal identifier without country-code information + * @throws EidasAttributeException if NO attribute is available + * @throws EidPostProcessingException if post-processing fails + */ + public static String processPseudonym(Object personalIdObj) throws EidPostProcessingException, + EidasAttributeException { + if (personalIdObj == null || !(personalIdObj instanceof String)) { + throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + } + + final Triple eIdentifier = + EidasResponseUtils.parseEidasPersonalIdentifier((String) personalIdObj); + + return eIdentifier.getThird(); + + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java new file mode 100644 index 00000000..9a7cc9b3 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java @@ -0,0 +1,49 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import org.springframework.stereotype.Service; + +import java.util.ArrayList; + +@Service("ZmrClientForeIDAS") +public class DummyZmrClient implements IZmrClient { + + @Override + public ArrayList searchWithPersonIdentifer(String personIdentifer) { + switch (personIdentifer) { + case "a12345": + case "a12345-": + return result1(); + case "a123456": + return result2(); + default: + return resultEmpty(); + } + } + + @Override + public ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth) { + return resultEmpty();//TODO will I only receive matches where all three values match perfectly? + } + + private ArrayList resultEmpty() { + return new ArrayList();//Nobody found + } + + private ArrayList result1() { + ArrayList results = new ArrayList<>(); + RegisterResult result1 = new RegisterResult("12345", "Tom", "Mustermann", "1950-01-01", "Wien"); + results.add(result1); + RegisterResult result2 = new RegisterResult("12345-", "Tom", "Mustermann", "1950-01-01", "Wien"); + results.add(result2); + return results; + } + + private ArrayList result2() { + ArrayList results = new ArrayList<>(); + RegisterResult result = new RegisterResult("123456", "Max", "Mustermann", "2000-01-01", "Wien"); + results.add(result); + return results; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java new file mode 100644 index 00000000..1f7e4949 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java @@ -0,0 +1,12 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; + +import java.util.ArrayList; + +public interface IZmrClient { + + ArrayList searchWithPersonIdentifer(String personIdentifer); + + ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth); +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 9c28bf07..0f6277c0 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -17,6 +17,12 @@ + + + + -- cgit v1.2.3 From 4bd5e89de5c8256aa5ce35bf29053ded0c649801 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Wed, 16 Dec 2020 10:47:09 +0100 Subject: added country specific search classes --- .../v2/dao/CountrySpecificDetailSearchResult.java | 2 +- .../handler/DeSpecificDetailSearchProcessor.java | 32 ++++++++++++++++++++++ .../ICountrySpecificDetailSearchProcessor.java | 11 +------- .../handler/ItSpecificDetailSearchProcessor.java | 29 ++++++++++++++++++++ .../auth/eidas/v2/tasks/InitialSearchTask.java | 15 +++++----- .../src/main/resources/eidas_v2_auth.beans.xml | 8 ++++++ 6 files changed, 78 insertions(+), 19 deletions(-) create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/CountrySpecificDetailSearchResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/CountrySpecificDetailSearchResult.java index b74172f9..6e1f8653 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/CountrySpecificDetailSearchResult.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/CountrySpecificDetailSearchResult.java @@ -6,7 +6,7 @@ import java.util.ArrayList; public class CountrySpecificDetailSearchResult { - //TODO is the result the same as the one form the initial search? + //TODO is the result the same as the one from the initial search? ArrayList resultsZmr = new ArrayList<>(); ArrayList resultsErnb = new ArrayList<>(); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java new file mode 100644 index 00000000..727aa718 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java @@ -0,0 +1,32 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.CountrySpecificDetailSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; + +public class DeSpecificDetailSearchProcessor implements ICountrySpecificDetailSearchProcessor { + + @Override + public String getName() { + return this.getClass().getName(); + } + + @Override + public boolean canHandle(String countryCode, SimpleEidasData eidData) { + if (!countryCode.equalsIgnoreCase("de")) { + return false; + } + if (eidData.getBirthName() == null || eidData.getBirthName().isEmpty()) { + return false; + } + if (eidData.getPlaceOfBirth() == null || eidData.getPlaceOfBirth().isEmpty()) { + return false; + } + return true; + } + + @Override + public CountrySpecificDetailSearchResult search(SimpleEidasData eidData) { + //TODO + return new CountrySpecificDetailSearchResult(); + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java index 13d9117d..8ddd79bb 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java @@ -35,16 +35,6 @@ public interface ICountrySpecificDetailSearchProcessor { */ String getName(); - /** - * Get the priority of this eID Post-Processor
- * If more than one Post-Processor implementations can handle the eID data, the - * post-processor with the highest priority are selected. The Default-Processor - * has priority '0' - * - * @return Priority of this handler - */ - int getPriority(); - /** * Check if this postProcessor is sensitive for a specific country. * @@ -55,4 +45,5 @@ public interface ICountrySpecificDetailSearchProcessor { boolean canHandle(String countryCode, SimpleEidasData eidData); CountrySpecificDetailSearchResult search(SimpleEidasData eidData); + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java new file mode 100644 index 00000000..bb0a5262 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java @@ -0,0 +1,29 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.CountrySpecificDetailSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; + +public class ItSpecificDetailSearchProcessor implements ICountrySpecificDetailSearchProcessor { + + @Override + public String getName() { + return this.getClass().getName(); + } + + @Override + public boolean canHandle(String countryCode, SimpleEidasData eidData) { + if (!countryCode.equalsIgnoreCase("it")) { + return false; + } + if (eidData.getTaxNumber() == null || eidData.getTaxNumber().isEmpty()) { + return false; + } + return true; + } + + @Override + public CountrySpecificDetailSearchResult search(SimpleEidasData eidData) { + //TODO + return new CountrySpecificDetailSearchResult(); + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index d8c14b8e..2a5b9a23 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -24,7 +24,6 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; import java.util.ArrayList; -import java.util.Collections; import java.util.HashMap; import java.util.Iterator; import java.util.List; @@ -52,7 +51,6 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb.IErnbClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ICountrySpecificDetailSearchProcessor; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; @@ -67,6 +65,7 @@ import eu.eidas.auth.commons.light.ILightResponse; import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; import lombok.extern.slf4j.Slf4j; + /** * Task that searches ErnB and ZMR before adding person to SZR. * @@ -111,12 +110,12 @@ public class InitialSearchTask extends AbstractAuthServletTask { } - log.trace("Sorting country specific detail search services on priority ... "); - Collections.sort(handlers, (thisAuthModule, otherAuthModule) -> { - final int thisOrder = thisAuthModule.getPriority(); - final int otherOrder = otherAuthModule.getPriority(); - return thisOrder < otherOrder ? 1 : thisOrder == otherOrder ? 0 : -1; - }); + // log.trace("Sorting country specific detail search services on priority ... "); + // Collections.sort(handlers, (thisAuthModule, otherAuthModule) -> { + // final int thisOrder = thisAuthModule.getPriority(); + // final int otherOrder = otherAuthModule.getPriority(); + // return thisOrder < otherOrder ? 1 : thisOrder == otherOrder ? 0 : -1; + // }); log.info("# " + handlers.size() + " country specific detail search services are registrated"); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 0f6277c0..ca6eba20 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -80,6 +80,14 @@ + + + + + + Date: Thu, 7 Jan 2021 18:16:45 +0100 Subject: Resolve merge comments --- .../properties/status_messages_en.properties | 3 + .../specific/modules/auth/eidas/v2/Constants.java | 2 +- .../modules/auth/eidas/v2/dao/ErnbEidData.java | 2 +- .../eidas/v2/dao/MergedRegisterSearchResult.java | 57 ++- .../modules/auth/eidas/v2/dao/RegisterResult.java | 61 +-- .../modules/auth/eidas/v2/dao/SimpleEidasData.java | 27 +- .../auth/eidas/v2/ernb/DummyErnbClient.java | 43 -- .../modules/auth/eidas/v2/ernb/IErnbClient.java | 20 - .../auth/eidas/v2/ernp/DummyErnpClient.java | 66 ++++ .../modules/auth/eidas/v2/ernp/IErnpClient.java | 43 ++ .../v2/exception/ManualFixNecessaryException.java | 6 +- .../auth/eidas/v2/exception/WorkflowException.java | 6 +- .../CountrySpecificDetailSearchProcessor.java | 61 +++ .../handler/DeSpecificDetailSearchProcessor.java | 35 +- .../ICountrySpecificDetailSearchProcessor.java | 61 --- .../handler/ItSpecificDetailSearchProcessor.java | 34 +- .../auth/eidas/v2/tasks/InitialSearchTask.java | 188 ++++----- .../eidas/v2/tasks/ReceiveAuthnResponseTask.java | 2 +- .../auth/eidas/v2/utils/EidasResponseUtils.java | 82 +--- .../modules/auth/eidas/v2/zmr/DummyZmrClient.java | 27 +- .../modules/auth/eidas/v2/zmr/IZmrClient.java | 27 +- .../src/main/resources/eidas_v2_auth.beans.xml | 2 +- .../v2/test/tasks/InitialSearchTaskFirstTest.java | 438 +++++++++------------ .../resources/SpringTest-context_tasks_test.xml | 2 +- 24 files changed, 683 insertions(+), 612 deletions(-) delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/DummyErnbClient.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/IErnbClient.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/connector/src/main/resources/properties/status_messages_en.properties b/connector/src/main/resources/properties/status_messages_en.properties index 80228a47..c430fc90 100644 --- a/connector/src/main/resources/properties/status_messages_en.properties +++ b/connector/src/main/resources/properties/status_messages_en.properties @@ -6,6 +6,9 @@ eidas.04=Request contains no sessionToken. Authentication process stops eidas.05=Received eIDAS response-message is not valid. Reason: {0} eidas.06=LoA from eIDAS response-message {0} does not match to requested LoA eidas.07=eIDAS Response attribute-validation FAILED. Attribute:{0} Reason: {1} +eidas.08=An unexpected error occurred. +eidas.09=An error occurred while loading your data from official registers. Please contact the support. + config.01=No configuration-file parameter found. Maybe Java SystemD parameter is missing config.03=Can not load configuration from path {0} (See logs for more details) diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 767a2d12..57fd6ef1 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -32,7 +32,7 @@ public class Constants { public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA"; public static final String DATA_REQUESTED_LOA_COMPERISON = "req_requestedLoAComperision"; public static final String DATA_FULL_EIDAS_RESPONSE = "resp_fulleIDASResponse"; - public static final String DATA_RESULT_MATCHING_BPK = "matching-result-bpk";//TODO? + public static final String DATA_RESULT_MATCHING_BPK = "matching-result-bpk"; // templates for post-binding forwarding public static final String TEMPLATE_POST_FORWARD_NAME = "eidas_node_forward.html"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/ErnbEidData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/ErnbEidData.java index 6c7eeb6b..b780d3e8 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/ErnbEidData.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/ErnbEidData.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2020 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java index 056b0450..7703af2a 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java @@ -1,3 +1,26 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; @@ -5,28 +28,48 @@ import lombok.Data; import java.util.ArrayList; -@Data public class MergedRegisterSearchResult { +@Data +public class MergedRegisterSearchResult { + + final ArrayList resultsZmr; + final ArrayList resultsErnp; - ArrayList resultsZmr = new ArrayList<>(); - ArrayList resultsErnb = new ArrayList<>(); + public MergedRegisterSearchResult(ArrayList resultsZmr, ArrayList resultsErnp) { + this.resultsZmr = resultsZmr; + this.resultsErnp = resultsErnp; + } public int getResultCount() { - return resultsZmr.size() + resultsErnb.size(); + return resultsZmr.size() + resultsErnp.size(); } /** - * Verfies that there is only one match and retunrs the bpk. + * Verifies that there is only one match and returns the bpk. + * * @return bpk bpk of the match * @throws WorkflowException if multiple results have been found */ public String getBpk() throws WorkflowException { + if (getResultCount() != 1) { + throw new WorkflowException("getResultCount() != 1"); + } + return getResult().getBpk(); + } + + /** + * Returns the results, if there is exactly one, throws exception otherwise. + * + * @return The result + * @throws WorkflowException Results does not contain exactly one result + */ + public RegisterResult getResult() throws WorkflowException { if (getResultCount() != 1) { throw new WorkflowException("getResultCount() != 1"); } if (resultsZmr.size() == 1) { - return resultsZmr.get(0).getBpk(); + return resultsZmr.get(0); } else { - return resultsErnb.get(0).getBpk(); + return resultsErnp.get(0); } } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java index c92808a1..1cc36fe9 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java @@ -1,3 +1,26 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; @@ -7,18 +30,18 @@ import lombok.Data; public class RegisterResult { // MDS - private String pseudonym = null; - private String givenName = null; - private String familyName = null; - private String dateOfBirth = null; + private String pseudonym; + private String givenName; + private String familyName; + private String dateOfBirth; // additional attributes - private String placeOfBirth = null; - private String birthName = null; - private String taxNumber = null; - private PostalAddressType address = null; + private String placeOfBirth; + private String birthName; + private String taxNumber; + private PostalAddressType address; - private String bpk = null; + private String bpk; /** * Register search result. @@ -37,26 +60,6 @@ public class RegisterResult { this.dateOfBirth = dateOfBirth; } - /** - * Register search result. - * - * @param bpk The bpk - * @param pseudonym The pseudonym - * @param givenName The givenName - * @param familyName The familyName - * @param dateOfBirth The dateOfBirth - * @param placeOfBirth The placeOfBirth - */ - public RegisterResult(String bpk, String pseudonym, String givenName, String familyName, String dateOfBirth, - String placeOfBirth) { - this.bpk = bpk; - this.pseudonym = pseudonym; - this.givenName = givenName; - this.familyName = familyName; - this.dateOfBirth = dateOfBirth; - this.placeOfBirth = placeOfBirth; - } - /** * Register search result. * diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java index 674f5b48..57597122 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2020 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * @@ -30,18 +30,18 @@ import lombok.Data; @Data public class SimpleEidasData { - private String citizenCountryCode = null; + private String citizenCountryCode; // MDS - private String pseudonym = null; - private String givenName = null; - private String familyName = null; - private String dateOfBirth = null; + private String pseudonym; + private String givenName; + private String familyName; + private String dateOfBirth; // additional attributes - private String placeOfBirth = null; - private String birthName = null; - private PostalAddressType address = null; + private String placeOfBirth; + private String birthName; + private PostalAddressType address; private String taxNumber; /** @@ -51,14 +51,7 @@ public class SimpleEidasData { * @throws WorkflowException if multiple results have been found */ public boolean equalsRegisterData(MergedRegisterSearchResult result) throws WorkflowException { - if (result.getResultCount() != 1) { - throw new WorkflowException("result.getResultCount() != 1"); - } - if (result.getResultsErnb().size() == 1) { - return equalsRegisterData(result.getResultsErnb().get(0)); - } else { - return equalsRegisterData(result.getResultsZmr().get(0)); - } + return equalsRegisterData(result.getResult()); } private boolean equalsRegisterData(RegisterResult result) { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/DummyErnbClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/DummyErnbClient.java deleted file mode 100644 index 2d2fa76d..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/DummyErnbClient.java +++ /dev/null @@ -1,43 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import org.springframework.stereotype.Service; - -import java.util.ArrayList; - -@Service("ErnbClientForeIDAS") -public class DummyErnbClient implements IErnbClient { - - @Override - public ArrayList searchWithPersonIdentifer(String personIdentifer) { - return resultEmpty(); - } - - @Override - public ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth) { - return resultEmpty();//TODO will I only receive matches where all three values match perfectly? - } - - @Override - public ArrayList searchDeSpecific(String givenName, String familyName, String dateOfBirth, - String birthPlace, String birthName) { - return resultEmpty();//TODO - } - - @Override - public ArrayList searchItSpecific(String txNumber) { - return resultEmpty();//TODO - } - - @Override - public void update(RegisterResult registerResult, SimpleEidasData eidData) { - //TODO - } - - private ArrayList resultEmpty() { - return new ArrayList();//Nobody found - } - - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/IErnbClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/IErnbClient.java deleted file mode 100644 index cda4c426..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernb/IErnbClient.java +++ /dev/null @@ -1,20 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; - -import java.util.ArrayList; - -public interface IErnbClient { - - ArrayList searchWithPersonIdentifer(String personIdentifer); - - ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth); - - ArrayList searchDeSpecific(String givenName, String familyName, String dateOfBirth, - String birthPlace, String birthName); - - ArrayList searchItSpecific(String txNumber); - - void update(RegisterResult registerResult, SimpleEidasData eidData); -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java new file mode 100644 index 00000000..3b49ab95 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java @@ -0,0 +1,66 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import org.springframework.stereotype.Service; + +import java.util.ArrayList; + +@Service("ErnbClientForeIDAS") +public class DummyErnpClient implements IErnpClient { + + @Override + public ArrayList searchWithPersonIdentifier(String personIdentifier) { + return resultEmpty(); + } + + @Override + public ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth) { + return resultEmpty();//TODO will I only receive matches where all three values match perfectly? + } + + @Override + public ArrayList searchDeSpecific(String givenName, String familyName, String dateOfBirth, + String birthPlace, String birthName) { + return resultEmpty();//TODO + } + + @Override + public ArrayList searchItSpecific(String taxNumber) { + return resultEmpty();//TODO + } + + @Override + public void update(RegisterResult registerResult, SimpleEidasData eidData) { + //TODO + } + + private ArrayList resultEmpty() { + return new ArrayList();//Nobody found + } + + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java new file mode 100644 index 00000000..01ac88fb --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java @@ -0,0 +1,43 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; + +import java.util.ArrayList; + +public interface IErnpClient { + + ArrayList searchWithPersonIdentifier(String personIdentifier); + + ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth); + + ArrayList searchDeSpecific(String givenName, String familyName, String dateOfBirth, + String birthPlace, String birthName); + + ArrayList searchItSpecific(String taxNumber); + + void update(RegisterResult registerResult, SimpleEidasData eidData); +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java index c22e8135..2fecaa6b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2020 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * @@ -29,10 +29,10 @@ public class ManualFixNecessaryException extends EidasSAuthenticationException { private static final long serialVersionUID = 1L; public ManualFixNecessaryException(String personIdentifier) { - super("eidas.00", new Object[] { personIdentifier });//TODO "eidas.00" + super("eidas.09", new Object[] { personIdentifier }); } public ManualFixNecessaryException(SimpleEidasData eidData) { - super("eidas.00", new Object[] { eidData.getPseudonym() });//TODO "eidas.00" => what info to pass??? + super("eidas.09", new Object[] { eidData.getPseudonym() });//TODO what info to pass??? } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/WorkflowException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/WorkflowException.java index aa879bcc..b6f3309b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/WorkflowException.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/WorkflowException.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2020 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * @@ -19,7 +19,7 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. -*/ + */ package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; @@ -27,7 +27,7 @@ public class WorkflowException extends EidasSAuthenticationException { private static final long serialVersionUID = 1L; public WorkflowException(String data) { - super("eidas.00", new Object[] { data }); + super("eidas.08", new Object[]{data}); } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java new file mode 100644 index 00000000..c5b3b231 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java @@ -0,0 +1,61 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; + +public abstract class CountrySpecificDetailSearchProcessor { + + protected IErnpClient ernbClient; + protected IZmrClient zmrClient; + + public CountrySpecificDetailSearchProcessor(IErnpClient ernbClient, IZmrClient zmrClient) { + this.ernbClient = ernbClient; + this.zmrClient = zmrClient; + } + + /** + * Get a friendlyName of this post-processor implementation. + * + * @return + */ + public String getName() { + return this.getClass().getName(); + } + + /** + * Check if this postProcessor is sensitive for a specific country. + * + * @param countryCode of the eID data that should be processed + * @param eidData eID data + * @return true if this implementation can handle the country, otherwise false + */ + public abstract boolean canHandle(String countryCode, SimpleEidasData eidData); + + public abstract MergedRegisterSearchResult search(SimpleEidasData eidData); + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java index e8cb7a1a..a29725c8 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java @@ -1,17 +1,40 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb.IErnbClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; import java.util.ArrayList; -public class DeSpecificDetailSearchProcessor extends ICountrySpecificDetailSearchProcessor { +public class DeSpecificDetailSearchProcessor extends CountrySpecificDetailSearchProcessor { - public DeSpecificDetailSearchProcessor(IErnbClient ernbClient, IZmrClient zmrClient) { + public DeSpecificDetailSearchProcessor(IErnpClient ernbClient, IZmrClient zmrClient) { super(ernbClient, zmrClient); } @@ -31,17 +54,17 @@ public class DeSpecificDetailSearchProcessor extends ICountrySpecificDetailSearc @Override public MergedRegisterSearchResult search(SimpleEidasData eidData) { - MergedRegisterSearchResult searchResult = new MergedRegisterSearchResult(); + ArrayList resultsZmr = zmrClient.searchDeSpecific(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth(), eidData.getPlaceOfBirth(), eidData.getBirthName()); - searchResult.setResultsZmr(resultsZmr); ArrayList resultsErnb = ernbClient.searchDeSpecific(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth(), eidData.getPlaceOfBirth(), eidData.getBirthName()); - searchResult.setResultsErnb(resultsErnb); + + MergedRegisterSearchResult searchResult = new MergedRegisterSearchResult(resultsZmr, resultsErnb); return searchResult; } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java deleted file mode 100644 index 6a2b2c0a..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb.IErnbClient; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; - -public abstract class ICountrySpecificDetailSearchProcessor { - - protected IErnbClient ernbClient; - protected IZmrClient zmrClient; - - public ICountrySpecificDetailSearchProcessor(IErnbClient ernbClient, IZmrClient zmrClient) { - this.ernbClient = ernbClient; - this.zmrClient = zmrClient; - } - - /** - * Get a friendlyName of this post-processor implementation. - * - * @return - */ - public String getName() { - return this.getClass().getName(); - } - - /** - * Check if this postProcessor is sensitive for a specific country. - * - * @param countryCode of the eID data that should be processed - * @param eidData eID data - * @return true if this implementation can handle the country, otherwise false - */ - public abstract boolean canHandle(String countryCode, SimpleEidasData eidData); - - public abstract MergedRegisterSearchResult search(SimpleEidasData eidData); - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java index a94a67b3..e730066d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java @@ -1,17 +1,40 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb.IErnbClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; import java.util.ArrayList; -public class ItSpecificDetailSearchProcessor extends ICountrySpecificDetailSearchProcessor { +public class ItSpecificDetailSearchProcessor extends CountrySpecificDetailSearchProcessor { - public ItSpecificDetailSearchProcessor(IErnbClient ernbClient, IZmrClient zmrClient) { + public ItSpecificDetailSearchProcessor(IErnpClient ernbClient, IZmrClient zmrClient) { super(ernbClient, zmrClient); } @@ -28,15 +51,14 @@ public class ItSpecificDetailSearchProcessor extends ICountrySpecificDetailSearc @Override public MergedRegisterSearchResult search(SimpleEidasData eidData) { - MergedRegisterSearchResult searchResult = new MergedRegisterSearchResult(); ArrayList resultsZmr = zmrClient.searchItSpecific(eidData.getTaxNumber()); - searchResult.setResultsZmr(resultsZmr); ArrayList resultsErnb = ernbClient.searchItSpecific(eidData.getTaxNumber()); - searchResult.setResultsErnb(resultsErnb); + + MergedRegisterSearchResult searchResult = new MergedRegisterSearchResult(resultsZmr, resultsErnb); return searchResult; } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index 5906ee6c..c4f0f146 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -1,5 +1,5 @@ /* - * Copyright 2018 A-SIT Plus GmbH + * Copyright 2020 A-SIT Plus GmbH * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * @@ -42,12 +42,11 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb.IErnbClient; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ICountrySpecificDetailSearchProcessor; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificDetailSearchProcessor; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -63,29 +62,32 @@ import lombok.extern.slf4j.Slf4j; /** - * Task that searches ErnB and ZMR before adding person to SZR. + * Task that searches ErnP and ZMR before adding person to SZR. * - * @author tlenz + * @author amarsalek */ @Slf4j @Component("InitialSearchTask") -// NOTE: General: Please rebase git commit and squash them where useful, i.e. "remove unused import" should -// not be a separate commit. public class InitialSearchTask extends AbstractAuthServletTask { - private List handlers = new ArrayList<>(); + private final List handlers; + private final IErnpClient ernpClient; + private final IZmrClient zmrClient; - private IErnbClient ernbClient; - private IZmrClient zmrClient; - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv. - * egovernment.moa.id.process.api.ExecutionContext, - * javax.servlet.http.HttpServletRequest, - * javax.servlet.http.HttpServletResponse) + /** + * Constructor. + * @param handlers List of countrySpecificSearchProcessors + * @param ernpClient Ernp client + * @param zmrClient ZMR client */ + public InitialSearchTask(List handlers, IErnpClient ernpClient, + IZmrClient zmrClient) { + this.ernpClient = ernpClient; + this.zmrClient = zmrClient; + this.handlers = handlers; + log.info("# " + handlers.size() + " country specific detail search services are registered"); + } + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { @@ -94,7 +96,6 @@ public class InitialSearchTask extends AbstractAuthServletTask { final ILightResponse eidasResponse = authProcessData .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); - // post-process eIDAS attributes final SimpleEidasData eidData = convertSimpleMapToSimpleData(convertEidasAttrToSimpleMap( eidasResponse.getAttributes().getAttributeMap())); @@ -107,10 +108,11 @@ public class InitialSearchTask extends AbstractAuthServletTask { } private String step2RegisterSearchWithPersonidentifier(SimpleEidasData eidData) throws TaskExecutionException { + log.trace("Starting step2RegisterSearchWithPersonidentifier"); String personIdentifier = eidData.getPseudonym(); MergedRegisterSearchResult result = searchInZmrAndErnp(personIdentifier); if (result.getResultCount() == 0) { - return step5CheckCountrySpecificSearchPossible(result, eidData); + return step5CheckAndPerformCountrySpecificSearchIfPossible(result, eidData); } else if (result.getResultCount() == 1) { return step3CheckRegisterUpdateNecessary(result, eidData); } @@ -118,46 +120,9 @@ public class InitialSearchTask extends AbstractAuthServletTask { new ManualFixNecessaryException(personIdentifier)); } - private SimpleEidasData convertSimpleMapToSimpleData(Map eidasAttrMap) - throws EidasAttributeException, EidPostProcessingException { - SimpleEidasData simpleEidasData = new SimpleEidasData(); - - final Object eIdentifierObj = eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); - final Triple eIdentifier = - EidasResponseUtils.parseEidasPersonalIdentifier((String) eIdentifierObj); - simpleEidasData.setCitizenCountryCode(eIdentifier.getFirst()); - - // MDS attributes - simpleEidasData.setPseudonym(EidasResponseUtils.processPseudonym( - eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))); - simpleEidasData.setFamilyName(EidasResponseUtils.processFamilyName( - eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))); - simpleEidasData.setGivenName(EidasResponseUtils.processGivenName( - eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME))); - simpleEidasData.setDateOfBirth(EidasResponseUtils.processDateOfBirthToString( - eidasAttrMap.get(Constants.eIDAS_ATTR_DATEOFBIRTH))); - - // additional attributes - simpleEidasData.setPlaceOfBirth(EidasResponseUtils.processPlaceOfBirth( - eidasAttrMap.get(Constants.eIDAS_ATTR_PLACEOFBIRTH))); - simpleEidasData.setBirthName(EidasResponseUtils.processBirthName( - eidasAttrMap.get(Constants.eIDAS_ATTR_BIRTHNAME))); - simpleEidasData.setAddress(EidasResponseUtils.processAddress( - eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTADDRESS))); - - if (eidasAttrMap.containsKey(Constants.eIDAS_ATTR_TAXREFERENCE)) { - simpleEidasData.setTaxNumber(EidasResponseUtils.processTaxReference( - eidasAttrMap.get(Constants.eIDAS_ATTR_TAXREFERENCE))); - } - - //TODO other additional attributes - return simpleEidasData; - } - private String step3CheckRegisterUpdateNecessary(MergedRegisterSearchResult result, SimpleEidasData eidData) throws TaskExecutionException { - //check if data from eidas authentication matches with data from register - log.debug("Compare " + result + " with " + eidData); + log.trace("Starting step3CheckRegisterUpdateNecessary"); try { if (eidData.equalsRegisterData(result)) { //No update necessary, just return bpk @@ -172,18 +137,19 @@ public class InitialSearchTask extends AbstractAuthServletTask { private String step4UpdateRegisterData(MergedRegisterSearchResult result, SimpleEidasData eidData) throws WorkflowException { + log.trace("Starting step4UpdateRegisterData"); log.debug("Update " + result + " with " + eidData); //TODO wann rechtlich möglich? return result.getBpk(); } - private String step5CheckCountrySpecificSearchPossible(MergedRegisterSearchResult result, SimpleEidasData eidData) - throws TaskExecutionException { + private String step5CheckAndPerformCountrySpecificSearchIfPossible( + MergedRegisterSearchResult result, SimpleEidasData eidData) throws TaskExecutionException { + log.trace("Starting step5CheckAndPerformCountrySpecificSearchIfPossible"); String citizenCountry = eidData.getCitizenCountryCode(); - ICountrySpecificDetailSearchProcessor foundHandler = null; - for (final ICountrySpecificDetailSearchProcessor el : handlers) { - //5 check if country specific search is possible + CountrySpecificDetailSearchProcessor foundHandler = null; + for (final CountrySpecificDetailSearchProcessor el : handlers) { if (el.canHandle(citizenCountry, eidData)) { log.debug("Found suitable country specific search handler for " + citizenCountry + " by using: " + el.getName()); @@ -192,18 +158,16 @@ public class InitialSearchTask extends AbstractAuthServletTask { } } if (foundHandler == null) { - //MDS search return step8RegisterSearchWithMds(result, eidData); } else { - //country specific search return step6CountrySpecificSearch(foundHandler, result, eidData); } } - private String step6CountrySpecificSearch(ICountrySpecificDetailSearchProcessor countrySpecificDetailSearchProcessor, + private String step6CountrySpecificSearch(CountrySpecificDetailSearchProcessor countrySpecificDetailSearchProcessor, MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidData) throws TaskExecutionException { - //6 country specific search + log.trace("Starting step6CountrySpecificSearch"); MergedRegisterSearchResult countrySpecificDetailSearchResult = countrySpecificDetailSearchProcessor.search(eidData); @@ -212,7 +176,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { return step8RegisterSearchWithMds(initialSearchResult, eidData); case 1: return step7aKittProcess(initialSearchResult, countrySpecificDetailSearchResult, eidData); - default://should not happen + default: throw new TaskExecutionException(pendingReq, "Detail search - Kitt Process necessary.", new ManualFixNecessaryException(eidData)); } @@ -221,8 +185,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { private String step7aKittProcess(MergedRegisterSearchResult initialSearchResult, MergedRegisterSearchResult countrySpecificDetailSearchResult, SimpleEidasData eidData) throws TaskExecutionException { - //Automerge data - log.debug("Automerge " + initialSearchResult + " with " + eidData + " " + countrySpecificDetailSearchResult); + log.trace("Starting step7aKittProcess"); try { if (initialSearchResult.getResultCount() != 0) { throw new WorkflowException("initialSearchResult.getResultCount() != 0"); @@ -231,14 +194,11 @@ public class InitialSearchTask extends AbstractAuthServletTask { throw new WorkflowException("countrySpecificDetailSearchResult.getResultCount() != 1"); } if (countrySpecificDetailSearchResult.getResultsZmr().size() == 1) { - //update ZMR zmrClient.update(countrySpecificDetailSearchResult.getResultsZmr().get(0), eidData); } - if (countrySpecificDetailSearchResult.getResultsErnb().size() == 1) { - //update ErnB - ernbClient.update(countrySpecificDetailSearchResult.getResultsErnb().get(0), eidData); + if (countrySpecificDetailSearchResult.getResultsErnp().size() == 1) { + ernpClient.update(countrySpecificDetailSearchResult.getResultsErnp().get(0), eidData); } - String bpK = countrySpecificDetailSearchResult.getBpk(); return bpK; } catch (WorkflowException e) { @@ -248,35 +208,70 @@ public class InitialSearchTask extends AbstractAuthServletTask { private String step8RegisterSearchWithMds(MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidData) { - MergedRegisterSearchResult mdsSearchResult = new MergedRegisterSearchResult(); - + log.trace("Starting step8RegisterSearchWithMds"); ArrayList resultsZmr = zmrClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); - mdsSearchResult.setResultsZmr(resultsZmr); - ArrayList resultsErnb = - ernbClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); - mdsSearchResult.setResultsErnb(resultsErnb); + ArrayList resultsErnp = + ernpClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); + MergedRegisterSearchResult mdsSearchResult = new MergedRegisterSearchResult(resultsZmr, resultsErnp); log.debug("Automerge " + initialSearchResult + " with " + eidData + " " + mdsSearchResult); //TODO implement next phase and return correct value return "TODO-Temporary-Endnode-105"; } private MergedRegisterSearchResult searchInZmrAndErnp(String personIdentifier) { - MergedRegisterSearchResult initialSearchResult = new MergedRegisterSearchResult(); ArrayList resultsZmr = - zmrClient.searchWithPersonIdentifer(personIdentifier); - initialSearchResult.setResultsZmr(resultsZmr); + zmrClient.searchWithPersonIdentifier(personIdentifier); - ArrayList resultsErnb = - ernbClient.searchWithPersonIdentifer(personIdentifier); - initialSearchResult.setResultsErnb(resultsErnb); + ArrayList resultsErnp = + ernpClient.searchWithPersonIdentifier(personIdentifier); + MergedRegisterSearchResult initialSearchResult = new MergedRegisterSearchResult(resultsZmr, resultsErnp); return initialSearchResult; } + private SimpleEidasData convertSimpleMapToSimpleData(Map eidasAttrMap) + throws EidasAttributeException { + SimpleEidasData simpleEidasData = new SimpleEidasData(); + + final Object eIdentifierObj = eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + final Triple eIdentifier = + EidasResponseUtils.parseEidasPersonalIdentifier((String) eIdentifierObj); + if (eIdentifier == null) { + throw new EidasAttributeException("Error processing eIdentifier"); + } + simpleEidasData.setCitizenCountryCode(eIdentifier.getFirst()); + + // MDS attributes + simpleEidasData.setPseudonym(EidasResponseUtils.processPseudonym( + eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))); + simpleEidasData.setFamilyName(EidasResponseUtils.processFamilyName( + eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))); + simpleEidasData.setGivenName(EidasResponseUtils.processGivenName( + eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME))); + simpleEidasData.setDateOfBirth(EidasResponseUtils.processDateOfBirthToString( + eidasAttrMap.get(Constants.eIDAS_ATTR_DATEOFBIRTH))); + + // additional attributes + simpleEidasData.setPlaceOfBirth(EidasResponseUtils.processPlaceOfBirth( + eidasAttrMap.get(Constants.eIDAS_ATTR_PLACEOFBIRTH))); + simpleEidasData.setBirthName(EidasResponseUtils.processBirthName( + eidasAttrMap.get(Constants.eIDAS_ATTR_BIRTHNAME))); + simpleEidasData.setAddress(EidasResponseUtils.processAddress( + eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTADDRESS))); + + if (eidasAttrMap.containsKey(Constants.eIDAS_ATTR_TAXREFERENCE)) { + simpleEidasData.setTaxNumber(EidasResponseUtils.processTaxReference( + eidasAttrMap.get(Constants.eIDAS_ATTR_TAXREFERENCE))); + } + + //TODO other additional attributes + return simpleEidasData; + } + private Map convertEidasAttrToSimpleMap( ImmutableMap, ImmutableSet>> attributeMap) { final Map result = new HashMap<>(); @@ -293,7 +288,6 @@ public class InitialSearchTask extends AbstractAuthServletTask { } else { log.info("Ignore empty 'DateTime' attribute"); } - } else if (PostalAddress.class.equals(parameterizedType)) { final PostalAddress addressAttribute = EidasResponseUtils .translateAddressAttribute(el, attributeMap.get(el).asList()); @@ -304,7 +298,6 @@ public class InitialSearchTask extends AbstractAuthServletTask { } else { log.info("Ignore empty 'PostalAddress' attribute"); } - } else { final List natPersonIdObj = EidasResponseUtils .translateStringListAttribute(el, attributeMap.get(el)); @@ -312,7 +305,6 @@ public class InitialSearchTask extends AbstractAuthServletTask { if (StringUtils.isNotEmpty(stringAttr)) { result.put(el.getFriendlyName(), stringAttr); log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + stringAttr); - } else { log.info("Ignore empty 'String' attribute"); } @@ -324,18 +316,4 @@ public class InitialSearchTask extends AbstractAuthServletTask { return result; } - - /** - * Constructor. - * @param handlers List of countrySpecificSearchProcessors - * @param ernbClient Ernb client - * @param zmrClient ZMR client - */ - public InitialSearchTask(List handlers, IErnbClient ernbClient, - IZmrClient zmrClient) { - this.ernbClient = ernbClient; - this.zmrClient = zmrClient; - this.handlers = handlers; - log.info("# " + handlers.size() + " country specific detail search services are registered"); - } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java index 684546f7..0f733e8d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java @@ -94,7 +94,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { attrRegistry); // ********************************************************** - // ******* Store resonse infos into session object ********** + // ******* Store response infos into session object ********** // ********************************************************** // update MOA-Session data with received information diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java index aaa4212a..fa26c2c5 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java @@ -31,9 +31,6 @@ import java.util.regex.Pattern; import javax.annotation.Nullable; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; -import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; import org.slf4j.Logger; @@ -43,6 +40,8 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; import at.gv.egiz.eaaf.core.impl.data.Triple; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.AttributeValue; @@ -177,7 +176,6 @@ public class EidasResponseUtils { ImmutableList> attributeValues) { final AttributeValue firstAttributeValue = attributeValues.get(0); return (PostalAddress) firstAttributeValue.getValue(); - } /** @@ -185,34 +183,24 @@ public class EidasResponseUtils { * * @param currentAddressObj eIDAS current address information * @return current address or null if no attribute is available - * @throws EidPostProcessingException if post-processing fails * @throws EidasAttributeException if eIDAS attribute is of a wrong type */ - public static PostalAddressType processAddress(Object currentAddressObj) throws EidPostProcessingException, - EidasAttributeException { - + public static PostalAddressType processAddress(Object currentAddressObj) throws EidasAttributeException { if (currentAddressObj != null) { if (currentAddressObj instanceof PostalAddress) { final PostalAddressType result = new PostalAddressType(); result.setPostalCode(((PostalAddress) currentAddressObj).getPostCode()); result.setMunicipality(((PostalAddress) currentAddressObj).getPostName()); - // TODO: add more mappings - return result; - } else { log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_CURRENTADDRESS + " is of WRONG type"); throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTADDRESS); - } - } else { log.debug("NO '" + Constants.eIDAS_ATTR_CURRENTADDRESS + "' attribute. Post-Processing skipped ... "); } - return null; - } /** @@ -220,27 +208,20 @@ public class EidasResponseUtils { * * @param birthNameObj eIDAS birthname information * @return birthName or null if no attribute is available - * @throws EidPostProcessingException if post-processing fails * @throws EidasAttributeException if eIDAS attribute is of a wrong type */ - public static String processBirthName(Object birthNameObj) throws EidPostProcessingException, - EidasAttributeException { + public static String processBirthName(Object birthNameObj) throws EidasAttributeException { if (birthNameObj != null) { if (birthNameObj instanceof String) { return (String) birthNameObj; - } else { log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_BIRTHNAME + " is of WRONG type"); throw new EidasAttributeException(Constants.eIDAS_ATTR_BIRTHNAME); - } - } else { log.debug("NO '" + Constants.eIDAS_ATTR_BIRTHNAME + "' attribute. Post-Processing skipped ... "); } - return null; - } /** @@ -248,11 +229,9 @@ public class EidasResponseUtils { * * @param placeOfBirthObj eIDAS Place-of-Birth information * @return place of Birth or null if no attribute is available - * @throws EidPostProcessingException if post-processing fails * @throws EidasAttributeException if eIDAS attribute is of a wrong type */ - public static String processPlaceOfBirth(Object placeOfBirthObj) throws EidPostProcessingException, - EidasAttributeException { + public static String processPlaceOfBirth(Object placeOfBirthObj) throws EidasAttributeException { if (placeOfBirthObj != null) { if (placeOfBirthObj instanceof String) { return (String) placeOfBirthObj; @@ -266,9 +245,7 @@ public class EidasResponseUtils { } else { log.debug("NO '" + Constants.eIDAS_ATTR_PLACEOFBIRTH + "' attribute. Post-Processing skipped ... "); } - return null; - } /** @@ -277,16 +254,12 @@ public class EidasResponseUtils { * @param dateOfBirthObj eIDAS date-of-birth attribute information * @return formated user's date-of-birth * @throws EidasAttributeException if NO attribute is available - * @throws EidPostProcessingException if post-processing fails */ - public static DateTime processDateOfBirth(Object dateOfBirthObj) throws EidPostProcessingException, - EidasAttributeException { - if (dateOfBirthObj == null || !(dateOfBirthObj instanceof DateTime)) { + public static DateTime processDateOfBirth(Object dateOfBirthObj) throws EidasAttributeException { + if (!(dateOfBirthObj instanceof DateTime)) { throw new EidasAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); } - return (DateTime) dateOfBirthObj; - } /** @@ -295,11 +268,9 @@ public class EidasResponseUtils { * @param dateOfBirthObj eIDAS date-of-birth attribute information * @return formated user's date-of-birth as string * @throws EidasAttributeException if NO attribute is available - * @throws EidPostProcessingException if post-processing fails */ - public static String processDateOfBirthToString(Object dateOfBirthObj) throws EidPostProcessingException, - EidasAttributeException { - if (dateOfBirthObj == null || !(dateOfBirthObj instanceof DateTime)) { + public static String processDateOfBirthToString(Object dateOfBirthObj) throws EidasAttributeException { + if (!(dateOfBirthObj instanceof DateTime)) { throw new EidasAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); } return new SimpleDateFormat("yyyy-MM-dd").format(((DateTime) dateOfBirthObj).toDate()); @@ -311,16 +282,12 @@ public class EidasResponseUtils { * @param givenNameObj eIDAS givenName attribute information * @return formated user's givenname * @throws EidasAttributeException if NO attribute is available - * @throws EidPostProcessingException if post-processing fails */ - public static String processGivenName(Object givenNameObj) throws EidPostProcessingException, - EidasAttributeException { - if (givenNameObj == null || !(givenNameObj instanceof String)) { + public static String processGivenName(Object givenNameObj) throws EidasAttributeException { + if (!(givenNameObj instanceof String)) { throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); } - return (String) givenNameObj; - } /** @@ -329,16 +296,12 @@ public class EidasResponseUtils { * @param familyNameObj eIDAS familyName attribute information * @return formated user's familyname * @throws EidasAttributeException if NO attribute is available - * @throws EidPostProcessingException if post-processing fails */ - public static String processFamilyName(Object familyNameObj) throws EidPostProcessingException, - EidasAttributeException { - if (familyNameObj == null || !(familyNameObj instanceof String)) { + public static String processFamilyName(Object familyNameObj) throws EidasAttributeException { + if (!(familyNameObj instanceof String)) { throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); } - return (String) familyNameObj; - } /** @@ -347,17 +310,16 @@ public class EidasResponseUtils { * @param personalIdObj eIDAS PersonalIdentifierAttribute * @return Unique personal identifier without country-code information * @throws EidasAttributeException if NO attribute is available - * @throws EidPostProcessingException if post-processing fails */ - public static String processPseudonym(Object personalIdObj) throws EidPostProcessingException, - EidasAttributeException { - if (personalIdObj == null || !(personalIdObj instanceof String)) { + public static String processPseudonym(Object personalIdObj) throws EidasAttributeException { + if (!(personalIdObj instanceof String)) { throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); } - final Triple eIdentifier = EidasResponseUtils.parseEidasPersonalIdentifier((String) personalIdObj); - + if (eIdentifier.getThird() == null) { + throw new EidasAttributeException("Error processing eIdentifier"); + } return eIdentifier.getThird(); } @@ -367,15 +329,11 @@ public class EidasResponseUtils { * @param taxReferenceObj eIDAS TaxReference attribute information * @return formated user's TaxReference * @throws EidasAttributeException if NO attribute is available - * @throws EidPostProcessingException if post-processing fails */ - public static String processTaxReference(Object taxReferenceObj) throws EidPostProcessingException, - EidasAttributeException { - if (taxReferenceObj == null || !(taxReferenceObj instanceof String)) { + public static String processTaxReference(Object taxReferenceObj) throws EidasAttributeException { + if (!(taxReferenceObj instanceof String)) { throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); } - return (String) taxReferenceObj; - } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java index f4d77b03..60dd2ef2 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java @@ -1,3 +1,26 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; @@ -10,7 +33,7 @@ import java.util.ArrayList; public class DummyZmrClient implements IZmrClient { @Override - public ArrayList searchWithPersonIdentifer(String personIdentifer) { + public ArrayList searchWithPersonIdentifier(String personIdentifier) { return resultEmpty(); } @@ -26,7 +49,7 @@ public class DummyZmrClient implements IZmrClient { } @Override - public ArrayList searchItSpecific(String txNumber) { + public ArrayList searchItSpecific(String taxNumber) { return resultEmpty();//TODO } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java index 4af7bfe9..3a518e64 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java @@ -1,3 +1,26 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; @@ -7,14 +30,14 @@ import java.util.ArrayList; public interface IZmrClient { - ArrayList searchWithPersonIdentifer(String personIdentifer); + ArrayList searchWithPersonIdentifier(String personIdentifier); ArrayList searchWithMds(String givenName, String familyName, String dateOfBirth); ArrayList searchDeSpecific(String givenName, String familyName, String dateOfBirth, String birthPlace, String birthName); - ArrayList searchItSpecific(String txNumber); + ArrayList searchItSpecific(String taxNumber); void update(RegisterResult registerResult, SimpleEidasData eidData); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index ca6eba20..52404bab 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -18,7 +18,7 @@ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient" /> + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.DummyErnpClient" /> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskFirstTest.java index f7fc6b06..a1dce0f2 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskFirstTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskFirstTest.java @@ -1,11 +1,34 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernb.IErnbClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeSpecificDetailSearchProcessor; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ICountrySpecificDetailSearchProcessor; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificDetailSearchProcessor; import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ItSpecificDetailSearchProcessor; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.InitialSearchTask; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; @@ -27,10 +50,7 @@ import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; -import org.mockito.InjectMocks; -import org.mockito.Mock; import org.mockito.Mockito; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.test.annotation.DirtiesContext; @@ -46,6 +66,7 @@ import java.net.URI; import java.net.URISyntaxException; import java.util.ArrayList; import java.util.List; +import java.util.Random; @RunWith(SpringJUnit4ClassRunner.class) @@ -53,13 +74,9 @@ import java.util.List; @DirtiesContext(classMode = ClassMode.BEFORE_CLASS) public class InitialSearchTaskFirstTest { - @Autowired(required = true) - @Mock - @InjectMocks private InitialSearchTask task; - private IZmrClient zmrClient; - private IErnbClient ernbClient; + private IErnpClient ernpClient; final ExecutionContext executionContext = new ExecutionContextImpl(); private MockHttpServletRequest httpReq; @@ -68,6 +85,12 @@ public class InitialSearchTaskFirstTest { private String randomIdentifier = RandomStringUtils.randomNumeric(10); private String randomFamilyName = RandomStringUtils.randomNumeric(11); private String randomGivenName = RandomStringUtils.randomNumeric(12); + private String randomPlaceOfBirth = RandomStringUtils.randomNumeric(12); + private String randomBirthName = RandomStringUtils.randomNumeric(12); + private String randomDate = "2011-01-"+ (10 + new Random().nextInt(18)); + private String DE_ST = "de/st/"; + private String IT_ST = "it/st/"; + /** * jUnit class initializer. * @@ -101,68 +124,52 @@ public class InitialSearchTaskFirstTest { /** * One match, but register update needed */ - // NOTE: Why is the method named "testNode100a"? - public void testNode100a() throws Exception { + public void testNode100_UserIdentifiedUpdateNecessary_a() throws Exception { - //Mock ZMR ArrayList zmrResult = new ArrayList<>(); String randomBpk = RandomStringUtils.randomNumeric(6); - zmrResult.add(new RegisterResult(randomBpk, "de/st/"+randomIdentifier, "Max_new", randomFamilyName, "2011-01-01")); + String newFirstName = RandomStringUtils.randomAlphabetic(5); + zmrResult.add(new RegisterResult(randomBpk, DE_ST+randomIdentifier, newFirstName, randomFamilyName, randomDate)); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResult); - - //Mock ernb - ArrayList ernbResult = new ArrayList<>(); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResult); - - task = new InitialSearchTask(emptyHandlers(), ernbClient, zmrClient); - try { - task.execute(pendingReq, executionContext); - String bPk = (String) - pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); + ArrayList ernpResult = new ArrayList<>(); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - } catch (final TaskExecutionException e) { - // NOTE: assertTrue is probably the wrong method to use ... why catch the exception anyway? - Assert.assertTrue("Wrong workflow, should not reach this point", false); - } + task = new InitialSearchTask(emptyHandlers(), ernpClient, zmrClient); + task.execute(pendingReq, executionContext); + String bPk = (String) + pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); } @Test - // NOTE: Why is @DirtiesContext after each test necessary? What is changed in the context and why? @DirtiesContext /** * One match, but register update needed */ - public void testNode100b() throws Exception { + public void testNode100_UserIdentifiedUpdateNecessary_b() throws TaskExecutionException { - //Mock ZMR ArrayList zmrResult = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResult);//"de/st/max123"??? + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - //Mock ernb - ArrayList ernbResult = new ArrayList<>(); + ArrayList ernpResult = new ArrayList<>(); String randomBpk = RandomStringUtils.randomNumeric(6); - ernbResult.add(new RegisterResult(randomBpk, "de/st/"+randomIdentifier, "Max_new", randomFamilyName, "2011-01-01")); + ernpResult.add(new RegisterResult(randomBpk, DE_ST+randomIdentifier, "Max_new", randomFamilyName, randomDate)); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResult); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - task = new InitialSearchTask(emptyHandlers(), ernbClient, zmrClient); - try { - task.execute(pendingReq, executionContext); - String bPk = (String) - pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); + task = new InitialSearchTask(emptyHandlers(), ernpClient, zmrClient); + task.execute(pendingReq, executionContext); + String bPk = (String) + pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); - } catch (final TaskExecutionException e) { - Assert.assertTrue("Wrong workflow, should not reach this point", false); - } } @@ -171,21 +178,19 @@ public class InitialSearchTaskFirstTest { /** * Two matches found in ZMR */ - public void testNode101a() throws Exception { + public void testNode101_ManualFixNecessary_a() throws Exception { - //Mock ZMR ArrayList zmrResult = new ArrayList<>(); - zmrResult.add(new RegisterResult("bpkMax", "de/st/"+randomIdentifier, randomGivenName, randomFamilyName, "2011-01-01")); - zmrResult.add(new RegisterResult("bpkMax", "de/st/"+randomIdentifier, "Maximilian", randomFamilyName, "2011-01-01")); + zmrResult.add(new RegisterResult("bpkMax", DE_ST+randomIdentifier, randomGivenName, randomFamilyName, randomDate)); + zmrResult.add(new RegisterResult("bpkMax", DE_ST+randomIdentifier, "Maximilian", randomFamilyName, randomDate)); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResult); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - //Mock ernb - ArrayList ernbResult = new ArrayList<>(); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResult); + ArrayList ernpResult = new ArrayList<>(); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - task = new InitialSearchTask(emptyHandlers(), ernbClient, zmrClient); + task = new InitialSearchTask(emptyHandlers(), ernpClient, zmrClient); try { task.execute(pendingReq, executionContext); Assert.assertTrue("Wrong workflow, should not reach this point/ get a bpk", false); @@ -199,24 +204,24 @@ public class InitialSearchTaskFirstTest { @Test @DirtiesContext /** - * Two matches found in ErnB + * Two matches found in ErnP */ - public void testNode101b() throws Exception { - - //Mock ZMR + public void testNode101_ManualFixNecessary_b() throws Exception { + String randombpk = RandomStringUtils.random(5); ArrayList zmrResult = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResult); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - //Mock ernb - ArrayList ernbResult = new ArrayList<>(); - ernbResult.add(new RegisterResult("bpkMax", "de/st/"+randomIdentifier, randomGivenName, randomFamilyName, "2011-01-01")); - ernbResult.add(new RegisterResult("bpkMax", "de/st/"+randomIdentifier, "Maximilian", randomFamilyName, "2011-01-01")); + ArrayList ernpResult = new ArrayList<>(); + ernpResult.add(new RegisterResult(randombpk, DE_ST+randomIdentifier, randomGivenName, randomFamilyName, randomDate)); + ernpResult.add(new RegisterResult(randombpk, DE_ST+randomIdentifier, randomGivenName+RandomStringUtils.random(2), + randomFamilyName, + randomDate)); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResult); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - task = new InitialSearchTask(emptyHandlers(), ernbClient, zmrClient); + task = new InitialSearchTask(emptyHandlers(), ernpClient, zmrClient); try { task.execute(pendingReq, executionContext); Assert.assertTrue("Wrong workflow, should not reach this point/ get a bpk", false); @@ -231,30 +236,24 @@ public class InitialSearchTaskFirstTest { /** * One match, no register update needed */ - public void testNode102a() throws Exception { + public void testNode102_UserIdentified_a() throws Exception { - String randomBpk = RandomStringUtils.randomNumeric(12);; - //Mock ZMR + String randomBpk = RandomStringUtils.randomNumeric(12); ArrayList zmrResult = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResult); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - //Mock ernb - ArrayList ernbResult = new ArrayList<>(); - ernbResult.add(new RegisterResult(randomBpk, "de/st/"+randomIdentifier, randomGivenName, randomFamilyName, "2011-01-01")); + ArrayList ernpResult = new ArrayList<>(); + ernpResult.add(new RegisterResult(randomBpk, DE_ST+randomIdentifier, randomGivenName, randomFamilyName, randomDate)); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResult); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - task = new InitialSearchTask(emptyHandlers(), ernbClient, zmrClient); - try { - task.execute(pendingReq, executionContext); - String bPk = (String) - pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); - } catch (final TaskExecutionException e) { - Assert.assertTrue("Wrong workflow, should not reach this point", false); - } + task = new InitialSearchTask(emptyHandlers(), ernpClient, zmrClient); + task.execute(pendingReq, executionContext); + String bPk = (String) + pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); } @Test @@ -262,39 +261,33 @@ public class InitialSearchTaskFirstTest { /** * One match, no register update needed */ - public void testNode102b() throws Exception { + public void testNode102_UserIdentified_b() throws Exception { String randomBpk = RandomStringUtils.randomNumeric(14); - //Mock ZMR + ArrayList zmrResult = new ArrayList<>(); - zmrResult.add(new RegisterResult(randomBpk, "de/st/"+randomIdentifier, randomGivenName, randomFamilyName, "2011-01-01")); + zmrResult.add(new RegisterResult(randomBpk, DE_ST+randomIdentifier, randomGivenName, randomFamilyName, randomDate)); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResult); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - //Mock ernb - ArrayList ernbResult = new ArrayList<>(); + ArrayList ernpResult = new ArrayList<>(); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResult); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - task = new InitialSearchTask(emptyHandlers(), ernbClient, zmrClient); - try { - task.execute(pendingReq, executionContext); - String bPk = (String) - pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); - - } catch (final TaskExecutionException e) { - Assert.assertTrue("Wrong workflow, should not reach this point", false); - } + task = new InitialSearchTask(emptyHandlers(), ernpClient, zmrClient); + task.execute(pendingReq, executionContext); + String bPk = (String) + pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + Assert.assertTrue("Wrong bpk", bPk.equals(randomBpk)); } @Test @DirtiesContext /** - * One match found in ZMR and ErnB with detail search + * One match found in ZMR and ErnP with detail search */ - public void testNode103IT() throws Exception { + public void testNode103_UserIdentified_IT() throws Exception { String bpkRegister = RandomStringUtils.randomNumeric(14); String taxNumber = RandomStringUtils.randomNumeric(14); final AuthenticationResponse response = buildDummyAuthResponseRandomPersonIT_Tax(taxNumber); @@ -302,29 +295,26 @@ public class InitialSearchTaskFirstTest { pendingReq1.getSessionData(AuthProcessDataWrapper.class) .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - //Mock ZMR initial search ArrayList zmrResultInitial = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResultInitial); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResultInitial); ArrayList zmrResultSpecific = new ArrayList<>(); - //String bpk, String pseudonym, String givenName, String familyName, String dateOfBirth, - // String placeOfBirth, String birthName, String taxNumber, PostalAddressType address - zmrResultSpecific.add(new RegisterResult(bpkRegister, "it/st/"+randomIdentifier+"4", randomGivenName, randomFamilyName, - "2011-01-01", null, null, taxNumber, null)); - Mockito.when(zmrClient.searchItSpecific(taxNumber)).thenReturn(zmrResultSpecific); + zmrResultSpecific.add(new RegisterResult(bpkRegister, IT_ST+randomIdentifier+RandomStringUtils.random(2), + randomGivenName, + randomFamilyName, + randomDate, null, null, taxNumber, null)); - //Mock ernb initial search - ArrayList ernbResultInitial = new ArrayList<>(); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResultInitial); + Mockito.when(zmrClient.searchItSpecific(taxNumber)).thenReturn(zmrResultSpecific); + ArrayList ernpResultInitial = new ArrayList<>(); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResultInitial); - //Mock country specific search - List handlers = new ArrayList<>(); - ItSpecificDetailSearchProcessor it = new ItSpecificDetailSearchProcessor(ernbClient, zmrClient); + List handlers = new ArrayList<>(); + ItSpecificDetailSearchProcessor it = new ItSpecificDetailSearchProcessor(ernpClient, zmrClient); handlers.add(it); - task = new InitialSearchTask(handlers, ernbClient, zmrClient); + task = new InitialSearchTask(handlers, ernpClient, zmrClient); try { task.execute(pendingReq1, executionContext); @@ -340,26 +330,25 @@ public class InitialSearchTaskFirstTest { @Test @DirtiesContext /** - * Multiple matches found in ZMR and ErnB with detail search + * Multiple matches found in ZMR and ErnP with detail search */ - public void testNode103DE() throws Exception { + public void testNode103_UserIdentified_DE() throws Exception { String givenName = randomGivenName; String familyName = randomFamilyName; - String pseudonym = "de/st/max1234"; - String bpk = "bpkMax"; - String dateOfBirth = "2011-01-01"; - String placeOfBirth = "München"; - String birthName = "BabyMax"; + String pseudonym = DE_ST + RandomStringUtils.random(5); + String bpk = RandomStringUtils.random(5); + String dateOfBirth = randomDate; + String placeOfBirth = randomPlaceOfBirth; + String birthName = randomBirthName; final AuthenticationResponse response = buildDummyAuthResponseDE(givenName, familyName, pseudonym, dateOfBirth, placeOfBirth, birthName); TestRequestImpl pendingReq1 = new TestRequestImpl(); pendingReq1.getSessionData(AuthProcessDataWrapper.class) .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - //Mock ZMR initial search ArrayList zmrResultInitial = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResultInitial); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResultInitial); ArrayList zmrResultSpecific = new ArrayList<>(); zmrResultSpecific.add(new RegisterResult(bpk, pseudonym, givenName, familyName, dateOfBirth, placeOfBirth, @@ -368,16 +357,14 @@ public class InitialSearchTaskFirstTest { Mockito.when(zmrClient.searchDeSpecific(givenName, familyName, dateOfBirth, placeOfBirth, birthName)).thenReturn(zmrResultSpecific); - //Mock ernb initial search - ArrayList ernbResultInitial = new ArrayList<>(); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResultInitial); + ArrayList ernpResultInitial = new ArrayList<>(); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResultInitial); - //Mock country specific search - List handlers = new ArrayList<>(); - DeSpecificDetailSearchProcessor de = new DeSpecificDetailSearchProcessor(ernbClient, zmrClient); + List handlers = new ArrayList<>(); + DeSpecificDetailSearchProcessor de = new DeSpecificDetailSearchProcessor(ernpClient, zmrClient); handlers.add(de); - task = new InitialSearchTask(handlers, ernbClient, zmrClient); + task = new InitialSearchTask(handlers, ernpClient, zmrClient); try { task.execute(pendingReq1, executionContext); @@ -393,28 +380,27 @@ public class InitialSearchTaskFirstTest { @Test @DirtiesContext /** - * Multiple matches found in ZMR and ErnB with detail search + * Multiple matches found in ZMR and ErnP with detail search */ - public void testNode104DE() throws Exception { + public void testNode104_ManualFixNecessary_DE() throws Exception { String givenName = randomGivenName; String familyName = randomFamilyName; - String pseudonym1 = "de/st/max1234"; - String pseudonym2 = "de/st/max12345"; - String bpk1 = "bpkMax"; - String bpk2 = "bpkMax1"; - String dateOfBirth = "2011-01-01"; - String placeOfBirth = "München"; - String birthName = "BabyMax"; + String pseudonym1 = DE_ST + RandomStringUtils.random(5); + String pseudonym2 = pseudonym1 + RandomStringUtils.random(2); + String bpk1 = RandomStringUtils.random(5); + String bpk2 = bpk1 + RandomStringUtils.random(2); + String dateOfBirth = randomDate; + String placeOfBirth = randomPlaceOfBirth; + String birthName = randomBirthName; final AuthenticationResponse response = buildDummyAuthResponseDE(givenName, familyName, pseudonym1, dateOfBirth, placeOfBirth, birthName); TestRequestImpl pendingReq1 = new TestRequestImpl(); pendingReq1.getSessionData(AuthProcessDataWrapper.class) .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - //Mock ZMR initial search ArrayList zmrResultInitial = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResultInitial); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResultInitial); ArrayList zmrResultSpecific = new ArrayList<>(); zmrResultSpecific.add(new RegisterResult(bpk1, pseudonym1, givenName, familyName, dateOfBirth, placeOfBirth, @@ -425,23 +411,18 @@ public class InitialSearchTaskFirstTest { null, null)); Mockito.when(zmrClient.searchDeSpecific(givenName, familyName, dateOfBirth, placeOfBirth, birthName)).thenReturn(zmrResultSpecific); + ArrayList ernpResultInitial = new ArrayList<>(); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResultInitial); - //Mock ernb initial search - ArrayList ernbResultInitial = new ArrayList<>(); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResultInitial); - - //Mock country specific search - List handlers = new ArrayList<>(); - DeSpecificDetailSearchProcessor de = new DeSpecificDetailSearchProcessor(ernbClient, zmrClient); + List handlers = new ArrayList<>(); + DeSpecificDetailSearchProcessor de = new DeSpecificDetailSearchProcessor(ernpClient, zmrClient); handlers.add(de); - task = new InitialSearchTask(handlers, ernbClient, zmrClient); + task = new InitialSearchTask(handlers, ernpClient, zmrClient); try { task.execute(pendingReq1, executionContext); - Assert.assertTrue("Wrong workflow, should not reach this point/ get a bpk", false); - } catch (final TaskExecutionException e) { Throwable origE = e.getOriginalException(); Assert.assertTrue("Wrong exception", (origE.getCause() instanceof ManualFixNecessaryException)); @@ -451,43 +432,40 @@ public class InitialSearchTaskFirstTest { @Test @DirtiesContext /** - * Multiple matches found in ZMR and ErnB with detail search + * Multiple matches found in ZMR and ErnP with detail search */ - public void testNode104IT() throws Exception { + public void testNode104_ManualFixNecessary_IT() throws Exception { String fakeTaxNumber = RandomStringUtils.randomNumeric(14);; final AuthenticationResponse response = buildDummyAuthResponseRandomPersonIT_Tax(fakeTaxNumber); TestRequestImpl pendingReq1 = new TestRequestImpl(); pendingReq1.getSessionData(AuthProcessDataWrapper.class) .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - //Mock ZMR initial search ArrayList zmrResultInitial = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResultInitial); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResultInitial); ArrayList zmrResultSpecific = new ArrayList<>(); - zmrResultSpecific.add(new RegisterResult("bpkMax", "it/st/"+randomIdentifier+"4", randomGivenName, randomFamilyName, "2011-01-01", null, null, + zmrResultSpecific.add(new RegisterResult("bpkMax", IT_ST+randomIdentifier+"4", randomGivenName, randomFamilyName, + randomDate, null, null, fakeTaxNumber, null)); - zmrResultSpecific.add(new RegisterResult("bpkMax1", "it/st/"+randomIdentifier+"5", randomGivenName, randomFamilyName, "2011-01-01", null, null, + zmrResultSpecific.add(new RegisterResult("bpkMax1", IT_ST+randomIdentifier+"5", randomGivenName, randomFamilyName, + randomDate, null, null, fakeTaxNumber, null)); Mockito.when(zmrClient.searchItSpecific(fakeTaxNumber)).thenReturn(zmrResultSpecific); - //Mock ernb initial search - ArrayList ernbResultInitial = new ArrayList<>(); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResultInitial); + ArrayList ernpResultInitial = new ArrayList<>(); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResultInitial); - //Mock country specific search - List handlers = new ArrayList<>(); - ItSpecificDetailSearchProcessor it = new ItSpecificDetailSearchProcessor(ernbClient, zmrClient); + List handlers = new ArrayList<>(); + ItSpecificDetailSearchProcessor it = new ItSpecificDetailSearchProcessor(ernpClient, zmrClient); handlers.add(it); - task = new InitialSearchTask(handlers, ernbClient, zmrClient); + task = new InitialSearchTask(handlers, ernpClient, zmrClient); try { task.execute(pendingReq1, executionContext); - Assert.assertTrue("Wrong workflow, should not reach this point/ get a bpk", false); - } catch (final TaskExecutionException e) { Throwable origE = e.getOriginalException(); Assert.assertTrue("Wrong exception", (origE.getCause() instanceof ManualFixNecessaryException)); @@ -497,45 +475,35 @@ public class InitialSearchTaskFirstTest { @Test @DirtiesContext /** - * NO match found in ZMR and ErnB with Initial search + * NO match found in ZMR and ErnP with Initial search */ - public void testNode105() { + public void testNode105_TemporaryEnd() throws TaskExecutionException { - //Mock ZMR ArrayList zmrResult = new ArrayList<>(); zmrClient = Mockito.mock(IZmrClient.class); - Mockito.when(zmrClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(zmrResult); - - //Mock ernb - ArrayList ernbResult = new ArrayList<>(); - ernbClient = Mockito.mock(IErnbClient.class); - Mockito.when(ernbClient.searchWithPersonIdentifer(randomIdentifier)).thenReturn(ernbResult); + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - task = new InitialSearchTask(emptyHandlers(), ernbClient, zmrClient); - try { - task.execute(pendingReq, executionContext); + ArrayList ernpResult = new ArrayList<>(); + ernpClient = Mockito.mock(IErnpClient.class); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); - String bPk = (String) - pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertTrue("Wrong bpk", bPk.equals("TODO-Temporary-Endnode-105")); - } catch (final TaskExecutionException e) { - Assert.assertTrue("Wrong workflow, should not reach this point", false); - } + task = new InitialSearchTask(emptyHandlers(), ernpClient, zmrClient); + task.execute(pendingReq, executionContext); + String bPk = (String) + pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + Assert.assertEquals("Wrong bpk", "TODO-Temporary-Endnode-105", bPk); } @NotNull private AuthenticationResponse buildDummyAuthResponseRandomPerson() throws URISyntaxException { - // NOTE: Those strings "de/st/max123" seem to be somehow relevant, but where do we need to use that exact string - // again? - // NOTE: If not, why not using random strings? return buildDummyAuthResponse(randomGivenName, randomFamilyName, - "de/st/"+randomIdentifier, "2011-01-01"); + DE_ST+randomIdentifier, randomDate); } private AuthenticationResponse buildDummyAuthResponseRandomPersonIT_Tax(String taxNumber) throws URISyntaxException { return buildDummyAuthResponse(randomGivenName, randomFamilyName, - "it/st/"+randomIdentifier, "2011-01-01", taxNumber, null, null); + IT_ST+randomIdentifier, randomDate, taxNumber, null, null); } @NotNull @@ -555,58 +523,46 @@ public class InitialSearchTaskFirstTest { private AuthenticationResponse buildDummyAuthResponse(String givenName, String familyName, String identifier, String dateOfBirth, String taxNumber, String placeOfBirth, String birthName) throws URISyntaxException { - final AttributeDefinition attributeDef = AttributeDefinition.builder() - .friendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).nameUri(new URI("ad", "sd", "ff")) - .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "af")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); - final AttributeDefinition attributeDef2 = AttributeDefinition.builder() - .friendlyName(Constants.eIDAS_ATTR_CURRENTFAMILYNAME).nameUri(new URI("ad", "sd", "fff")) - .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "aff")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); - final AttributeDefinition attributeDef3 = AttributeDefinition.builder() - .friendlyName(Constants.eIDAS_ATTR_CURRENTGIVENNAME).nameUri(new URI("ad", "sd", "ffff")) - .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "afff")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); - final AttributeDefinition attributeDef4 = AttributeDefinition.builder() - .friendlyName(Constants.eIDAS_ATTR_DATEOFBIRTH).nameUri(new URI("ad", "sd", "fffff")) - .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "affff")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller").build(); - final AttributeDefinition attributeDef5 = AttributeDefinition.builder() - .friendlyName(Constants.eIDAS_ATTR_TAXREFERENCE).nameUri(new URI("ad", "sd", "ffffff")) - .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "afffff")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); - final AttributeDefinition attributeDef6 = AttributeDefinition.builder() - .friendlyName(Constants.eIDAS_ATTR_PLACEOFBIRTH).nameUri(new URI("ad", "sd", "fffffff")) - .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "affffff")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); - final AttributeDefinition attributeDef7 = AttributeDefinition.builder() - .friendlyName(Constants.eIDAS_ATTR_BIRTHNAME).nameUri(new URI("ad", "sd", "ffffffff")) - .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "afffffff")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder() - .put(attributeDef, identifier) - .put(attributeDef2, familyName) - .put(attributeDef3, givenName) - .put(attributeDef4, dateOfBirth); - + .put(generateStringAttribute(Constants.eIDAS_ATTR_PERSONALIDENTIFIER,"ff","af"), identifier) + .put(generateStringAttribute(Constants.eIDAS_ATTR_CURRENTFAMILYNAME,"fff","aff"), familyName) + .put(generateStringAttribute(Constants.eIDAS_ATTR_CURRENTGIVENNAME,"ffff","afff"), givenName) + .put(generateDateTimeAttribute(Constants.eIDAS_ATTR_DATEOFBIRTH,"fffff","affff"), dateOfBirth); if (taxNumber != null) { - builder.put(attributeDef5, taxNumber); + builder.put(generateStringAttribute(Constants.eIDAS_ATTR_TAXREFERENCE,"ffffff","afffff"), taxNumber); } if (birthName != null) { - builder.put(attributeDef7, birthName); + builder.put(generateStringAttribute(Constants.eIDAS_ATTR_BIRTHNAME,"fffffff","affffff"), birthName); } if (placeOfBirth != null) { - builder.put(attributeDef6, placeOfBirth); + builder.put(generateStringAttribute(Constants.eIDAS_ATTR_PLACEOFBIRTH,"ffffffff","afffffff"), placeOfBirth); } final ImmutableAttributeMap attributeMap = builder.build(); val b = new AuthenticationResponse.Builder(); return b.id("aasdf").issuer("asd").subject("asf").statusCode("200").inResponseTo("asdf").subjectNameIdFormat( - "afaf") - .attributes(attributeMap).build(); + "afaf").attributes(attributeMap).build(); + } + + private AttributeDefinition generateStringAttribute(String friendlyName, String fragment, String prefix) throws URISyntaxException { + return generateAttribute(friendlyName, fragment, prefix, "eu.eidas.auth.commons.attribute.impl" + + ".LiteralStringAttributeValueMarshaller"); + } + + private AttributeDefinition generateDateTimeAttribute(String friendlyName, String fragment, String prefix) throws URISyntaxException { + return generateAttribute(friendlyName, fragment, prefix, "eu.eidas.auth.commons.attribute.impl" + + ".DateTimeAttributeValueMarshaller"); + } + + private AttributeDefinition generateAttribute(String friendlyName, String fragment, String prefix, + String marshaller) throws URISyntaxException { + return AttributeDefinition.builder() + .friendlyName(friendlyName).nameUri(new URI("ad", "sd", fragment)) + .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", prefix)) + .attributeValueMarshaller(marshaller).build(); } - private List emptyHandlers() { + private List emptyHandlers() { return new ArrayList<>(); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml index cde374a1..0989cbef 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml @@ -69,7 +69,7 @@ scope="prototype" /> + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.DummyErnpClient" /> -- cgit v1.2.3 From 891f01d3f79307a5a5bd9c352af16814fcb2b764 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Fri, 15 Jan 2021 14:30:26 +0100 Subject: added task/gui for step 10 (addional eidas eid) and 14 (mobile phone sig) --- .../specific/modules/auth/eidas/v2/Constants.java | 1 + .../auth/eidas/v2/ernp/DummyErnpClient.java | 6 ++ .../modules/auth/eidas/v2/ernp/IErnpClient.java | 2 + .../eidas/v2/tasks/CreateNewErnpEntryTask.java | 25 ++++++- .../GenerateGuiQueryAustrianResidenceTask.java | 77 ++++++++++++++++++++++ .../GenerateMobilePhoneSignatureRequestTask.java | 3 + .../auth/eidas/v2/tasks/InitialSearchTask.java | 9 +-- .../ReceiveGuiAustrianResidenceResponseTask.java | 77 ++++++++++++++++++++++ .../eidas/v2/tasks/ReceiveGuiResponseTask.java | 12 ++-- .../ReceiveMobilePhoneSignatureResponseTask.java | 1 + .../resources/eIDAS.Authentication.process.xml | 16 +++++ .../src/main/resources/eidas_v2_auth.beans.xml | 7 ++ 12 files changed, 225 insertions(+), 11 deletions(-) create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateGuiQueryAustrianResidenceTask.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 54f7f8fa..15057600 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -33,6 +33,7 @@ public class Constants { public static final String DATA_REQUESTED_LOA_COMPERISON = "req_requestedLoAComperision"; public static final String DATA_FULL_EIDAS_RESPONSE = "resp_fulleIDASResponse"; public static final String DATA_RESULT_MATCHING_BPK = "matching-result-bpk"; + public static final String DATA_SIMPLE_EIDAS = "simple_eidas_data"; // templates for post-binding forwarding public static final String TEMPLATE_POST_FORWARD_NAME = "eidas_node_forward.html"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java index e514c808..22482638 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java @@ -62,5 +62,11 @@ public class DummyErnpClient implements IErnpClient { //TODO } + @Override + public boolean createNewEntry(SimpleEidasData simpleEidasData) { + //TODO + return false; + } + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java index b9641c5c..cb499ca5 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java @@ -40,4 +40,6 @@ public interface IErnpClient { List searchItSpecific(String taxNumber); void update(RegisterResult registerResult, SimpleEidasData eidData); + + boolean createNewEntry(SimpleEidasData simpleEidasData); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java index 6f7304c9..09af0e24 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java @@ -23,8 +23,12 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; @@ -41,15 +45,34 @@ import javax.servlet.http.HttpServletResponse; @Component("CreateNewErnbEntryTask") public class CreateNewErnpEntryTask extends AbstractAuthServletTask { + private final IErnpClient ernpClient; + + /** + * Constructor. + * @param ernpClient ErnP client + */ + public CreateNewErnpEntryTask(IErnpClient ernpClient) { + this.ernpClient = ernpClient; + } + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { - //TODO + final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + SimpleEidasData simpleEidasData = authProcessData.getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, + SimpleEidasData.class); + step9CreateNewErnpEntry(simpleEidasData); } catch (final Exception e) { log.error("Initial search FAILED.", e); throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); } } + private void step9CreateNewErnpEntry(SimpleEidasData simpleEidasData) { + + //TODO can i get bpk from response? + ernpClient.createNewEntry(simpleEidasData); + } + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateGuiQueryAustrianResidenceTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateGuiQueryAustrianResidenceTask.java new file mode 100644 index 00000000..a80b8550 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateGuiQueryAustrianResidenceTask.java @@ -0,0 +1,77 @@ +/* + * Copyright 2021 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.connector.gui.StaticGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * Task that generates a GUI that queries whether the user has an addional eidas eID or an Austrian mobile phone + * signature. + * + * @author amarsalek + */ +@Slf4j +@Component("GenerateGuiQueryAustrianResidenceTask") +public class GenerateGuiQueryAustrianResidenceTask extends AbstractAuthServletTask { + + @Autowired + ISpringMvcGuiFormBuilder guiBuilder; + @Autowired + IConfiguration basicConfig; + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + final IGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( + basicConfig, + pendingReq, + basicConfig.getBasicConfiguration(//TODO + MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_TEMPLATES_OTHER_LOGIN_METHOD_SELECTION, + MsEidasNodeConstants.TEMPLATE_HTML_OTHERLOGINMETHODS), + MsEidasNodeConstants.ENDPOINT_OTHERLOGINMETHODSELECTION, + resourceLoader); + + guiBuilder.build(request, response, config, "Other login methods selection form"); + + } catch (final Exception e) { + log.error("Initial search FAILED.", e); + throw new TaskExecutionException(pendingReq, "Gui creation FAILED.", e); + } + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java index 7c154705..0f2fc8a3 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java @@ -46,6 +46,9 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { + log.trace("Starting GenerateMobilePhoneSignatureRequestTask"); + //step 15a + //TODO } catch (final Exception e) { log.error("Initial search FAILED.", e); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index ae89a4a0..34e258ca 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -69,6 +69,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { private final IErnpClient ernpClient; private final IZmrClient zmrClient; private ExecutionContext executionContext; + /** * Constructor. * @param handlers List of countrySpecificSearchProcessors @@ -97,6 +98,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { String bpK = step2RegisterSearchWithPersonidentifier(eidData); authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpK); + authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidasResponse); } catch (final Exception e) { log.error("Initial search FAILED.", e); throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); @@ -154,7 +156,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { } } if (foundHandler == null) { - return step8RegisterSearchWithMds(result, eidData); + return step8RegisterSearchWithMds(eidData); } else { return step6CountrySpecificSearch(foundHandler, result, eidData); } @@ -169,7 +171,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { switch (countrySpecificDetailSearchResult.getResultCount()) { case 0: - return step8RegisterSearchWithMds(initialSearchResult, eidData); + return step8RegisterSearchWithMds(eidData); case 1: return step7aKittProcess(initialSearchResult, countrySpecificDetailSearchResult, eidData); default: @@ -202,8 +204,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { } } - private String step8RegisterSearchWithMds(MergedRegisterSearchResult initialSearchResult, - SimpleEidasData eidData) { + private String step8RegisterSearchWithMds(SimpleEidasData eidData) { log.trace("Starting step8RegisterSearchWithMds"); List resultsZmr = zmrClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java new file mode 100644 index 00000000..3bbb59d1 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java @@ -0,0 +1,77 @@ +/* + * Copyright 2021 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang3.StringUtils; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.Enumeration; + +/** + * Task receives the response of GenerateGuiQueryAustrianResidenceTask and handles it. + * + * @author amarsalek + */ +@Slf4j +@Component("ReceiveGuiAustrianResidenceResponseTask") +public class ReceiveGuiAustrianResidenceResponseTask extends AbstractAuthServletTask { + + final String loginMethod = "loginSelection"; + + //TODO + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + log.trace("Starting ReceiveGuiAustrianResidenceResponseTask"); + // set parameter execution context + final Enumeration reqParamNames = request.getParameterNames(); + while (reqParamNames.hasMoreElements()) { + final String paramName = reqParamNames.nextElement(); + if (StringUtils.isNotEmpty(paramName) + && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) + && loginMethod.equalsIgnoreCase(paramName)) { + + String value = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); + SelectedLoginMethod selection = SelectedLoginMethod.valueOf(value); + executionContext.put(loginMethod, selection); + + } + } + } catch (final Exception e) { + log.error("Parsing selected login method FAILED.", e); + throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.", e); + } + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java index fc51ce2d..fa787792 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java @@ -57,12 +57,12 @@ public class ReceiveGuiResponseTask extends AbstractAuthServletTask { while (reqParamNames.hasMoreElements()) { final String paramName = reqParamNames.nextElement(); if (StringUtils.isNotEmpty(paramName) - && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)) { - if (loginMethod.equalsIgnoreCase(paramName)) { - String value = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); - SelectedLoginMethod selection = SelectedLoginMethod.valueOf(value); - executionContext.put(loginMethod, selection); - } + && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) + && loginMethod.equalsIgnoreCase(paramName)) { + String value = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); + SelectedLoginMethod selection = SelectedLoginMethod.valueOf(value); + executionContext.put(loginMethod, selection); + } } } catch (final Exception e) { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java index 95eeca4c..4329fc2e 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java @@ -45,6 +45,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { + log.trace("Starting ReceiveMobilePhoneSignatureResponseTask"); //TODO } catch (final Exception e) { log.error("Initial search FAILED.", e); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index 5299093e..992ad766 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -24,6 +24,10 @@ + + @@ -51,7 +55,19 @@ + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 4c3a47fd..32e3241c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -125,4 +125,11 @@ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseTask" scope="prototype" /> + + + \ No newline at end of file -- cgit v1.2.3 From e4e4fbf37aa0326b1c06f907a13593732c23deb7 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Fri, 22 Jan 2021 09:53:50 +0100 Subject: processing after mobilephone auth response --- .../specific/modules/auth/eidas/v2/Constants.java | 2 +- .../modules/auth/eidas/v2/dao/SimpleEidasData.java | 4 +- .../auth/eidas/v2/ernp/DummyErnpClient.java | 6 ++ .../modules/auth/eidas/v2/ernp/IErnpClient.java | 1 + .../GenerateMobilePhoneSignatureRequestTask.java | 11 +++ .../auth/eidas/v2/tasks/InitialSearchTask.java | 35 +++---- .../ReceiveGuiAustrianResidenceResponseTask.java | 1 + ...eSignatureResponseAndSearchInRegistersTask.java | 101 +++++++++++++++++++++ .../ReceiveMobilePhoneSignatureResponseTask.java | 56 ------------ .../auth/eidas/v2/utils/EidasResponseUtils.java | 16 ++-- .../modules/auth/eidas/v2/utils/Utils.java | 48 ++++++++++ .../modules/auth/eidas/v2/zmr/DummyZmrClient.java | 6 ++ .../modules/auth/eidas/v2/zmr/IZmrClient.java | 2 + .../src/main/resources/eidas_v2_auth.beans.xml | 2 +- .../resources/SpringTest-context_tasks_test.xml | 2 +- 15 files changed, 203 insertions(+), 90 deletions(-) create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/Utils.java (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 8a1a63f5..858637e9 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -34,7 +34,7 @@ public class Constants { public static final String DATA_FULL_EIDAS_RESPONSE = "resp_fulleIDASResponse"; public static final String DATA_RESULT_MATCHING_BPK = "matching-result-bpk"; public static final String DATA_SIMPLE_EIDAS = "simple_eidas_data"; - + public static final String DATA_INITIAL_REGISTER_RESULT = "initial_register_result"; // templates for post-binding forwarding public static final String TEMPLATE_POST_FORWARD_NAME = "eidas_node_forward.html"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java index b86984d0..17f2b1ee 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java @@ -84,10 +84,10 @@ public class SimpleEidasData { if (a == null && b == null) { return true; } - if (a == null && b != null) { + if (a == null) { return false; } - if (a != null && b == null) { + if (b == null) { return false; } return a.equals(b); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java index 22482638..77411dd1 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java @@ -68,5 +68,11 @@ public class DummyErnpClient implements IErnpClient { return false; } + @Override + public List searchWithBpkZp(String bpkzp) { + //TODO + return Collections.emptyList(); + } + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java index 2f82387f..0c994f69 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java @@ -43,4 +43,5 @@ public interface IErnpClient { boolean createNewEntry(SimpleEidasData simpleEidasData); + List searchWithBpkZp(String bpkzp); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java index 0f2fc8a3..736ac6e5 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java @@ -27,6 +27,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; import org.springframework.stereotype.Component; import javax.servlet.http.HttpServletRequest; @@ -48,6 +49,16 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet try { log.trace("Starting GenerateMobilePhoneSignatureRequestTask"); //step 15a + // get entityID for ms-specific eIDAS node + final String msNodeEntityID = "TODO"; + + if (StringUtils.isEmpty(msNodeEntityID)) { + log.info("eIDAS authentication not possible -> NO EntityID for central eIDAS node FOUND!"); + throw new TaskExecutionException(pendingReq, "", null); + + } + //MsEidasNodeConstants.ENDPOINT_PVP_POST + //MsEidasNodeConstants.ENDPOINT_PVP_METADATA //TODO } catch (final Exception e) { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index 9e5b4d67..99da21a1 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -33,8 +33,10 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNeces import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificDetailSearchProcessor; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.data.Triple; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; @@ -96,19 +98,26 @@ public class InitialSearchTask extends AbstractAuthServletTask { final SimpleEidasData eidData = convertSimpleMapToSimpleData(convertEidasAttrToSimpleMap( eidasResponse.getAttributes().getAttributeMap())); - String bpK = step2RegisterSearchWithPersonidentifier(eidData); + String bpK = step2RegisterSearchWithPersonidentifier(eidData, authProcessData); authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpK); - authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidasResponse); + authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); } catch (final Exception e) { log.error("Initial search FAILED.", e); throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); } } - private String step2RegisterSearchWithPersonidentifier(SimpleEidasData eidData) throws TaskExecutionException { + private String step2RegisterSearchWithPersonidentifier(SimpleEidasData eidData, + AuthProcessDataWrapper authProcessData) throws TaskExecutionException { log.trace("Starting step2RegisterSearchWithPersonidentifier"); String personIdentifier = eidData.getPseudonym(); MergedRegisterSearchResult result = searchInZmrAndErnp(personIdentifier); + //store data in session + try { + authProcessData.setGenericDataToSession(Constants.DATA_INITIAL_REGISTER_RESULT, result); + } catch (EaafStorageException e) { + throw new TaskExecutionException(pendingReq, "Initial search - Kitt Process necessary.",e); + } if (result.getResultCount() == 0) { return step5CheckAndPerformCountrySpecificSearchIfPossible(result, eidData); } else if (result.getResultCount() == 1) { @@ -184,24 +193,8 @@ public class InitialSearchTask extends AbstractAuthServletTask { MergedRegisterSearchResult countrySpecificDetailSearchResult, SimpleEidasData eidData) throws TaskExecutionException { log.trace("Starting step7aKittProcess"); - try { - if (initialSearchResult.getResultCount() != 0) { - throw new WorkflowException("initialSearchResult.getResultCount() != 0"); - } - if (countrySpecificDetailSearchResult.getResultCount() != 1) { - throw new WorkflowException("countrySpecificDetailSearchResult.getResultCount() != 1"); - } - if (countrySpecificDetailSearchResult.getResultsZmr().size() == 1) { - zmrClient.update(countrySpecificDetailSearchResult.getResultsZmr().get(0), eidData); - } - if (countrySpecificDetailSearchResult.getResultsErnp().size() == 1) { - ernpClient.update(countrySpecificDetailSearchResult.getResultsErnp().get(0), eidData); - } - String bpK = countrySpecificDetailSearchResult.getBpk(); - return bpK; - } catch (WorkflowException e) { - throw new TaskExecutionException(pendingReq, "Step7a failed.", e); - } + return Utils.step7aKittProcess(ernpClient, zmrClient, initialSearchResult, countrySpecificDetailSearchResult, + eidData, pendingReq); } private String step8RegisterSearchWithMds(SimpleEidasData eidData) { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java index 3bbb59d1..34fbf507 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java @@ -68,6 +68,7 @@ public class ReceiveGuiAustrianResidenceResponseTask extends AbstractAuthServlet } } + } catch (final Exception e) { log.error("Parsing selected login method FAILED.", e); throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.", e); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java new file mode 100644 index 00000000..b598cb92 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java @@ -0,0 +1,101 @@ +/* + * Copyright 2021 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.List; + +/** + * Task that searches ErnB and ZMR before adding person to SZR. + * + * @author amarsalek + */ +@Slf4j +@Component("ReceiveMobilePhoneSignatureResponseTask") +public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends AbstractAuthServletTask { + + private final IErnpClient ernpClient; + private final IZmrClient zmrClient; + + public ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask(IErnpClient ernpClient, IZmrClient zmrClient) { + this.ernpClient = ernpClient; + this.zmrClient = zmrClient; + } + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + log.trace("Starting ReceiveMobilePhoneSignatureResponseTask");//Node 15 + final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + MergedRegisterSearchResult initialSearchResult = + authProcessData.getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT, + MergedRegisterSearchResult.class); + SimpleEidasData eidData = authProcessData.getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, + SimpleEidasData.class); + + //TODO extract bPK-ZP from response + String bpkzp = "TODO"; + MergedRegisterSearchResult result = searchInZmrAndErnp(bpkzp); + if (result.getResultCount() == 0) { + //go to step 16 + //TODO set context variable + return; + } else if (result.getResultCount() == 1) { + String bpk = Utils.step7aKittProcess(ernpClient, zmrClient, initialSearchResult, result, eidData, pendingReq); + authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); + //node 110 + //TODO bpk vs bpkzp???? same? + } else if (result.getResultCount() > 1) { + throw new ManualFixNecessaryException("bpkzp:" + bpkzp);// node 108 + } + + } catch (final Exception e) { + log.error("Initial search FAILED.", e); + throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); + } + } + + private MergedRegisterSearchResult searchInZmrAndErnp(String bpkzp) { + List resultsZmr = zmrClient.searchWithBpkZp(bpkzp); + List resultsErnp = ernpClient.searchWithBpkZp(bpkzp); + return new MergedRegisterSearchResult(resultsZmr, resultsErnp); + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java deleted file mode 100644 index 4329fc2e..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright 2021 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; - -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import lombok.extern.slf4j.Slf4j; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -/** - * Task that searches ErnB and ZMR before adding person to SZR. - * - * @author amarsalek - */ -@Slf4j -@Component("ReceiveMobilePhoneSignatureResponseTask") -public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServletTask { - - @Override - public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - try { - log.trace("Starting ReceiveMobilePhoneSignatureResponseTask"); - //TODO - } catch (final Exception e) { - log.error("Initial search FAILED.", e); - throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); - } - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java index ef8822aa..1d47df20 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java @@ -49,7 +49,6 @@ import java.util.regex.Pattern; public class EidasResponseUtils { private static final Logger log = LoggerFactory.getLogger(EidasResponseUtils.class); - public static final String PERSONALIDENIFIER_VALIDATION_PATTERN = "^[A-Z,a-z]{2}/[A-Z,a-z]{2}/.*"; /** @@ -58,7 +57,7 @@ public class EidasResponseUtils { * * @param uniqueID eIDAS attribute value of a unique identifier * @return true if the uniqueID matches to eIDAS to Unique Identifier - * specification, otherwise false + * specification, otherwise false */ public static boolean validateEidasPersonalIdentifier(String uniqueID) { final Pattern pattern = Pattern.compile(PERSONALIDENIFIER_VALIDATION_PATTERN); @@ -73,12 +72,13 @@ public class EidasResponseUtils { * Unique Identifier * * @param uniqueID eIDAS attribute value of a unique identifier - * @return {@link Triple} that contains:
- * First : citizen country
- * Second: destination country
- * Third : unique identifier
- * or null if the attribute value has a wrong format + * @return {@link Trible} that contains:
+ * First : citizen country
+ * Second: destination country
+ * Third : unique identifier
+ * or null if the attribute value has a wrong format */ + public static Triple parseEidasPersonalIdentifier(String uniqueID) { if (!validateEidasPersonalIdentifier(uniqueID)) { log.error("eIDAS attribute value for {} looks wrong formated. Value: {}", @@ -96,7 +96,7 @@ public class EidasResponseUtils { * @param attributeDefinition eIDAS attribute definition * @param attributeValues Attributes from eIDAS response * @return Set of attribute values. If more then one value than the first value - * contains the 'Latin' value. + * contains the 'Latin' value. */ // TODO: check possible problem with nonLatinCharacters public static List translateStringListAttribute(AttributeDefinition attributeDefinition, diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/Utils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/Utils.java new file mode 100644 index 00000000..5612d137 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/Utils.java @@ -0,0 +1,48 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.utils; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; + +public class Utils { + + /** + * Automatic process to fix the register entries. + * + * @param ernpClient ErnP client + * @param zmrClient ZMR client + * @param initialSearchResult Result of initial register search + * @param specificDetailSearchResult Result of last register search + * @param eidData Received eidas data + * @param pendingReq Pending request + * @return The bpk + * @throws TaskExecutionException if an error occurs during the register update + */ + public static String step7aKittProcess(IErnpClient ernpClient, IZmrClient zmrClient, + MergedRegisterSearchResult initialSearchResult, + MergedRegisterSearchResult specificDetailSearchResult, + SimpleEidasData eidData, IRequest pendingReq) throws TaskExecutionException { + try { + if (initialSearchResult.getResultCount() != 0) { + throw new WorkflowException("initialSearchResult.getResultCount() != 0"); + } + if (specificDetailSearchResult.getResultCount() != 1) { + throw new WorkflowException("countrySpecificDetailSearchResult.getResultCount() != 1"); + } + if (specificDetailSearchResult.getResultsZmr().size() == 1) { + zmrClient.update(specificDetailSearchResult.getResultsZmr().get(0), eidData); + } + if (specificDetailSearchResult.getResultsErnp().size() == 1) { + ernpClient.update(specificDetailSearchResult.getResultsErnp().get(0), eidData); + } + String bpK = specificDetailSearchResult.getBpk(); + return bpK; + } catch (WorkflowException e) { + throw new TaskExecutionException(pendingReq, "Step7a failed.", e); + } + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java index b12c1bcb..87b00f07 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java @@ -62,4 +62,10 @@ public class DummyZmrClient implements IZmrClient { //TODO } + @Override + public List searchWithBpkZp(String bpkzp) { + //TODO + return Collections.emptyList(); + } + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java index 5175cd7b..2742ae31 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java @@ -40,4 +40,6 @@ public interface IZmrClient { List searchItSpecific(String taxNumber); void update(RegisterResult registerResult, SimpleEidasData eidData); + + List searchWithBpkZp(String bpkzp); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index fb1fa0f3..d669835f 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -123,7 +123,7 @@ scope="prototype" /> \ No newline at end of file -- cgit v1.2.3 From e36aedb5b1acd1b985d09acb818f1f85175cb826 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Tue, 26 Jan 2021 18:57:51 +0100 Subject: copied and adapted classes for PVP request creation for mobile signature --- eidas_modules/authmodule-eIDAS-v2/pom.xml | 11 + .../AhExtendedPvpAttributeDefinitions.java | 24 ++ .../eidas/v2/mobilesig/AuthHandlerConstants.java | 141 ++++++ .../v2/mobilesig/EidasCentralAuthConstants.java | 166 ++++++++ .../EidasCentralAuthCredentialProvider.java | 130 ++++++ .../EidasCentralAuthMetadataConfiguration.java | 471 +++++++++++++++++++++ .../EidasCentralAuthMetadataController.java | 149 +++++++ .../EidasCentralAuthMetadataProvider.java | 169 ++++++++ ...idasCentralAuthRequestBuilderConfiguration.java | 300 +++++++++++++ .../eidas/v2/mobilesig/IAhSpConfiguration.java | 151 +++++++ .../GenerateMobilePhoneSignatureRequestTask.java | 103 +++++ .../src/main/resources/eidas_v2_auth.beans.xml | 4 + 12 files changed, 1819 insertions(+) create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AhExtendedPvpAttributeDefinitions.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AuthHandlerConstants.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthConstants.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthCredentialProvider.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataConfiguration.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataController.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataProvider.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthRequestBuilderConfiguration.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/IAhSpConfiguration.java (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml index 4f3133f8..680c528e 100644 --- a/eidas_modules/authmodule-eIDAS-v2/pom.xml +++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml @@ -180,6 +180,17 @@ jose4j 0.7.2 + + at.gv.egiz.eaaf + eaaf_module_pvp2_core + 1.1.11 + compile + + + at.gv.egiz.eaaf + eaaf_module_pvp2_sp + compile + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AhExtendedPvpAttributeDefinitions.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AhExtendedPvpAttributeDefinitions.java new file mode 100644 index 00000000..af9a2972 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AhExtendedPvpAttributeDefinitions.java @@ -0,0 +1,24 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; + +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class AhExtendedPvpAttributeDefinitions implements ExtendedPvpAttributeDefinitions { + private static final Logger log = + LoggerFactory.getLogger(AhExtendedPvpAttributeDefinitions.class); + + private AhExtendedPvpAttributeDefinitions() { + log.trace("Instance class: {} for SonarQube", + AhExtendedPvpAttributeDefinitions.class.getName()); + + } + + public static final String EID_BCBIND_NAME = "urn:eidgvat:attributes.bcbind"; + public static final String EID_BCBIND_FRIENDLY_NAME = "bcBind"; + + public static final String EID_BINDING_PUBKEY_NAME = "urn:eidgvat:attributes.binding.pubkey"; + public static final String EID_BINDING_PUBKEY_FRIENDLY_NAME = "BindingPubKey"; + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AuthHandlerConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AuthHandlerConstants.java new file mode 100644 index 00000000..60219759 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AuthHandlerConstants.java @@ -0,0 +1,141 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; + + +public class AuthHandlerConstants { + + private AuthHandlerConstants() { + + } + + // TODO: maybe update to another target + public static final String DEFAULT_INTERNAL_BPK_TARGET = "urn:publicid:gv.at:cdid+ZP-MH"; + + // configuration parameters + public static final String PROP_CONFIG_APPLICATION_PREFIX = "authhandler."; + public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX = "core.context.url.prefix"; + public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION = + "core.context.url.request.validation"; + public static final String PROP_CONFIG_LEGACY_ALLOW = "core.legacy.allowLegacyMode"; + + public static final String PROP_CONFIG_WEBCONTENT_STATIC_PATH = + "core.webcontent.static.directory"; + public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH = "core.webcontent.templates"; + public static final String PROP_CONFIG_WEBCONTENT_PROPERTIES_PATH = "core.webcontent.properties"; + + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_NAME = "core.cache.transaction.name"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_ENABLED = + "core.cache.transaction.encryption.enabled"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEY_TYPE = + "core.cache.transaction.encryption.type"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_PASSPHRASE = + "core.cache.transaction.encryption.passphrase"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_SALT = + "core.cache.transaction.encryption.salt"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEYSTORE_NAME = + "core.cache.transaction.encryption.keystore.name"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEY_ALIAS = + "core.cache.transaction.encryption.key.alias"; + + public static final String PROP_CONFIG_CACHE_ATTRIBUTEPROXY_NAME = + "core.cache.attributeproxy.name"; + + public static final String PROP_CONFIG_BACKEND_ENDPOINT_GETALLSUPPORTEDATTRIBUTES = + "backend.endpoints.getallsupportedattributes"; + public static final String PROP_CONFIG_BACKEND_ENDPOINT_GETAPPLICATIONCONFIGURATION = + "backend.endpoints.getapplicationconfiguration"; + + public static final String PROP_CONFIG_INTERNAL_BPK_TARGET = "core.internal.bpk.target"; + + public static final String PROP_CONFIG_INTERNAL_FRONTEND_ONLY_MODE = "core.internal.frontend.only.mode"; + public static final boolean PROP_DEFAULT_CONFIG_INTERNAL_FRONTEND_ONLY_MODE = false; + + // Servlet End-Points + public static final String ENDPOINT_PROCESSENGINE_CONTROLLER = "/api/process"; + public static final String ENDPOINT_ERROR_IFRAME_HOPPING = "/error/parenthop"; + + + // GUI template directories + public static final String CLASSPATH_TEMPLATE_DIR = "/templates/"; + public static final String FILESYSTEM_TEMPLATE_DIR = "./templates/"; + public static final String TEMPLATE_HTML_ERROR = "error_message.html"; + + // GUI template defaultfiles + public static final String TEMPLATE_AUTHPROCESS_SELECTION_VDA_FULLFRAME = "authSelection.html"; + public static final String TEMPLATE_AUTHPROCESS_SELECTION_VDA_IFRAME = "authSelection_iframe.html"; + public static final String TEMPLATE_USER_CONSENT_REQUEST = "userConsent.html"; + public static final String TEMPLATE_IFRAME_TO_PARENT_HOPE = "iframe_parent_hope.html"; + public static final String TEMPLATE_MANDATE_SELECTION = "mandateSelection.html"; + public static final String TEMPLATE_PROF_REP_MANDATE_SELECTION = "profRepMandateSelection.html"; + public static final String TEMPLATE_MANDATE_SELECTION_DUMMY = "mandateSelection_dummy.html"; + + + + // http request parameters + public static final String HTTP_PARAM_APPLICATION_ID = "appId"; + public static final String HTTP_PARAM_STOP_PROCESS = "stopAuthProcess"; + public static final String HTTP_PARAM_EIDAS_PROCESS = "useeIDAS"; + public static final String HTTP_PARAM_EID_PROCESS = "useeID"; + public static final String HTTP_PARAM_EID_BINDING_AUTH_PROCESS = "useBindingAuth"; + public static final String HTTP_PARAM_USE_MANDATES = "useMandate"; + public static final String HTTP_PARAM_AUTHMETHOD = "authMethod"; + public static final String HTTP_PARAM_CONSENT_RELEASE_ATTRIBUTES = "releaseAttributes"; + public static final String HTTP_PARAM_CONSENT_STORE_CONSENT = "storeConsent"; + + @Deprecated + public static final String HTTP_PARAM_EIDMIGRATIONPILOT_PROCESS = "pilotMigration"; + @Deprecated + public static final String HTTP_PARAM_EIDMIGRATIONPILOT_SHOW_INFO_PAGE = "pilotMigrationInfoPage"; + @Deprecated + public static final String HTTP_PARAM_MOBILESIGNATURE_PROCESS = "usemobileSig"; + + // UI options + public static final String UI_PARAM_USE_MANDATES = HTTP_PARAM_USE_MANDATES; + public static final String UI_PARAM_USE_ONLY_MANDATES = "useOnlyMandate"; + public static final String UI_PARAM_USE_EIDAS = HTTP_PARAM_EIDAS_PROCESS; + public static final String UI_PARAM_DSGVO_SHORT_INFO = "dsgvoShortText"; + public static final String UI_PARAM_DSGVO_SP_PRIVACY_STATEMENT_URL = "dsgvoPrivacyStatementUrl"; + public static final String UI_PARAM_DSGVO_SP_SERVICE_URL = "dsgvoServiceUrl"; + public static final String UI_PARAM_DSGVO_SP_LOGO = "dsgvoSpLogo"; + public static final String UI_PARAM_DSGVO_SP_LOGO_SET = "dsgvoSpLogoSet"; + public static final String UI_PARAM_DSGVO_SP_LOGO_SET_DATAURL = "dataUrl"; + public static final String UI_PARAM_DSGVO_SP_LOGO_SET_THEME = "theme"; + public static final String UI_PARAM_DSGVO_SP_LOGO_SET_RESOLUTION = "resolution"; + public static final String UI_PARAM_DSGVO_SP_LOGO_SET_TYPE = "type"; + + public enum LogoType { SVG, PNG, UNKNOWN } + + public enum AuthBlockType { + CADES("CAdES"), JWS("JWS"), NONE("none"); + + private final String internalType; + + AuthBlockType(final String type) { + this.internalType = type; + + } + + /** + * Get Type identifier for this AuthBlock. + * + * @return + */ + public String getAuthBlockType() { + return this.internalType; + } + + @Override + public String toString() { + return getAuthBlockType(); + + } + } + + // process context parameters + public static final String PROCESSCONTEXT_USERCONSENT_NEEDED = "userConsentNeeded"; + public static final String PROCESSCONTEXT_AUTHPROCESSSELECTION_DONE = "authProcSelectDone"; + public static final String PROCESSCONTEXT_SWITCH_LANGUAGE = "changeLanguage"; + public static final String PROCESSCONTEXT_IFRAME_PARENT_NEEDED = "iframeParentNeeded"; + + public static final String PROCESSCONTEXT_WAS_EID_PROCESS = "wasEidProcess"; + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthConstants.java new file mode 100644 index 00000000..e4d520b4 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthConstants.java @@ -0,0 +1,166 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; + + +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.impl.data.Triple; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + + +public class EidasCentralAuthConstants { + + private EidasCentralAuthConstants() { + + } + + public static final String SAML2_STATUSCODE_USERSTOP = "1005"; + + public static final String MODULE_NAME_FOR_LOGGING = "eIDAS central authentication"; + + public static final int METADATA_VALIDUNTIL_IN_HOURS = 24; + + // public static final String HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION = + // AuthHandlerConstants.HTTP_PARAM_EIDAS_PROCESS; + + public static final String ENDPOINT_POST = "/sp/eidas/post"; + public static final String ENDPOINT_REDIRECT = "/sp/eidas/redirect"; + public static final String ENDPOINT_METADATA = "/sp/eidas/metadata"; + + public static final String CONFIG_PROPS_PREFIX = "modules.eidascentralauth."; + public static final String CONFIG_PROPS_KEYSTORE_TYPE = CONFIG_PROPS_PREFIX + "keystore.type"; + public static final String CONFIG_PROPS_KEYSTORE_NAME = CONFIG_PROPS_PREFIX + "keystore.name"; + public static final String CONFIG_PROPS_KEYSTORE_PATH = CONFIG_PROPS_PREFIX + "keystore.path"; + public static final String CONFIG_PROPS_KEYSTOREPASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; + public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX + + "metadata.sign.password"; + public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS = CONFIG_PROPS_PREFIX + + "metadata.sign.alias"; + public static final String CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD = CONFIG_PROPS_PREFIX + + "request.sign.password"; + public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS = CONFIG_PROPS_PREFIX + + "request.sign.alias"; + public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX + + "response.encryption.password"; + public static final String CONFIG_PROPS_ENCRYPTION_ALIAS = CONFIG_PROPS_PREFIX + + "response.encryption.alias"; + + public static final String CONFIG_PROPS_TRUSTSTORE_TYPE = CONFIG_PROPS_PREFIX + "truststore.type"; + public static final String CONFIG_PROPS_TRUSTSTORE_NAME = CONFIG_PROPS_PREFIX + "truststore.name"; + public static final String CONFIG_PROPS_TRUSTSTORE_PATH = CONFIG_PROPS_PREFIX + "truststore.path"; + public static final String CONFIG_PROPS_TRUSTSTORE_PASSWORD = CONFIG_PROPS_PREFIX + "truststore.password"; + + public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + + "required.additional.attributes"; + public static final String CONFIG_PROPS_REQUIRED_LOA = CONFIG_PROPS_PREFIX + + "required.loa"; + public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "node.entityId"; + public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "node.metadataUrl"; + public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID"; + + + public static final String CONFIG_PROPS_METADATA_CONTACT_GIVENNAME = + CONFIG_PROPS_PREFIX + "metadata.contact.givenname"; + public static final String CONFIG_PROPS_METADATA_CONTACT_SURNAME = + CONFIG_PROPS_PREFIX + "metadata.contact.surname"; + public static final String CONFIG_PROPS_METADATA_CONTACT_EMAIL = + CONFIG_PROPS_PREFIX + "metadata.contact.email"; + public static final String CONFIG_PROPS_METADATA_ORGANISATION_NAME = + CONFIG_PROPS_PREFIX + "metadata.organisation.name"; + public static final String CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME = + CONFIG_PROPS_PREFIX + "metadata.organisation.friendyname"; + public static final String CONFIG_PROPS_METADATA_ORGANISATION_URL = + CONFIG_PROPS_PREFIX + "metadata.organisation.url"; + + public static final String CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL = "auth.eidas.node.entityId"; + + public static final String CONFIG_PROPS_SEMPER_MANDATES_ACTIVE = CONFIG_PROPS_PREFIX + + "semper.mandates.active"; + public static final String CONFIG_PROPS_SEMPER_MANDATES_MS_PROXY_LIST = CONFIG_PROPS_PREFIX + + "semper.msproxy.list"; + + public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EaafConstants.EIDAS_LOA_HIGH; + + @Deprecated + public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES_WITHOUT_EID = + Collections.unmodifiableList(new ArrayList>() { + private static final long serialVersionUID = 1L; + { + // add PVP Version attribute + add(Triple.newInstance(PvpAttributeDefinitions.PVP_VERSION_NAME, + PvpAttributeDefinitions.PVP_VERSION_FRIENDLY_NAME, true)); + + // request entity information + add(Triple.newInstance(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, + PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, + PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true)); + add(Triple.newInstance(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, + PvpAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, true)); + + // entity eID information + add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME, + AhExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, false)); + add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME, + AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, false)); + + // Deprecated information + add(Triple.newInstance(PvpAttributeDefinitions.GIVEN_NAME_NAME, + PvpAttributeDefinitions.GIVEN_NAME_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, + PvpAttributeDefinitions.PRINCIPAL_NAME_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.BIRTHDATE_NAME, + PvpAttributeDefinitions.BIRTHDATE_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.BPK_NAME, PvpAttributeDefinitions.BPK_FRIENDLY_NAME, + false)); + add(Triple.newInstance(PvpAttributeDefinitions.EID_IDENTITY_LINK_NAME, + PvpAttributeDefinitions.EID_IDENTITY_LINK_FRIENDLY_NAME, false)); + + //request pII transactionId from MS-Connector + add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, + ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_FRIENDLY_NAME, false)); + + } + }); + + public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES = + Collections.unmodifiableList(new ArrayList>() { + private static final long serialVersionUID = 1L; + { + // add PVP Version attribute + add(Triple.newInstance(PvpAttributeDefinitions.PVP_VERSION_NAME, + PvpAttributeDefinitions.PVP_VERSION_FRIENDLY_NAME, true)); + + // entity metadata information + add(Triple.newInstance(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, + PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true)); + add(Triple.newInstance(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, + PvpAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, true)); + + // entity eID information + add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME, + AhExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, true)); + add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME, + AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, true)); + + //request pII transactionId from MS-Connector + add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, + ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_FRIENDLY_NAME, false)); + + } + }); + + public static final List DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES = + Collections.unmodifiableList(new ArrayList() { + private static final long serialVersionUID = 1L; + { + for (final Triple el : DEFAULT_REQUIRED_PVP_ATTRIBUTES) { + add(el.getFirst()); + } + } + }); + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthCredentialProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthCredentialProvider.java new file mode 100644 index 00000000..13c84bc5 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthCredentialProvider.java @@ -0,0 +1,130 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; + +import org.springframework.beans.factory.annotation.Autowired; + +/** + * Credential provider for eIDAS PVP S-Profile client. + * + * @author tlenz + * + */ +public class EidasCentralAuthCredentialProvider extends AbstractCredentialProvider { + + @Autowired + IConfiguration authConfig; + + private static final String FRIENDLYNAME = "eIDAS centrial authentication"; + + @Override + public KeyStoreConfiguration getBasicKeyStoreConfig() throws EaafConfigurationException { + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setFriendlyName(FRIENDLYNAME); + keyStoreConfig.setKeyStoreType( + authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE_TYPE, + KeyStoreType.PKCS12.getKeyStoreType())); + keyStoreConfig.setKeyStoreName( + authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE_NAME)); + keyStoreConfig.setSoftKeyStoreFilePath(getKeyStoreFilePath()); + keyStoreConfig.setSoftKeyStorePassword( + authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD)); + + return keyStoreConfig; + + } + + private String getKeyStoreFilePath() throws EaafConfigurationException { + final String path = authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE_PATH); + if (path == null) { + throw new EaafConfigurationException("module.eidasauth.00", + new Object[] { EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE_PATH }); + + } + return path; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getMetadataKeyAlias() + */ + @Override + public String getMetadataKeyAlias() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getMetadataKeyPassword() + */ + @Override + public String getMetadataKeyPassword() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getSignatureKeyAlias() + */ + @Override + public String getSignatureKeyAlias() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getSignatureKeyPassword() + */ + @Override + public String getSignatureKeyPassword() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getEncryptionKeyAlias() + */ + @Override + public String getEncryptionKeyAlias() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getEncryptionKeyPassword() + */ + @Override + public String getEncryptionKeyPassword() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataConfiguration.java new file mode 100644 index 00000000..ca71807f --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataConfiguration.java @@ -0,0 +1,471 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; + + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Triple; +import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; + +import org.opensaml.saml.saml2.core.Attribute; +import org.opensaml.saml.saml2.core.NameIDType; +import org.opensaml.saml.saml2.metadata.ContactPerson; +import org.opensaml.saml.saml2.metadata.Organization; +import org.opensaml.saml.saml2.metadata.RequestedAttribute; +import org.opensaml.security.credential.Credential; + +import lombok.extern.slf4j.Slf4j; + +/** + * Configuration object to generate PVP S-Profile metadata for SAML2 client. + * + * @author tlenz + * + */ +@Slf4j +public class EidasCentralAuthMetadataConfiguration implements IPvpMetadataBuilderConfiguration { + + private Collection additionalAttributes = null; + + private final String authUrl; + private final EidasCentralAuthCredentialProvider credentialProvider; + private final IPvp2BasicConfiguration pvpConfiguration; + + /** + * Configuration object to create PVP2 S-Profile metadata information. + * + * @param authUrl Public URL prefix of the application + * @param credentialProvider Credentials used by PVP2 S-Profile end-point + * @param pvpConfiguration Basic PVP2 S-Profile end-point configuration + */ + public EidasCentralAuthMetadataConfiguration(String authUrl, + EidasCentralAuthCredentialProvider credentialProvider, + IPvp2BasicConfiguration pvpConfiguration) { + this.authUrl = authUrl; + this.credentialProvider = credentialProvider; + this.pvpConfiguration = pvpConfiguration; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getMetadataValidUntil() + */ + @Override + public int getMetadataValidUntil() { + return EidasCentralAuthConstants.METADATA_VALIDUNTIL_IN_HOURS; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * buildEntitiesDescriptorAsRootElement() + */ + @Override + public boolean buildEntitiesDescriptorAsRootElement() { + return false; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * buildIDPSSODescriptor() + */ + @Override + public boolean buildIdpSsoDescriptor() { + return false; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * buildSPSSODescriptor() + */ + @Override + public boolean buildSpSsoDescriptor() { + return true; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getEntityIDPostfix() + */ + @Override + public String getEntityID() { + return authUrl + EidasCentralAuthConstants.ENDPOINT_METADATA; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getEntityFriendlyName() + */ + @Override + public String getEntityFriendlyName() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getContactPersonInformation() + */ + @Override + public List getContactPersonInformation() { + try { + return pvpConfiguration.getIdpContacts(); + + } catch (final EaafException e) { + log.warn("Can not load Metadata entry: Contect Person", e); + return null; + + } + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getOrgansiationInformation() + */ + @Override + public Organization getOrgansiationInformation() { + try { + return pvpConfiguration.getIdpOrganisation(); + + } catch (final EaafException e) { + log.warn("Can not load Metadata entry: Organisation", e); + return null; + + } + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getMetadataSigningCredentials() + */ + @Override + public EaafX509Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getMetaDataSigningCredential(); + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getRequestorResponseSigningCredentials() + */ + @Override + public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getMessageSigningCredential(); + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getEncryptionCredentials() + */ + @Override + public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getMessageEncryptionCredential(); + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPWebSSOPostBindingURL() + */ + @Override + public String getIdpWebSsoPostBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPWebSSORedirectBindingURL() + */ + @Override + public String getIdpWebSsoRedirectBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPSLOPostBindingURL() + */ + @Override + public String getIdpSloPostBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPSLORedirectBindingURL() + */ + @Override + public String getIdpSloRedirectBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPAssertionConsumerServicePostBindingURL() + */ + @Override + public String getSpAssertionConsumerServicePostBindingUrl() { + return authUrl + EidasCentralAuthConstants.ENDPOINT_POST; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPAssertionConsumerServiceRedirectBindingURL() + */ + @Override + public String getSpAssertionConsumerServiceRedirectBindingUrl() { + return authUrl + EidasCentralAuthConstants.ENDPOINT_REDIRECT; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPSLOPostBindingURL() + */ + @Override + public String getSpSloPostBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPSLORedirectBindingURL() + */ + @Override + public String getSpSloRedirectBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPSLOSOAPBindingURL() + */ + @Override + public String getSpSloSoapBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPPossibleAttributes() + */ + @Override + public List getIdpPossibleAttributes() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPPossibleNameITTypes() + */ + @Override + public List getIdpPossibleNameIdTypes() { + return null; + } + + + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPRequiredAttributes() + */ + @Override + public Collection getSpRequiredAttributes() { + final Map requestedAttributes = new HashMap<>(); + + if (pvpConfiguration.getBasicConfiguration().getBasicConfigurationBoolean( + AuthHandlerConstants.PROP_CONFIG_LEGACY_ALLOW, false)) { + log.trace("Build required attributes for legacy operaton ... "); + injectDefinedAttributes(requestedAttributes, + EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES_WITHOUT_EID); + + } else { + log.trace("Build required attributes for E-ID operaton ... "); + injectDefinedAttributes(requestedAttributes, + EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES); + + } + + if (additionalAttributes != null) { + log.trace("Add additional PVP attributes into metadata ... "); + for (final RequestedAttribute el : additionalAttributes) { + if (requestedAttributes.containsKey(el.getName())) { + log.debug("Attribute " + el.getName() + + " is already added by default configuration. Overwrite it by user configuration"); + } + + requestedAttributes.put(el.getName(), el); + + } + } + + return requestedAttributes.values(); + + } + + + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPAllowedNameITTypes() + */ + @Override + public List getSpAllowedNameIdTypes() { + return Arrays.asList(NameIDType.PERSISTENT); + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPMetadataBuilderConfiguration#getSPNameForLogging() + */ + @Override + public String getSpNameForLogging() { + return EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPMetadataBuilderConfiguration#wantAssertionSigned() + */ + @Override + public boolean wantAssertionSigned() { + return false; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned() + */ + @Override + public boolean wantAuthnRequestSigned() { + return true; + } + + /** + * Add additonal PVP attributes that are required by this deployment. + * + * @param additionalAttr List of PVP attribute name and isRequired flag + */ + public void setAdditionalRequiredAttributes(List> additionalAttr) { + if (additionalAttr != null && !additionalAttr.isEmpty()) { + additionalAttributes = new ArrayList<>(); + for (final Pair el : additionalAttr) { + final Attribute attributBuilder = PvpAttributeBuilder.buildEmptyAttribute(el.getFirst()); + if (attributBuilder != null) { + additionalAttributes.add( + PvpAttributeBuilder.buildReqAttribute( + attributBuilder.getName(), + attributBuilder.getFriendlyName(), + el.getSecond())); + + } else { + log.info("NO PVP attribute with name: " + el.getFirst()); + } + + } + } + } + + private void injectDefinedAttributes(Map requestedAttributes, + List> attributes) { + for (final Triple el : attributes) { + requestedAttributes.put(el.getFirst(), PvpAttributeBuilder.buildReqAttribute(el.getFirst(), el + .getSecond(), el.getThird())); + + } + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataController.java new file mode 100644 index 00000000..90e1e674 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataController.java @@ -0,0 +1,149 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; + + +import java.io.IOException; +import java.net.MalformedURLException; +import java.net.URL; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.http.HttpUtils; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import com.google.common.net.MediaType; +import lombok.extern.slf4j.Slf4j; + +/** + * Controller that generates SAML2 metadata for eIDAS authentication client. + * + * @author tlenz + * + */ +@Slf4j +@Controller +public class EidasCentralAuthMetadataController extends AbstractController { + + private static final String ERROR_CODE_INTERNAL_00 = "eaaf.core.00"; + + @Autowired + PvpMetadataBuilder metadatabuilder; + @Autowired + EidasCentralAuthCredentialProvider credentialProvider; + @Autowired + IPvp2BasicConfiguration pvpConfiguration; + + /** + * Default construction with logging. + * + */ + public EidasCentralAuthMetadataController() { + super(); + log.debug("Registering servlet " + getClass().getName() + + " with mappings '" + EidasCentralAuthConstants.ENDPOINT_METADATA + + "'."); + + } + + /** + * End-point that produce PVP2 metadata for eIDAS authentication client. + * + * @param req http Request + * @param resp http Response + * @throws IOException In case of an I/O error + * @throws EaafException In case of a metadata generation error + */ + @RequestMapping(value = EidasCentralAuthConstants.ENDPOINT_METADATA, + method = { RequestMethod.GET }) + public void getSpMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException, + EaafException { + // check PublicURL prefix + try { + final String authUrl = getAuthUrlFromHttpContext(req); + + // initialize metadata builder configuration + final EidasCentralAuthMetadataConfiguration metadataConfig = + new EidasCentralAuthMetadataConfiguration(authUrl, credentialProvider, pvpConfiguration); + metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes()); + + // build metadata + final String xmlMetadata = metadatabuilder.buildPvpMetadata(metadataConfig); + + // write response + final byte[] content = xmlMetadata.getBytes("UTF-8"); + resp.setStatus(HttpServletResponse.SC_OK); + resp.setContentLength(content.length); + resp.setContentType(MediaType.XML_UTF_8.toString()); + resp.getOutputStream().write(content); + + } catch (final Exception e) { + log.warn("Build federated-authentication PVP metadata FAILED.", e); + protAuthService.handleErrorNoRedirect(e, req, resp, false); + + } + + } + + private String getAuthUrlFromHttpContext(HttpServletRequest req) throws EaafException { + // check if End-Point is valid + final String authUrlString = HttpUtils.extractAuthUrlFromRequest(req); + URL authReqUrl; + try { + authReqUrl = new URL(authUrlString); + + } catch (final MalformedURLException e) { + log.warn("Requested URL: {} is not a valid URL.", authUrlString); + throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString }, e); + + } + + final String idpAuthUrl = authConfig.validateIdpUrl(authReqUrl); + if (idpAuthUrl == null) { + log.warn("Requested URL: {} is NOT found in configuration.", authReqUrl); + throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString }); + + } + + return idpAuthUrl; + } + + private List> getAdditonalRequiredAttributes() { + final List> result = new ArrayList<>(); + + // load attributes from configuration + final Map addReqAttributes = authConfig.getBasicConfigurationWithPrefix( + EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST); + for (final String el : addReqAttributes.values()) { + if (StringUtils.isNotEmpty(el)) { + log.trace("Parse additional attr. definition: " + el); + final List attr = KeyValueUtils.getListOfCsvValues(el.trim()); + if (attr.size() == 2) { + result.add(Pair.newInstance(attr.get(0), Boolean.parseBoolean(attr.get(1)))); + + } else { + log.info("IGNORE additional attr. definition: " + el + + " Reason: Format not valid"); + } + } + } + + return result; + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataProvider.java new file mode 100644 index 00000000..b920e789 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataProvider.java @@ -0,0 +1,169 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; + +import java.io.IOException; +import java.security.KeyStore; +import java.security.Provider; +import java.security.cert.CertificateException; +import java.text.MessageFormat; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import javax.annotation.PostConstruct; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml.metadata.resolver.MetadataResolver; +import org.opensaml.saml.metadata.resolver.filter.MetadataFilter; +import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain; +import org.springframework.beans.factory.annotation.Autowired; + +import lombok.extern.slf4j.Slf4j; + +/** + * SAML2 metadata-provider implementation for eIDAS client. + * + * @author tlenz + * + */ +@Slf4j +public class EidasCentralAuthMetadataProvider extends AbstractChainingMetadataProvider { + + private static final String FRIENDLYNAME_METADATA_TRUSTSTORE = "'eIDAS_client metadata truststore'"; + private static final String PROVIDER_ID_PATTERN = "eIDAS resolver: {0}"; + public static final String PROVIDER_ID = "'eIDAS_client metadata provider'"; + + @Autowired + private IConfiguration basicConfig; + + @Autowired + private PvpMetadataResolverFactory metadataProviderFactory; + @Autowired + private IHttpClientFactory httpClientFactory; + + @Autowired + private EaafKeyStoreFactory keyStoreFactory; + + private Pair metadataSigningTrustStore; + + @Override + protected String getMetadataUrl(String entityId) throws EaafConfigurationException { + log.trace("eIDAS Auth. uses SAML2 well-known location approach. EntityId is Metadata-URL"); + return entityId; + + } + + @Override + protected MetadataResolver createNewMetadataProvider(String entityId) throws EaafConfigurationException, + IOException, CertificateException { + final List filterList = new ArrayList<>(); + filterList.add(new SchemaValidationFilter(true)); + filterList.add(new SimpleMetadataSignatureVerificationFilter( + metadataSigningTrustStore.getFirst(), entityId)); + + final MetadataFilterChain filter = new MetadataFilterChain(); + filter.setFilters(filterList); + + try { + return metadataProviderFactory.createMetadataProvider(getMetadataUrl(entityId), + filter, + MessageFormat.format(PROVIDER_ID_PATTERN, entityId), + httpClientFactory.getHttpClient()); + + } catch (final Pvp2MetadataException e) { + log.info("Can NOT build metadata provider for entityId: {}", entityId); + throw new EaafConfigurationException("module.eidasauth.04", + new Object[] { entityId, e.getMessage() }, e); + + } + } + + @Override + protected List getAllMetadataUrlsFromConfiguration() throws EaafConfigurationException { + return Collections.emptyList(); + + } + + @Override + protected String getMetadataProviderId() { + return PROVIDER_ID; + + } + + @Override + public void runGarbageCollector() { + log.trace("Garbage collection is NOT supported by: {}", getId()); + } + + @Override + public void doDestroy() { + super.fullyDestroy(); + + } + + @PostConstruct + private void initialize() throws EaafException { + // initialize truststore to validate metadata signing certificates + initializeTrustStore(); + + // load metadata with metadataURL, as backup + initializeFileSystemMetadata(); + + } + + private void initializeFileSystemMetadata() { + try { + final String metadataUrl = basicConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_NODE_METADATAURL); + if (StringUtils.isNotEmpty(metadataUrl)) { + log.info("Use not recommended metadata-provider initialization!" + + " SAML2 'Well-Known-Location' is the preferred methode."); + log.info("Initialize 'ms-specific eIDAS node' metadata-provider with URL: {}", metadataUrl); + + addMetadataResolverIntoChain(createNewMetadataProvider(metadataUrl)); + } + + } catch (final EaafConfigurationException | CertificateException | IOException e) { + log.warn("Can NOT inject static eIDAS Node metadata-soure.", e); + log.warn("eIDAS Node communication can be FAIL."); + + } + } + + private void initializeTrustStore() throws EaafException { + // set configuration + final KeyStoreConfiguration trustStoreConfig = new KeyStoreConfiguration(); + trustStoreConfig.setFriendlyName(FRIENDLYNAME_METADATA_TRUSTSTORE); + trustStoreConfig.setKeyStoreType(basicConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_TRUSTSTORE_TYPE, + KeyStoreType.JKS.getKeyStoreType())); + trustStoreConfig.setKeyStoreName(basicConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_TRUSTSTORE_NAME)); + trustStoreConfig.setSoftKeyStoreFilePath(basicConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_TRUSTSTORE_PATH)); + trustStoreConfig.setSoftKeyStorePassword(basicConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_TRUSTSTORE_PASSWORD)); + + // validate configuration + trustStoreConfig.validate(); + + // open new TrustStore + metadataSigningTrustStore = keyStoreFactory.buildNewKeyStore(trustStoreConfig); + + } + +} + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthRequestBuilderConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthRequestBuilderConfiguration.java new file mode 100644 index 00000000..723654eb --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthRequestBuilderConfiguration.java @@ -0,0 +1,300 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; + +import java.util.List; + +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation; + +import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration; +import org.opensaml.saml.saml2.core.NameIDType; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.w3c.dom.Element; + +public class EidasCentralAuthRequestBuilderConfiguration implements IPvpAuthnRequestBuilderConfiguruation { + + private boolean isPassive; + private String spEntityId; + private String qaaLevel; + private EntityDescriptor idpEntity; + private EaafX509Credential signCred; + private String scopeRequesterId; + private String providerName; + private List requestedAttributes; + private String reqId; + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#isPassivRequest() + */ + @Override + public Boolean isPassivRequest() { + return this.isPassive; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getAssertionConsumerServiceId() + */ + @Override + public Integer getAssertionConsumerServiceId() { + return 0; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getEntityID() + */ + @Override + public String getSpEntityID() { + return this.spEntityId; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() + */ + @Override + public String getNameIdPolicyFormat() { + return NameIDType.PERSISTENT; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() + */ + @Override + public boolean getNameIdPolicyAllowCreation() { + return true; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getAuthnContextClassRef() + */ + @Override + public String getAuthnContextClassRef() { + return this.qaaLevel; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getAuthnContextComparison() + */ + @Override + public AuthnContextComparisonTypeEnumeration getAuthnContextComparison() { + return AuthnContextComparisonTypeEnumeration.MINIMUM; + } + + /** + * Set isPassive flag in SAML2 request. + * + * @param isPassive the isPassive to set. + */ + public void setPassive(boolean isPassive) { + this.isPassive = isPassive; + } + + /** + * Set the requester EntityId. + * + * @param spEntityId EntityId of SP + */ + public void setSpEntityID(String spEntityId) { + this.spEntityId = spEntityId; + } + + /** + * Set required LoA. + * + * @param loa the LoA to set. + */ + public void setRequestedLoA(String loa) { + qaaLevel = loa; + } + + /** + * Set EntityId of IDP. + * + * @param idpEntity the idpEntity to set. + */ + public void setIdpEntity(EntityDescriptor idpEntity) { + this.idpEntity = idpEntity; + } + + /** + * Set message signing credentials. + * + * @param signCred the signCred to set. + */ + public void setSignCred(EaafX509Credential signCred) { + this.signCred = signCred; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getAuthnRequestSigningCredential() + */ + @Override + public EaafX509Credential getAuthnRequestSigningCredential() { + return this.signCred; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getIDPEntityDescriptor() + */ + @Override + public EntityDescriptor getIdpEntityDescriptor() { + return this.idpEntity; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSubjectNameID() + */ + @Override + public String getSubjectNameID() { + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSPNameForLogging() + */ + @Override + public String getSpNameForLogging() { + return EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDFormat() + */ + @Override + public String getSubjectNameIdFormat() { + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getRequestID() + */ + @Override + public String getRequestID() { + return this.reqId; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDQualifier() + */ + @Override + public String getSubjectNameIdQualifier() { + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationMethode() + */ + @Override + public String getSubjectConformationMethode() { + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationDate() + */ + @Override + public Element getSubjectConformationDate() { + return null; + } + + @Override + public List getRequestedAttributes() { + return this.requestedAttributes; + + } + + @Override + public String getProviderName() { + return this.providerName; + } + + @Override + public String getScopeRequesterId() { + return this.scopeRequesterId; + } + + /** + * Set the entityId of the SP that requests the proxy for eIDAS authentication. + * + * @param scopeRequesterId RequestId in SAML2 Proxy extension + */ + public void setScopeRequesterId(String scopeRequesterId) { + this.scopeRequesterId = scopeRequesterId; + } + + /** + * Set a friendlyName for the SP that requests the proxy for eIDAS + * authentication. + * + * @param providerName SAML2 provider-name attribute-value + */ + public void setProviderName(String providerName) { + this.providerName = providerName; + } + + /** + * Set a Set of PVP attributes that a requested by using requested attributes. + * + * @param requestedAttributes Requested SAML2 attributes + */ + public void setRequestedAttributes(List requestedAttributes) { + this.requestedAttributes = requestedAttributes; + } + + /** + * Set a RequestId for this Authn. Request. + * + * @param reqId SAML2 message requestId + */ + public void setRequestId(String reqId) { + this.reqId = reqId; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/IAhSpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/IAhSpConfiguration.java new file mode 100644 index 00000000..d8e873c0 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/IAhSpConfiguration.java @@ -0,0 +1,151 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; + +import java.util.List; + +import javax.annotation.Nonnull; +import javax.annotation.Nullable; + +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.impl.data.Pair; + +public interface IAhSpConfiguration extends ISpConfiguration { + + + /** + * Flag if this Service Provider is enabled. + * + * @return true if the SP is enabled, otherwise false + */ + boolean isEnabled(); + + /** + * Get unique identifier that is used in Application-Register from BM.I. + * + *

If no BM.I specific identifier is available then this method returns + * the same identifier as getUniqueIdentifier()

+ * + * @return unique identifier from BM.I AppReg, or generic uniqueId of no specific exists + */ + String getUniqueApplicationRegisterIdentifier(); + + /** + * Flag that marks this Service-Provider as public or private. + * + *

Default: If it is not set or has an unknown value, its private by default

+ * + * @return true if it is from public, otherwise false + */ + boolean isPublicServiceProvider(); + + /** + * Enable test identities for this Service Provider. + * + * @return true if test identities are allowed, otherwise false + */ + boolean isTestCredentialEnabled(); + + /** + * Get a List of OID's that refine the set of allowed test identities. + * + * @return @link {@link List} of test-identity OID's + */ + @Nullable + List getTestCredentialOids(); + + + /** + * Get a List of unique attribute URI's that are required by this SP. + * + * @return {@link List} of attribute URI's / parameter {@link Pair}s + */ + List> getRequiredAttributes(); + + + /** + * Get the CountryCode for this service.
+ *
+ * Default: AT + * + * @return + */ + String getCountryCode(); + + /** + * Set the CountryCode for this service. If not countryCode is set, AT is used as default. + * + * @param cc Service-Provider country-code + */ + void setCountryCode(String cc); + + /** + * Enable mandates for this service provider. + * + * @return true if mandates are enabled, otherwise false + */ + boolean isMandateEnabled(); + + /** + * Enables multi-mandates for this service-provider. + * + * @return true if multi-mandates are enabled, otherwise false + */ + boolean isMultiMandateEnabled(); + + /** + * Only mandates are allowed for this service provider. + * + * @return true if only mandates are allowed, otherwise false + */ + boolean isOnlyMandateEnabled(); + + /** + * Get a {@link List} of mandate profiles that are supported by this Service provider. + * + * @return + */ + @Nonnull List getMandateProfiles(); + + + /** + * eIDAS authentication allowed flag. + * + * @return true if eIDAS authentication is enabled, otherwise false + */ + boolean isEidasEnabled(); + + /** + * Get a List of targets for additional bPKs that are required by this service provider. + * + * @return List of prefixed bPK targets + */ + @Nonnull List getAdditionalBpkTargets(); + + /** + * Get a list of foreign bPK targets that are required by this service provider. + * + * @return List of pairs with prefixed bPK targets as first element and VKZ as second element + */ + @Nonnull List> getAdditionalForeignBpkTargets(); + + /** + * Flag that indicates that service-provider as restricted or unrestricted. + * + *

A restricted service-provider can only used by test-identities that contains a + * valid application-restriction in User-Certificate Pinning

+ * + *

Default: true

+ * + * @return true if it is restricted, otherwise false + */ + boolean isRestrictedServiceProvider(); + + + /** + * Defines the time in minutes how long the last VDA registration h@Override + ave passed as maximum. + * + * @return time in minutes + */ + long lastVdaAuthenticationDelay(); + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java index 736ac6e5..3f2ae1f2 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java @@ -23,15 +23,36 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig.EidasCentralAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig.EidasCentralAuthCredentialProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig.EidasCentralAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig.EidasCentralAuthRequestBuilderConfiguration; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig.IAhSpConfiguration; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PvpAuthnRequestBuilder; import lombok.extern.slf4j.Slf4j; +import net.shibboleth.utilities.java.support.security.SecureRandomIdentifierGenerationStrategy; import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml.saml2.core.Attribute; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.text.MessageFormat; +import java.util.ArrayList; +import java.util.List; /** * Task that searches ErnB and ZMR before adding person to SZR. @@ -43,12 +64,31 @@ import javax.servlet.http.HttpServletResponse; public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServletTask { + private static final String ERROR_CODE_02 = "module.eidasauth.02"; + + private static final String ERROR_MSG_1 = + "Requested 'ms-specific eIDAS node' {0} has no valid metadata or metadata is not found"; + + @Autowired + PvpAuthnRequestBuilder authnReqBuilder; + @Autowired + EidasCentralAuthCredentialProvider credential; + @Autowired + EidasCentralAuthMetadataProvider metadataService; + // @Autowired + // ITransactionStorage transactionStorage; + + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { log.trace("Starting GenerateMobilePhoneSignatureRequestTask"); //step 15a + + //final IAhSpConfiguration spConfig = pendingReq.getServiceProviderConfiguration( + // IAhSpConfiguration.class); + // get entityID for ms-specific eIDAS node final String msNodeEntityID = "TODO"; @@ -57,6 +97,45 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet throw new TaskExecutionException(pendingReq, "", null); } + + // load IDP SAML2 entitydescriptor + final EntityDescriptor entityDesc = metadataService.getEntityDescriptor(msNodeEntityID); + if (entityDesc == null) { + throw new EaafConfigurationException(ERROR_CODE_02, + new Object[]{MessageFormat.format(ERROR_MSG_1, msNodeEntityID)}); + + } + + // setup AuthnRequestBuilder configuration + final EidasCentralAuthRequestBuilderConfiguration authnReqConfig = + new EidasCentralAuthRequestBuilderConfiguration(); + final SecureRandomIdentifierGenerationStrategy gen = + new SecureRandomIdentifierGenerationStrategy(); + authnReqConfig.setRequestId(gen.generateIdentifier()); + authnReqConfig.setIdpEntity(entityDesc); + authnReqConfig.setPassive(false); + authnReqConfig.setSignCred(credential.getMessageSigningCredential()); + authnReqConfig.setSpEntityID(pendingReq.getAuthUrl() + EidasCentralAuthConstants.ENDPOINT_METADATA); + authnReqConfig.setRequestedLoA(authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_LOA, + EidasCentralAuthConstants.CONFIG_DEFAULT_LOA_EIDAS_LEVEL)); + + authnReqConfig.setScopeRequesterId( + pendingReq.getServiceProviderConfiguration(IAhSpConfiguration.class) + .getUniqueApplicationRegisterIdentifier()); + authnReqConfig.setProviderName(pendingReq.getServiceProviderConfiguration().getFriendlyName()); + authnReqConfig.setRequestedAttributes(buildRequestedAttributes(pendingReq)); + + /*build relayState for session synchronization, because SAML2 only allows RelayState with 80 characters + * but encrypted PendingRequestId is much longer. + */ + String relayState = Random.nextProcessReferenceValue(); + // transactionStorage.put(relayState, pendingReq.getPendingRequestId(), -1); + + // build and transmit AuthnRequest + authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig, relayState, response); + + //MsEidasNodeConstants.ENDPOINT_PVP_POST //MsEidasNodeConstants.ENDPOINT_PVP_METADATA @@ -67,4 +146,28 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet } } + private List buildRequestedAttributes(IRequest pendingReq) { + final List attributes = new ArrayList<>(); + + //build TransactionId attribute + final Attribute attrTransId = PvpAttributeBuilder.buildEmptyAttribute( + ExtendedPvpAttributeDefinitions.EID_TRANSACTION_ID_NAME); + final EaafRequestedAttribute attrTransIdReqAttr = Saml2Utils.generateReqAuthnAttributeSimple( + attrTransId, + true, + pendingReq.getUniqueTransactionIdentifier()); + attributes.add(attrTransIdReqAttr); + + // build EID sector for identification attribute + final Attribute attr = PvpAttributeBuilder.buildEmptyAttribute( + PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME); + final EaafRequestedAttribute bpkTargetReqAttr = Saml2Utils.generateReqAuthnAttributeSimple( + attr, + true, + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + attributes.add(bpkTargetReqAttr); + + return attributes; + } + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index d669835f..e1e3aedd 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -133,4 +133,8 @@ + + + \ No newline at end of file -- cgit v1.2.3 From cb42a3bce6a63f401750a77008ec69fe731365a1 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Thu, 28 Jan 2021 08:23:51 +0100 Subject: junit keystore and config --- .../config/junit_config_1_springboot.properties | 37 ++++++++++++++++++++ .../config/junit_config_2_springboot.properties | 38 +++++++++++++++++++++ .../src/test/resources/config/keys/junit_test.jks | Bin 0 -> 8410 bytes .../v2/mobilesig/EidasCentralAuthConstants.java | 2 +- .../EidasCentralAuthCredentialProvider.java | 2 +- .../src/main/resources/eidas_v2_auth.beans.xml | 7 ++++ 6 files changed, 84 insertions(+), 2 deletions(-) create mode 100644 connector/src/test/resources/config/keys/junit_test.jks (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/connector/src/test/resources/config/junit_config_1_springboot.properties b/connector/src/test/resources/config/junit_config_1_springboot.properties index e63cda7b..6bf2d399 100644 --- a/connector/src/test/resources/config/junit_config_1_springboot.properties +++ b/connector/src/test/resources/config/junit_config_1_springboot.properties @@ -81,3 +81,40 @@ eidas.ms.sp.1.pvp2.metadata.url=http://junit.test/metadata eidas.ms.sp.1.policy.allowed.requested.targets=test eidas.ms.sp.1.policy.hasBaseIdTransferRestriction=true +## PVP2 S-Profile client configuration +#eidas.ms.modules.eidascentralauth.keystore.type=jks +#eidas.ms.modules.eidascentralauth.keystore.path=keys/junit.jks1 +#eidas.ms.modules.eidascentralauth.keystore.password=password +#eidas.ms.modules.eidascentralauth.key.metadata.alias=meta +#eidas.ms.modules.eidascentralauth.key.metadata.password=password +#eidas.ms.modules.eidascentralauth.key.signing.alias=sig +#eidas.ms.modules.eidascentralauth.key.signing.password=password +#eidas.ms.modules.eidascentralauth.metadata.validity=24 + +#file:src/test/resources/config/junit_config_1_springboot.properties +#eidas.ms.modules.eidascentralauth.keystore.path=src/test/resources/config/junit_test.jks +eidas.ms.modules.eidascentralauth.keystore.path=keys/junit_test.jks +eidas.ms.modules.eidascentralauth.keystore.password=password +eidas.ms.modules.eidascentralauth.keystore.type=jks + +eidas.ms.modules.eidascentralauth.metadata.sign.alias=meta +eidas.ms.modules.eidascentralauth.metadata.sign.password=password +eidas.ms.modules.eidascentralauth.request.sign.alias=sig +eidas.ms.modules.eidascentralauth.request.sign.password=password +eidas.ms.modules.eidascentralauth.response.encryption.alias=enc +eidas.ms.modules.eidascentralauth.response.encryption.password=password + +eidas.ms.modules.eidascentralauth.truststore.path=src/test/resources/config/junit_test.jks +eidas.ms.modules.eidascentralauth.truststore.password=password +eidas.ms.modules.eidascentralauth.truststore.type=jks + +eidas.ms.modules.eidascentralauth.node.entityId= +eidas.ms.modules.eidascentralauth.node.metadataUrl= + +eidas.ms.modules.eidascentralauth.metadata.organisation.name=JUnit +eidas.ms.modules.eidascentralauth.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.modules.eidascentralauth.metadata.organisation.url=http://junit.test +eidas.ms.modules.eidascentralauth.metadata.contact.givenname=Max +eidas.ms.modules.eidascentralauth.metadata.contact.surname=Mustermann +eidas.ms.modules.eidascentralauth.metadata.contact.email=max@junit.test + diff --git a/connector/src/test/resources/config/junit_config_2_springboot.properties b/connector/src/test/resources/config/junit_config_2_springboot.properties index ecb22dec..da82b92b 100644 --- a/connector/src/test/resources/config/junit_config_2_springboot.properties +++ b/connector/src/test/resources/config/junit_config_2_springboot.properties @@ -81,3 +81,41 @@ eidas.ms.sp.1.pvp2.metadata.url=http://junit.test/metadata eidas.ms.sp.1.policy.allowed.requested.targets=test eidas.ms.sp.1.policy.hasBaseIdTransferRestriction=true + +## PVP2 S-Profile client configuration +#eidas.ms.modules.eidascentralauth.keystore.type=jks +#eidas.ms.modules.eidascentralauth.keystore.path=keys/junit.jks1 +#eidas.ms.modules.eidascentralauth.keystore.password=password +#eidas.ms.modules.eidascentralauth.key.metadata.alias=meta +#eidas.ms.modules.eidascentralauth.key.metadata.password=password +#eidas.ms.modules.eidascentralauth.key.signing.alias=sig +#eidas.ms.modules.eidascentralauth.key.signing.password=password +#eidas.ms.modules.eidascentralauth.metadata.validity=24 + +#file:src/test/resources/config/junit_config_1_springboot.properties +#eidas.ms.modules.eidascentralauth.keystore.path=src/test/resources/config/junit_test.jks +eidas.ms.modules.eidascentralauth.keystore.path=keys/junit_test.jks +eidas.ms.modules.eidascentralauth.keystore.password=password +eidas.ms.modules.eidascentralauth.keystore.type=jks + +eidas.ms.modules.eidascentralauth.metadata.sign.alias=meta +eidas.ms.modules.eidascentralauth.metadata.sign.password=password +eidas.ms.modules.eidascentralauth.request.sign.alias=sig +eidas.ms.modules.eidascentralauth.request.sign.password=password +eidas.ms.modules.eidascentralauth.response.encryption.alias=enc +eidas.ms.modules.eidascentralauth.response.encryption.password=password + +eidas.ms.modules.eidascentralauth.truststore.path=src/test/resources/config/junit_test.jks +eidas.ms.modules.eidascentralauth.truststore.password=password +eidas.ms.modules.eidascentralauth.truststore.type=jks + +eidas.ms.modules.eidascentralauth.node.entityId= +eidas.ms.modules.eidascentralauth.node.metadataUrl= + +eidas.ms.modules.eidascentralauth.metadata.organisation.name=JUnit +eidas.ms.modules.eidascentralauth.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.modules.eidascentralauth.metadata.organisation.url=http://junit.test +eidas.ms.modules.eidascentralauth.metadata.contact.givenname=Max +eidas.ms.modules.eidascentralauth.metadata.contact.surname=Mustermann +eidas.ms.modules.eidascentralauth.metadata.contact.email=max@junit.test + diff --git a/connector/src/test/resources/config/keys/junit_test.jks b/connector/src/test/resources/config/keys/junit_test.jks new file mode 100644 index 00000000..ee6254a9 Binary files /dev/null and b/connector/src/test/resources/config/keys/junit_test.jks differ diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthConstants.java index e4d520b4..ef7f667c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthConstants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthConstants.java @@ -34,7 +34,7 @@ public class EidasCentralAuthConstants { public static final String CONFIG_PROPS_KEYSTORE_TYPE = CONFIG_PROPS_PREFIX + "keystore.type"; public static final String CONFIG_PROPS_KEYSTORE_NAME = CONFIG_PROPS_PREFIX + "keystore.name"; public static final String CONFIG_PROPS_KEYSTORE_PATH = CONFIG_PROPS_PREFIX + "keystore.path"; - public static final String CONFIG_PROPS_KEYSTOREPASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; + public static final String CONFIG_PROPS_KEYSTORE_PASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.password"; public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS = CONFIG_PROPS_PREFIX diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthCredentialProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthCredentialProvider.java index 13c84bc5..81ef82ed 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthCredentialProvider.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthCredentialProvider.java @@ -32,7 +32,7 @@ public class EidasCentralAuthCredentialProvider extends AbstractCredentialProvid authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE_NAME)); keyStoreConfig.setSoftKeyStoreFilePath(getKeyStoreFilePath()); keyStoreConfig.setSoftKeyStorePassword( - authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD)); + authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE_PASSWORD)); return keyStoreConfig; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index e1e3aedd..dd0e1345 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -137,4 +137,11 @@ + + + + + \ No newline at end of file -- cgit v1.2.3 From 1791466bba8dc34971be3168ddcbf65b6cb2af98 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Thu, 28 Jan 2021 10:17:03 +0100 Subject: rename to IdAustriaClient --- .../config/junit_config_1_springboot.properties | 68 ++- .../config/junit_config_2_springboot.properties | 68 ++- .../AhExtendedPvpAttributeDefinitions.java | 24 ++ .../v2/idAustriaClient/AuthHandlerConstants.java | 141 ++++++ .../v2/idAustriaClient/IAhSpConfiguration.java | 151 +++++++ .../IdAustriaClientAuthConstants.java | 166 ++++++++ .../IdAustriaClientAuthCredentialProvider.java | 130 ++++++ .../IdAustriaClientAuthMetadataConfiguration.java | 471 +++++++++++++++++++++ .../IdAustriaClientAuthMetadataController.java | 149 +++++++ .../IdAustriaClientAuthMetadataProvider.java | 169 ++++++++ ...striaClientAuthRequestBuilderConfiguration.java | 300 +++++++++++++ .../AhExtendedPvpAttributeDefinitions.java | 24 -- .../eidas/v2/mobilesig/AuthHandlerConstants.java | 141 ------ .../v2/mobilesig/EidasCentralAuthConstants.java | 166 -------- .../EidasCentralAuthCredentialProvider.java | 130 ------ .../EidasCentralAuthMetadataConfiguration.java | 471 --------------------- .../EidasCentralAuthMetadataController.java | 149 ------- .../EidasCentralAuthMetadataProvider.java | 169 -------- ...idasCentralAuthRequestBuilderConfiguration.java | 300 ------------- .../eidas/v2/mobilesig/IAhSpConfiguration.java | 151 ------- .../GenerateMobilePhoneSignatureRequestTask.java | 24 +- .../src/main/resources/eidas_v2_auth.beans.xml | 6 +- 22 files changed, 1782 insertions(+), 1786 deletions(-) create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AhExtendedPvpAttributeDefinitions.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AuthHandlerConstants.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IAhSpConfiguration.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthConstants.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthCredentialProvider.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataConfiguration.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataController.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataProvider.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthRequestBuilderConfiguration.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AhExtendedPvpAttributeDefinitions.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AuthHandlerConstants.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthConstants.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthCredentialProvider.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataConfiguration.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataController.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataProvider.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthRequestBuilderConfiguration.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/IAhSpConfiguration.java (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/connector/src/test/resources/config/junit_config_1_springboot.properties b/connector/src/test/resources/config/junit_config_1_springboot.properties index 6bf2d399..1cfeef37 100644 --- a/connector/src/test/resources/config/junit_config_1_springboot.properties +++ b/connector/src/test/resources/config/junit_config_1_springboot.properties @@ -82,39 +82,37 @@ eidas.ms.sp.1.policy.allowed.requested.targets=test eidas.ms.sp.1.policy.hasBaseIdTransferRestriction=true ## PVP2 S-Profile client configuration -#eidas.ms.modules.eidascentralauth.keystore.type=jks -#eidas.ms.modules.eidascentralauth.keystore.path=keys/junit.jks1 -#eidas.ms.modules.eidascentralauth.keystore.password=password -#eidas.ms.modules.eidascentralauth.key.metadata.alias=meta -#eidas.ms.modules.eidascentralauth.key.metadata.password=password -#eidas.ms.modules.eidascentralauth.key.signing.alias=sig -#eidas.ms.modules.eidascentralauth.key.signing.password=password -#eidas.ms.modules.eidascentralauth.metadata.validity=24 - -#file:src/test/resources/config/junit_config_1_springboot.properties -#eidas.ms.modules.eidascentralauth.keystore.path=src/test/resources/config/junit_test.jks -eidas.ms.modules.eidascentralauth.keystore.path=keys/junit_test.jks -eidas.ms.modules.eidascentralauth.keystore.password=password -eidas.ms.modules.eidascentralauth.keystore.type=jks - -eidas.ms.modules.eidascentralauth.metadata.sign.alias=meta -eidas.ms.modules.eidascentralauth.metadata.sign.password=password -eidas.ms.modules.eidascentralauth.request.sign.alias=sig -eidas.ms.modules.eidascentralauth.request.sign.password=password -eidas.ms.modules.eidascentralauth.response.encryption.alias=enc -eidas.ms.modules.eidascentralauth.response.encryption.password=password - -eidas.ms.modules.eidascentralauth.truststore.path=src/test/resources/config/junit_test.jks -eidas.ms.modules.eidascentralauth.truststore.password=password -eidas.ms.modules.eidascentralauth.truststore.type=jks - -eidas.ms.modules.eidascentralauth.node.entityId= -eidas.ms.modules.eidascentralauth.node.metadataUrl= - -eidas.ms.modules.eidascentralauth.metadata.organisation.name=JUnit -eidas.ms.modules.eidascentralauth.metadata.organisation.friendyname=For testing with jUnit -eidas.ms.modules.eidascentralauth.metadata.organisation.url=http://junit.test -eidas.ms.modules.eidascentralauth.metadata.contact.givenname=Max -eidas.ms.modules.eidascentralauth.metadata.contact.surname=Mustermann -eidas.ms.modules.eidascentralauth.metadata.contact.email=max@junit.test +#eidas.ms.modules.idaustriaclient.keystore.type=jks +#eidas.ms.modules.idaustriaclient.keystore.path=keys/junit.jks1 +#eidas.ms.modules.idaustriaclient.keystore.password=password +#eidas.ms.modules.idaustriaclient.key.metadata.alias=meta +#eidas.ms.modules.idaustriaclient.key.metadata.password=password +#eidas.ms.modules.idaustriaclient.key.signing.alias=sig +#eidas.ms.modules.idaustriaclient.key.signing.password=password +#eidas.ms.modules.idaustriaclient.metadata.validity=24 + +eidas.ms.modules.idaustriaclient.keystore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaclient.keystore.password=password +eidas.ms.modules.idaustriaclient.keystore.type=jks + +eidas.ms.modules.idaustriaclient.metadata.sign.alias=meta +eidas.ms.modules.idaustriaclient.metadata.sign.password=password +eidas.ms.modules.idaustriaclient.request.sign.alias=sig +eidas.ms.modules.idaustriaclient.request.sign.password=password +eidas.ms.modules.idaustriaclient.response.encryption.alias=enc +eidas.ms.modules.idaustriaclient.response.encryption.password=password + +eidas.ms.modules.idaustriaclient.truststore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaclient.truststore.password=password +eidas.ms.modules.idaustriaclient.truststore.type=jks + +eidas.ms.modules.idaustriaclient.node.entityId= +eidas.ms.modules.idaustriaclient.node.metadataUrl= + +eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit +eidas.ms.modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.modules.idaustriaclient.metadata.organisation.url=http://junit.test +eidas.ms.modules.idaustriaclient.metadata.contact.givenname=Max +eidas.ms.modules.idaustriaclient.metadata.contact.surname=Mustermann +eidas.ms.modules.idaustriaclient.metadata.contact.email=max@junit.test diff --git a/connector/src/test/resources/config/junit_config_2_springboot.properties b/connector/src/test/resources/config/junit_config_2_springboot.properties index da82b92b..4c2be39b 100644 --- a/connector/src/test/resources/config/junit_config_2_springboot.properties +++ b/connector/src/test/resources/config/junit_config_2_springboot.properties @@ -83,39 +83,37 @@ eidas.ms.sp.1.policy.hasBaseIdTransferRestriction=true ## PVP2 S-Profile client configuration -#eidas.ms.modules.eidascentralauth.keystore.type=jks -#eidas.ms.modules.eidascentralauth.keystore.path=keys/junit.jks1 -#eidas.ms.modules.eidascentralauth.keystore.password=password -#eidas.ms.modules.eidascentralauth.key.metadata.alias=meta -#eidas.ms.modules.eidascentralauth.key.metadata.password=password -#eidas.ms.modules.eidascentralauth.key.signing.alias=sig -#eidas.ms.modules.eidascentralauth.key.signing.password=password -#eidas.ms.modules.eidascentralauth.metadata.validity=24 - -#file:src/test/resources/config/junit_config_1_springboot.properties -#eidas.ms.modules.eidascentralauth.keystore.path=src/test/resources/config/junit_test.jks -eidas.ms.modules.eidascentralauth.keystore.path=keys/junit_test.jks -eidas.ms.modules.eidascentralauth.keystore.password=password -eidas.ms.modules.eidascentralauth.keystore.type=jks - -eidas.ms.modules.eidascentralauth.metadata.sign.alias=meta -eidas.ms.modules.eidascentralauth.metadata.sign.password=password -eidas.ms.modules.eidascentralauth.request.sign.alias=sig -eidas.ms.modules.eidascentralauth.request.sign.password=password -eidas.ms.modules.eidascentralauth.response.encryption.alias=enc -eidas.ms.modules.eidascentralauth.response.encryption.password=password - -eidas.ms.modules.eidascentralauth.truststore.path=src/test/resources/config/junit_test.jks -eidas.ms.modules.eidascentralauth.truststore.password=password -eidas.ms.modules.eidascentralauth.truststore.type=jks - -eidas.ms.modules.eidascentralauth.node.entityId= -eidas.ms.modules.eidascentralauth.node.metadataUrl= - -eidas.ms.modules.eidascentralauth.metadata.organisation.name=JUnit -eidas.ms.modules.eidascentralauth.metadata.organisation.friendyname=For testing with jUnit -eidas.ms.modules.eidascentralauth.metadata.organisation.url=http://junit.test -eidas.ms.modules.eidascentralauth.metadata.contact.givenname=Max -eidas.ms.modules.eidascentralauth.metadata.contact.surname=Mustermann -eidas.ms.modules.eidascentralauth.metadata.contact.email=max@junit.test +#eidas.ms.modules.idaustriaclient.keystore.type=jks +#eidas.ms.modules.idaustriaclient.keystore.path=keys/junit.jks1 +#eidas.ms.modules.idaustriaclient.keystore.password=password +#eidas.ms.modules.idaustriaclient.key.metadata.alias=meta +#eidas.ms.modules.idaustriaclient.key.metadata.password=password +#eidas.ms.modules.idaustriaclient.key.signing.alias=sig +#eidas.ms.modules.idaustriaclient.key.signing.password=password +#eidas.ms.modules.idaustriaclient.metadata.validity=24 + +eidas.ms.modules.idaustriaclient.keystore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaclient.keystore.password=password +eidas.ms.modules.idaustriaclient.keystore.type=jks + +eidas.ms.modules.idaustriaclient.metadata.sign.alias=meta +eidas.ms.modules.idaustriaclient.metadata.sign.password=password +eidas.ms.modules.idaustriaclient.request.sign.alias=sig +eidas.ms.modules.idaustriaclient.request.sign.password=password +eidas.ms.modules.idaustriaclient.response.encryption.alias=enc +eidas.ms.modules.idaustriaclient.response.encryption.password=password + +eidas.ms.modules.idaustriaclient.truststore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaclient.truststore.password=password +eidas.ms.modules.idaustriaclient.truststore.type=jks + +eidas.ms.modules.idaustriaclient.node.entityId= +eidas.ms.modules.idaustriaclient.node.metadataUrl= + +eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit +eidas.ms.modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.modules.idaustriaclient.metadata.organisation.url=http://junit.test +eidas.ms.modules.idaustriaclient.metadata.contact.givenname=Max +eidas.ms.modules.idaustriaclient.metadata.contact.surname=Mustermann +eidas.ms.modules.idaustriaclient.metadata.contact.email=max@junit.test diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AhExtendedPvpAttributeDefinitions.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AhExtendedPvpAttributeDefinitions.java new file mode 100644 index 00000000..8dea6df3 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AhExtendedPvpAttributeDefinitions.java @@ -0,0 +1,24 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; + +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class AhExtendedPvpAttributeDefinitions implements ExtendedPvpAttributeDefinitions { + private static final Logger log = + LoggerFactory.getLogger(AhExtendedPvpAttributeDefinitions.class); + + private AhExtendedPvpAttributeDefinitions() { + log.trace("Instance class: {} for SonarQube", + AhExtendedPvpAttributeDefinitions.class.getName()); + + } + + public static final String EID_BCBIND_NAME = "urn:eidgvat:attributes.bcbind"; + public static final String EID_BCBIND_FRIENDLY_NAME = "bcBind"; + + public static final String EID_BINDING_PUBKEY_NAME = "urn:eidgvat:attributes.binding.pubkey"; + public static final String EID_BINDING_PUBKEY_FRIENDLY_NAME = "BindingPubKey"; + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AuthHandlerConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AuthHandlerConstants.java new file mode 100644 index 00000000..9c6929c2 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AuthHandlerConstants.java @@ -0,0 +1,141 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; + + +public class AuthHandlerConstants { + + private AuthHandlerConstants() { + + } + + // TODO: maybe update to another target + public static final String DEFAULT_INTERNAL_BPK_TARGET = "urn:publicid:gv.at:cdid+ZP-MH"; + + // configuration parameters + public static final String PROP_CONFIG_APPLICATION_PREFIX = "authhandler."; + public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX = "core.context.url.prefix"; + public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION = + "core.context.url.request.validation"; + public static final String PROP_CONFIG_LEGACY_ALLOW = "core.legacy.allowLegacyMode"; + + public static final String PROP_CONFIG_WEBCONTENT_STATIC_PATH = + "core.webcontent.static.directory"; + public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH = "core.webcontent.templates"; + public static final String PROP_CONFIG_WEBCONTENT_PROPERTIES_PATH = "core.webcontent.properties"; + + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_NAME = "core.cache.transaction.name"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_ENABLED = + "core.cache.transaction.encryption.enabled"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEY_TYPE = + "core.cache.transaction.encryption.type"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_PASSPHRASE = + "core.cache.transaction.encryption.passphrase"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_SALT = + "core.cache.transaction.encryption.salt"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEYSTORE_NAME = + "core.cache.transaction.encryption.keystore.name"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEY_ALIAS = + "core.cache.transaction.encryption.key.alias"; + + public static final String PROP_CONFIG_CACHE_ATTRIBUTEPROXY_NAME = + "core.cache.attributeproxy.name"; + + public static final String PROP_CONFIG_BACKEND_ENDPOINT_GETALLSUPPORTEDATTRIBUTES = + "backend.endpoints.getallsupportedattributes"; + public static final String PROP_CONFIG_BACKEND_ENDPOINT_GETAPPLICATIONCONFIGURATION = + "backend.endpoints.getapplicationconfiguration"; + + public static final String PROP_CONFIG_INTERNAL_BPK_TARGET = "core.internal.bpk.target"; + + public static final String PROP_CONFIG_INTERNAL_FRONTEND_ONLY_MODE = "core.internal.frontend.only.mode"; + public static final boolean PROP_DEFAULT_CONFIG_INTERNAL_FRONTEND_ONLY_MODE = false; + + // Servlet End-Points + public static final String ENDPOINT_PROCESSENGINE_CONTROLLER = "/api/process"; + public static final String ENDPOINT_ERROR_IFRAME_HOPPING = "/error/parenthop"; + + + // GUI template directories + public static final String CLASSPATH_TEMPLATE_DIR = "/templates/"; + public static final String FILESYSTEM_TEMPLATE_DIR = "./templates/"; + public static final String TEMPLATE_HTML_ERROR = "error_message.html"; + + // GUI template defaultfiles + public static final String TEMPLATE_AUTHPROCESS_SELECTION_VDA_FULLFRAME = "authSelection.html"; + public static final String TEMPLATE_AUTHPROCESS_SELECTION_VDA_IFRAME = "authSelection_iframe.html"; + public static final String TEMPLATE_USER_CONSENT_REQUEST = "userConsent.html"; + public static final String TEMPLATE_IFRAME_TO_PARENT_HOPE = "iframe_parent_hope.html"; + public static final String TEMPLATE_MANDATE_SELECTION = "mandateSelection.html"; + public static final String TEMPLATE_PROF_REP_MANDATE_SELECTION = "profRepMandateSelection.html"; + public static final String TEMPLATE_MANDATE_SELECTION_DUMMY = "mandateSelection_dummy.html"; + + + + // http request parameters + public static final String HTTP_PARAM_APPLICATION_ID = "appId"; + public static final String HTTP_PARAM_STOP_PROCESS = "stopAuthProcess"; + public static final String HTTP_PARAM_EIDAS_PROCESS = "useeIDAS"; + public static final String HTTP_PARAM_EID_PROCESS = "useeID"; + public static final String HTTP_PARAM_EID_BINDING_AUTH_PROCESS = "useBindingAuth"; + public static final String HTTP_PARAM_USE_MANDATES = "useMandate"; + public static final String HTTP_PARAM_AUTHMETHOD = "authMethod"; + public static final String HTTP_PARAM_CONSENT_RELEASE_ATTRIBUTES = "releaseAttributes"; + public static final String HTTP_PARAM_CONSENT_STORE_CONSENT = "storeConsent"; + + @Deprecated + public static final String HTTP_PARAM_EIDMIGRATIONPILOT_PROCESS = "pilotMigration"; + @Deprecated + public static final String HTTP_PARAM_EIDMIGRATIONPILOT_SHOW_INFO_PAGE = "pilotMigrationInfoPage"; + @Deprecated + public static final String HTTP_PARAM_MOBILESIGNATURE_PROCESS = "usemobileSig"; + + // UI options + public static final String UI_PARAM_USE_MANDATES = HTTP_PARAM_USE_MANDATES; + public static final String UI_PARAM_USE_ONLY_MANDATES = "useOnlyMandate"; + public static final String UI_PARAM_USE_EIDAS = HTTP_PARAM_EIDAS_PROCESS; + public static final String UI_PARAM_DSGVO_SHORT_INFO = "dsgvoShortText"; + public static final String UI_PARAM_DSGVO_SP_PRIVACY_STATEMENT_URL = "dsgvoPrivacyStatementUrl"; + public static final String UI_PARAM_DSGVO_SP_SERVICE_URL = "dsgvoServiceUrl"; + public static final String UI_PARAM_DSGVO_SP_LOGO = "dsgvoSpLogo"; + public static final String UI_PARAM_DSGVO_SP_LOGO_SET = "dsgvoSpLogoSet"; + public static final String UI_PARAM_DSGVO_SP_LOGO_SET_DATAURL = "dataUrl"; + public static final String UI_PARAM_DSGVO_SP_LOGO_SET_THEME = "theme"; + public static final String UI_PARAM_DSGVO_SP_LOGO_SET_RESOLUTION = "resolution"; + public static final String UI_PARAM_DSGVO_SP_LOGO_SET_TYPE = "type"; + + public enum LogoType { SVG, PNG, UNKNOWN } + + public enum AuthBlockType { + CADES("CAdES"), JWS("JWS"), NONE("none"); + + private final String internalType; + + AuthBlockType(final String type) { + this.internalType = type; + + } + + /** + * Get Type identifier for this AuthBlock. + * + * @return + */ + public String getAuthBlockType() { + return this.internalType; + } + + @Override + public String toString() { + return getAuthBlockType(); + + } + } + + // process context parameters + public static final String PROCESSCONTEXT_USERCONSENT_NEEDED = "userConsentNeeded"; + public static final String PROCESSCONTEXT_AUTHPROCESSSELECTION_DONE = "authProcSelectDone"; + public static final String PROCESSCONTEXT_SWITCH_LANGUAGE = "changeLanguage"; + public static final String PROCESSCONTEXT_IFRAME_PARENT_NEEDED = "iframeParentNeeded"; + + public static final String PROCESSCONTEXT_WAS_EID_PROCESS = "wasEidProcess"; + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IAhSpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IAhSpConfiguration.java new file mode 100644 index 00000000..2a54f541 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IAhSpConfiguration.java @@ -0,0 +1,151 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; + +import java.util.List; + +import javax.annotation.Nonnull; +import javax.annotation.Nullable; + +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.impl.data.Pair; + +public interface IAhSpConfiguration extends ISpConfiguration { + + + /** + * Flag if this Service Provider is enabled. + * + * @return true if the SP is enabled, otherwise false + */ + boolean isEnabled(); + + /** + * Get unique identifier that is used in Application-Register from BM.I. + * + *

If no BM.I specific identifier is available then this method returns + * the same identifier as getUniqueIdentifier()

+ * + * @return unique identifier from BM.I AppReg, or generic uniqueId of no specific exists + */ + String getUniqueApplicationRegisterIdentifier(); + + /** + * Flag that marks this Service-Provider as public or private. + * + *

Default: If it is not set or has an unknown value, its private by default

+ * + * @return true if it is from public, otherwise false + */ + boolean isPublicServiceProvider(); + + /** + * Enable test identities for this Service Provider. + * + * @return true if test identities are allowed, otherwise false + */ + boolean isTestCredentialEnabled(); + + /** + * Get a List of OID's that refine the set of allowed test identities. + * + * @return @link {@link List} of test-identity OID's + */ + @Nullable + List getTestCredentialOids(); + + + /** + * Get a List of unique attribute URI's that are required by this SP. + * + * @return {@link List} of attribute URI's / parameter {@link Pair}s + */ + List> getRequiredAttributes(); + + + /** + * Get the CountryCode for this service.
+ *
+ * Default: AT + * + * @return + */ + String getCountryCode(); + + /** + * Set the CountryCode for this service. If not countryCode is set, AT is used as default. + * + * @param cc Service-Provider country-code + */ + void setCountryCode(String cc); + + /** + * Enable mandates for this service provider. + * + * @return true if mandates are enabled, otherwise false + */ + boolean isMandateEnabled(); + + /** + * Enables multi-mandates for this service-provider. + * + * @return true if multi-mandates are enabled, otherwise false + */ + boolean isMultiMandateEnabled(); + + /** + * Only mandates are allowed for this service provider. + * + * @return true if only mandates are allowed, otherwise false + */ + boolean isOnlyMandateEnabled(); + + /** + * Get a {@link List} of mandate profiles that are supported by this Service provider. + * + * @return + */ + @Nonnull List getMandateProfiles(); + + + /** + * eIDAS authentication allowed flag. + * + * @return true if eIDAS authentication is enabled, otherwise false + */ + boolean isEidasEnabled(); + + /** + * Get a List of targets for additional bPKs that are required by this service provider. + * + * @return List of prefixed bPK targets + */ + @Nonnull List getAdditionalBpkTargets(); + + /** + * Get a list of foreign bPK targets that are required by this service provider. + * + * @return List of pairs with prefixed bPK targets as first element and VKZ as second element + */ + @Nonnull List> getAdditionalForeignBpkTargets(); + + /** + * Flag that indicates that service-provider as restricted or unrestricted. + * + *

A restricted service-provider can only used by test-identities that contains a + * valid application-restriction in User-Certificate Pinning

+ * + *

Default: true

+ * + * @return true if it is restricted, otherwise false + */ + boolean isRestrictedServiceProvider(); + + + /** + * Defines the time in minutes how long the last VDA registration h@Override + ave passed as maximum. + * + * @return time in minutes + */ + long lastVdaAuthenticationDelay(); + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthConstants.java new file mode 100644 index 00000000..22910614 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthConstants.java @@ -0,0 +1,166 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; + + +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.impl.data.Triple; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + + +public class IdAustriaClientAuthConstants { + + private IdAustriaClientAuthConstants() { + + } + + public static final String SAML2_STATUSCODE_USERSTOP = "1005"; + + public static final String MODULE_NAME_FOR_LOGGING = "ID Austria Client"; + + public static final int METADATA_VALIDUNTIL_IN_HOURS = 24; + + // public static final String HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION = + // AuthHandlerConstants.HTTP_PARAM_EIDAS_PROCESS; + + public static final String ENDPOINT_POST = "/idAustriaSp/post"; + public static final String ENDPOINT_REDIRECT = "/idAustriaSp/redirect"; + public static final String ENDPOINT_METADATA = "/idAustriaSp/metadata"; + + public static final String CONFIG_PROPS_PREFIX = "modules.idaustriaclient."; + public static final String CONFIG_PROPS_KEYSTORE_TYPE = CONFIG_PROPS_PREFIX + "keystore.type"; + public static final String CONFIG_PROPS_KEYSTORE_NAME = CONFIG_PROPS_PREFIX + "keystore.name"; + public static final String CONFIG_PROPS_KEYSTORE_PATH = CONFIG_PROPS_PREFIX + "keystore.path"; + public static final String CONFIG_PROPS_KEYSTORE_PASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; + public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX + + "metadata.sign.password"; + public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS = CONFIG_PROPS_PREFIX + + "metadata.sign.alias"; + public static final String CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD = CONFIG_PROPS_PREFIX + + "request.sign.password"; + public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS = CONFIG_PROPS_PREFIX + + "request.sign.alias"; + public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX + + "response.encryption.password"; + public static final String CONFIG_PROPS_ENCRYPTION_ALIAS = CONFIG_PROPS_PREFIX + + "response.encryption.alias"; + + public static final String CONFIG_PROPS_TRUSTSTORE_TYPE = CONFIG_PROPS_PREFIX + "truststore.type"; + public static final String CONFIG_PROPS_TRUSTSTORE_NAME = CONFIG_PROPS_PREFIX + "truststore.name"; + public static final String CONFIG_PROPS_TRUSTSTORE_PATH = CONFIG_PROPS_PREFIX + "truststore.path"; + public static final String CONFIG_PROPS_TRUSTSTORE_PASSWORD = CONFIG_PROPS_PREFIX + "truststore.password"; + + public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + + "required.additional.attributes"; + public static final String CONFIG_PROPS_REQUIRED_LOA = CONFIG_PROPS_PREFIX + + "required.loa"; + public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "node.entityId"; + public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "node.metadataUrl"; + public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID"; + + + public static final String CONFIG_PROPS_METADATA_CONTACT_GIVENNAME = + CONFIG_PROPS_PREFIX + "metadata.contact.givenname"; + public static final String CONFIG_PROPS_METADATA_CONTACT_SURNAME = + CONFIG_PROPS_PREFIX + "metadata.contact.surname"; + public static final String CONFIG_PROPS_METADATA_CONTACT_EMAIL = + CONFIG_PROPS_PREFIX + "metadata.contact.email"; + public static final String CONFIG_PROPS_METADATA_ORGANISATION_NAME = + CONFIG_PROPS_PREFIX + "metadata.organisation.name"; + public static final String CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME = + CONFIG_PROPS_PREFIX + "metadata.organisation.friendyname"; + public static final String CONFIG_PROPS_METADATA_ORGANISATION_URL = + CONFIG_PROPS_PREFIX + "metadata.organisation.url"; + + public static final String CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL = "auth.eidas.node.entityId"; + + public static final String CONFIG_PROPS_SEMPER_MANDATES_ACTIVE = CONFIG_PROPS_PREFIX + + "semper.mandates.active"; + public static final String CONFIG_PROPS_SEMPER_MANDATES_MS_PROXY_LIST = CONFIG_PROPS_PREFIX + + "semper.msproxy.list"; + + public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EaafConstants.EIDAS_LOA_HIGH; + + @Deprecated + public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES_WITHOUT_EID = + Collections.unmodifiableList(new ArrayList>() { + private static final long serialVersionUID = 1L; + { + // add PVP Version attribute + add(Triple.newInstance(PvpAttributeDefinitions.PVP_VERSION_NAME, + PvpAttributeDefinitions.PVP_VERSION_FRIENDLY_NAME, true)); + + // request entity information + add(Triple.newInstance(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, + PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, + PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true)); + add(Triple.newInstance(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, + PvpAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, true)); + + // entity eID information + add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME, + AhExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, false)); + add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME, + AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, false)); + + // Deprecated information + add(Triple.newInstance(PvpAttributeDefinitions.GIVEN_NAME_NAME, + PvpAttributeDefinitions.GIVEN_NAME_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, + PvpAttributeDefinitions.PRINCIPAL_NAME_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.BIRTHDATE_NAME, + PvpAttributeDefinitions.BIRTHDATE_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.BPK_NAME, PvpAttributeDefinitions.BPK_FRIENDLY_NAME, + false)); + add(Triple.newInstance(PvpAttributeDefinitions.EID_IDENTITY_LINK_NAME, + PvpAttributeDefinitions.EID_IDENTITY_LINK_FRIENDLY_NAME, false)); + + //request pII transactionId from MS-Connector + add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, + ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_FRIENDLY_NAME, false)); + + } + }); + + public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES = + Collections.unmodifiableList(new ArrayList>() { + private static final long serialVersionUID = 1L; + { + // add PVP Version attribute + add(Triple.newInstance(PvpAttributeDefinitions.PVP_VERSION_NAME, + PvpAttributeDefinitions.PVP_VERSION_FRIENDLY_NAME, true)); + + // entity metadata information + add(Triple.newInstance(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, + PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true)); + add(Triple.newInstance(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, + PvpAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, true)); + + // entity eID information + add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME, + AhExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, true)); + add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME, + AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, true)); + + //request pII transactionId from MS-Connector + add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, + ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_FRIENDLY_NAME, false)); + + } + }); + + public static final List DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES = + Collections.unmodifiableList(new ArrayList() { + private static final long serialVersionUID = 1L; + { + for (final Triple el : DEFAULT_REQUIRED_PVP_ATTRIBUTES) { + add(el.getFirst()); + } + } + }); + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthCredentialProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthCredentialProvider.java new file mode 100644 index 00000000..1aa85e71 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthCredentialProvider.java @@ -0,0 +1,130 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; + +import org.springframework.beans.factory.annotation.Autowired; + +/** + * Credential provider for eIDAS PVP S-Profile client. + * + * @author tlenz + * + */ +public class IdAustriaClientAuthCredentialProvider extends AbstractCredentialProvider { + + @Autowired + IConfiguration authConfig; + + private static final String FRIENDLYNAME = "eIDAS centrial authentication"; + + @Override + public KeyStoreConfiguration getBasicKeyStoreConfig() throws EaafConfigurationException { + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setFriendlyName(FRIENDLYNAME); + keyStoreConfig.setKeyStoreType( + authConfig.getBasicConfiguration(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_TYPE, + KeyStoreType.PKCS12.getKeyStoreType())); + keyStoreConfig.setKeyStoreName( + authConfig.getBasicConfiguration(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_NAME)); + keyStoreConfig.setSoftKeyStoreFilePath(getKeyStoreFilePath()); + keyStoreConfig.setSoftKeyStorePassword( + authConfig.getBasicConfiguration(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PASSWORD)); + + return keyStoreConfig; + + } + + private String getKeyStoreFilePath() throws EaafConfigurationException { + final String path = authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH); + if (path == null) { + throw new EaafConfigurationException("module.eidasauth.00", + new Object[] { IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH }); + + } + return path; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getMetadataKeyAlias() + */ + @Override + public String getMetadataKeyAlias() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getMetadataKeyPassword() + */ + @Override + public String getMetadataKeyPassword() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getSignatureKeyAlias() + */ + @Override + public String getSignatureKeyAlias() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getSignatureKeyPassword() + */ + @Override + public String getSignatureKeyPassword() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getEncryptionKeyAlias() + */ + @Override + public String getEncryptionKeyAlias() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getEncryptionKeyPassword() + */ + @Override + public String getEncryptionKeyPassword() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataConfiguration.java new file mode 100644 index 00000000..4b5861e9 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataConfiguration.java @@ -0,0 +1,471 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; + + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Triple; +import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; + +import org.opensaml.saml.saml2.core.Attribute; +import org.opensaml.saml.saml2.core.NameIDType; +import org.opensaml.saml.saml2.metadata.ContactPerson; +import org.opensaml.saml.saml2.metadata.Organization; +import org.opensaml.saml.saml2.metadata.RequestedAttribute; +import org.opensaml.security.credential.Credential; + +import lombok.extern.slf4j.Slf4j; + +/** + * Configuration object to generate PVP S-Profile metadata for SAML2 client. + * + * @author tlenz + * + */ +@Slf4j +public class IdAustriaClientAuthMetadataConfiguration implements IPvpMetadataBuilderConfiguration { + + private Collection additionalAttributes = null; + + private final String authUrl; + private final IdAustriaClientAuthCredentialProvider credentialProvider; + private final IPvp2BasicConfiguration pvpConfiguration; + + /** + * Configuration object to create PVP2 S-Profile metadata information. + * + * @param authUrl Public URL prefix of the application + * @param credentialProvider Credentials used by PVP2 S-Profile end-point + * @param pvpConfiguration Basic PVP2 S-Profile end-point configuration + */ + public IdAustriaClientAuthMetadataConfiguration(String authUrl, + IdAustriaClientAuthCredentialProvider credentialProvider, + IPvp2BasicConfiguration pvpConfiguration) { + this.authUrl = authUrl; + this.credentialProvider = credentialProvider; + this.pvpConfiguration = pvpConfiguration; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getMetadataValidUntil() + */ + @Override + public int getMetadataValidUntil() { + return IdAustriaClientAuthConstants.METADATA_VALIDUNTIL_IN_HOURS; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * buildEntitiesDescriptorAsRootElement() + */ + @Override + public boolean buildEntitiesDescriptorAsRootElement() { + return false; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * buildIDPSSODescriptor() + */ + @Override + public boolean buildIdpSsoDescriptor() { + return false; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * buildSPSSODescriptor() + */ + @Override + public boolean buildSpSsoDescriptor() { + return true; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getEntityIDPostfix() + */ + @Override + public String getEntityID() { + return authUrl + IdAustriaClientAuthConstants.ENDPOINT_METADATA; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getEntityFriendlyName() + */ + @Override + public String getEntityFriendlyName() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getContactPersonInformation() + */ + @Override + public List getContactPersonInformation() { + try { + return pvpConfiguration.getIdpContacts(); + + } catch (final EaafException e) { + log.warn("Can not load Metadata entry: Contect Person", e); + return null; + + } + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getOrgansiationInformation() + */ + @Override + public Organization getOrgansiationInformation() { + try { + return pvpConfiguration.getIdpOrganisation(); + + } catch (final EaafException e) { + log.warn("Can not load Metadata entry: Organisation", e); + return null; + + } + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getMetadataSigningCredentials() + */ + @Override + public EaafX509Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getMetaDataSigningCredential(); + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getRequestorResponseSigningCredentials() + */ + @Override + public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getMessageSigningCredential(); + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getEncryptionCredentials() + */ + @Override + public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getMessageEncryptionCredential(); + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPWebSSOPostBindingURL() + */ + @Override + public String getIdpWebSsoPostBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPWebSSORedirectBindingURL() + */ + @Override + public String getIdpWebSsoRedirectBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPSLOPostBindingURL() + */ + @Override + public String getIdpSloPostBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPSLORedirectBindingURL() + */ + @Override + public String getIdpSloRedirectBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPAssertionConsumerServicePostBindingURL() + */ + @Override + public String getSpAssertionConsumerServicePostBindingUrl() { + return authUrl + IdAustriaClientAuthConstants.ENDPOINT_POST; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPAssertionConsumerServiceRedirectBindingURL() + */ + @Override + public String getSpAssertionConsumerServiceRedirectBindingUrl() { + return authUrl + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPSLOPostBindingURL() + */ + @Override + public String getSpSloPostBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPSLORedirectBindingURL() + */ + @Override + public String getSpSloRedirectBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPSLOSOAPBindingURL() + */ + @Override + public String getSpSloSoapBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPPossibleAttributes() + */ + @Override + public List getIdpPossibleAttributes() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPPossibleNameITTypes() + */ + @Override + public List getIdpPossibleNameIdTypes() { + return null; + } + + + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPRequiredAttributes() + */ + @Override + public Collection getSpRequiredAttributes() { + final Map requestedAttributes = new HashMap<>(); + + if (pvpConfiguration.getBasicConfiguration().getBasicConfigurationBoolean( + AuthHandlerConstants.PROP_CONFIG_LEGACY_ALLOW, false)) { + log.trace("Build required attributes for legacy operaton ... "); + injectDefinedAttributes(requestedAttributes, + IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES_WITHOUT_EID); + + } else { + log.trace("Build required attributes for E-ID operaton ... "); + injectDefinedAttributes(requestedAttributes, + IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES); + + } + + if (additionalAttributes != null) { + log.trace("Add additional PVP attributes into metadata ... "); + for (final RequestedAttribute el : additionalAttributes) { + if (requestedAttributes.containsKey(el.getName())) { + log.debug("Attribute " + el.getName() + + " is already added by default configuration. Overwrite it by user configuration"); + } + + requestedAttributes.put(el.getName(), el); + + } + } + + return requestedAttributes.values(); + + } + + + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPAllowedNameITTypes() + */ + @Override + public List getSpAllowedNameIdTypes() { + return Arrays.asList(NameIDType.PERSISTENT); + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPMetadataBuilderConfiguration#getSPNameForLogging() + */ + @Override + public String getSpNameForLogging() { + return IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPMetadataBuilderConfiguration#wantAssertionSigned() + */ + @Override + public boolean wantAssertionSigned() { + return false; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned() + */ + @Override + public boolean wantAuthnRequestSigned() { + return true; + } + + /** + * Add additonal PVP attributes that are required by this deployment. + * + * @param additionalAttr List of PVP attribute name and isRequired flag + */ + public void setAdditionalRequiredAttributes(List> additionalAttr) { + if (additionalAttr != null && !additionalAttr.isEmpty()) { + additionalAttributes = new ArrayList<>(); + for (final Pair el : additionalAttr) { + final Attribute attributBuilder = PvpAttributeBuilder.buildEmptyAttribute(el.getFirst()); + if (attributBuilder != null) { + additionalAttributes.add( + PvpAttributeBuilder.buildReqAttribute( + attributBuilder.getName(), + attributBuilder.getFriendlyName(), + el.getSecond())); + + } else { + log.info("NO PVP attribute with name: " + el.getFirst()); + } + + } + } + } + + private void injectDefinedAttributes(Map requestedAttributes, + List> attributes) { + for (final Triple el : attributes) { + requestedAttributes.put(el.getFirst(), PvpAttributeBuilder.buildReqAttribute(el.getFirst(), el + .getSecond(), el.getThird())); + + } + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataController.java new file mode 100644 index 00000000..87886397 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataController.java @@ -0,0 +1,149 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; + + +import java.io.IOException; +import java.net.MalformedURLException; +import java.net.URL; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.http.HttpUtils; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import com.google.common.net.MediaType; +import lombok.extern.slf4j.Slf4j; + +/** + * Controller that generates SAML2 metadata for eIDAS authentication client. + * + * @author tlenz + * + */ +@Slf4j +@Controller +public class IdAustriaClientAuthMetadataController extends AbstractController { + + private static final String ERROR_CODE_INTERNAL_00 = "eaaf.core.00"; + + @Autowired + PvpMetadataBuilder metadatabuilder; + @Autowired + IdAustriaClientAuthCredentialProvider credentialProvider; + @Autowired + IPvp2BasicConfiguration pvpConfiguration; + + /** + * Default construction with logging. + * + */ + public IdAustriaClientAuthMetadataController() { + super(); + log.debug("Registering servlet " + getClass().getName() + + " with mappings '" + IdAustriaClientAuthConstants.ENDPOINT_METADATA + + "'."); + + } + + /** + * End-point that produce PVP2 metadata for eIDAS authentication client. + * + * @param req http Request + * @param resp http Response + * @throws IOException In case of an I/O error + * @throws EaafException In case of a metadata generation error + */ + @RequestMapping(value = IdAustriaClientAuthConstants.ENDPOINT_METADATA, + method = { RequestMethod.GET }) + public void getSpMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException, + EaafException { + // check PublicURL prefix + try { + final String authUrl = getAuthUrlFromHttpContext(req); + + // initialize metadata builder configuration + final IdAustriaClientAuthMetadataConfiguration metadataConfig = + new IdAustriaClientAuthMetadataConfiguration(authUrl, credentialProvider, pvpConfiguration); + metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes()); + + // build metadata + final String xmlMetadata = metadatabuilder.buildPvpMetadata(metadataConfig); + + // write response + final byte[] content = xmlMetadata.getBytes("UTF-8"); + resp.setStatus(HttpServletResponse.SC_OK); + resp.setContentLength(content.length); + resp.setContentType(MediaType.XML_UTF_8.toString()); + resp.getOutputStream().write(content); + + } catch (final Exception e) { + log.warn("Build federated-authentication PVP metadata FAILED.", e); + protAuthService.handleErrorNoRedirect(e, req, resp, false); + + } + + } + + private String getAuthUrlFromHttpContext(HttpServletRequest req) throws EaafException { + // check if End-Point is valid + final String authUrlString = HttpUtils.extractAuthUrlFromRequest(req); + URL authReqUrl; + try { + authReqUrl = new URL(authUrlString); + + } catch (final MalformedURLException e) { + log.warn("Requested URL: {} is not a valid URL.", authUrlString); + throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString }, e); + + } + + final String idpAuthUrl = authConfig.validateIdpUrl(authReqUrl); + if (idpAuthUrl == null) { + log.warn("Requested URL: {} is NOT found in configuration.", authReqUrl); + throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString }); + + } + + return idpAuthUrl; + } + + private List> getAdditonalRequiredAttributes() { + final List> result = new ArrayList<>(); + + // load attributes from configuration + final Map addReqAttributes = authConfig.getBasicConfigurationWithPrefix( + IdAustriaClientAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST); + for (final String el : addReqAttributes.values()) { + if (StringUtils.isNotEmpty(el)) { + log.trace("Parse additional attr. definition: " + el); + final List attr = KeyValueUtils.getListOfCsvValues(el.trim()); + if (attr.size() == 2) { + result.add(Pair.newInstance(attr.get(0), Boolean.parseBoolean(attr.get(1)))); + + } else { + log.info("IGNORE additional attr. definition: " + el + + " Reason: Format not valid"); + } + } + } + + return result; + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataProvider.java new file mode 100644 index 00000000..c0bfa290 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataProvider.java @@ -0,0 +1,169 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; + +import java.io.IOException; +import java.security.KeyStore; +import java.security.Provider; +import java.security.cert.CertificateException; +import java.text.MessageFormat; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import javax.annotation.PostConstruct; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml.metadata.resolver.MetadataResolver; +import org.opensaml.saml.metadata.resolver.filter.MetadataFilter; +import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain; +import org.springframework.beans.factory.annotation.Autowired; + +import lombok.extern.slf4j.Slf4j; + +/** + * SAML2 metadata-provider implementation for eIDAS client. + * + * @author tlenz + * + */ +@Slf4j +public class IdAustriaClientAuthMetadataProvider extends AbstractChainingMetadataProvider { + + private static final String FRIENDLYNAME_METADATA_TRUSTSTORE = "'eIDAS_client metadata truststore'"; + private static final String PROVIDER_ID_PATTERN = "eIDAS resolver: {0}"; + public static final String PROVIDER_ID = "'eIDAS_client metadata provider'"; + + @Autowired + private IConfiguration basicConfig; + + @Autowired + private PvpMetadataResolverFactory metadataProviderFactory; + @Autowired + private IHttpClientFactory httpClientFactory; + + @Autowired + private EaafKeyStoreFactory keyStoreFactory; + + private Pair metadataSigningTrustStore; + + @Override + protected String getMetadataUrl(String entityId) throws EaafConfigurationException { + log.trace("eIDAS Auth. uses SAML2 well-known location approach. EntityId is Metadata-URL"); + return entityId; + + } + + @Override + protected MetadataResolver createNewMetadataProvider(String entityId) throws EaafConfigurationException, + IOException, CertificateException { + final List filterList = new ArrayList<>(); + filterList.add(new SchemaValidationFilter(true)); + filterList.add(new SimpleMetadataSignatureVerificationFilter( + metadataSigningTrustStore.getFirst(), entityId)); + + final MetadataFilterChain filter = new MetadataFilterChain(); + filter.setFilters(filterList); + + try { + return metadataProviderFactory.createMetadataProvider(getMetadataUrl(entityId), + filter, + MessageFormat.format(PROVIDER_ID_PATTERN, entityId), + httpClientFactory.getHttpClient()); + + } catch (final Pvp2MetadataException e) { + log.info("Can NOT build metadata provider for entityId: {}", entityId); + throw new EaafConfigurationException("module.eidasauth.04", + new Object[] { entityId, e.getMessage() }, e); + + } + } + + @Override + protected List getAllMetadataUrlsFromConfiguration() throws EaafConfigurationException { + return Collections.emptyList(); + + } + + @Override + protected String getMetadataProviderId() { + return PROVIDER_ID; + + } + + @Override + public void runGarbageCollector() { + log.trace("Garbage collection is NOT supported by: {}", getId()); + } + + @Override + public void doDestroy() { + super.fullyDestroy(); + + } + + @PostConstruct + private void initialize() throws EaafException { + // initialize truststore to validate metadata signing certificates + initializeTrustStore(); + + // load metadata with metadataURL, as backup + initializeFileSystemMetadata(); + + } + + private void initializeFileSystemMetadata() { + try { + final String metadataUrl = basicConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_METADATAURL); + if (StringUtils.isNotEmpty(metadataUrl)) { + log.info("Use not recommended metadata-provider initialization!" + + " SAML2 'Well-Known-Location' is the preferred methode."); + log.info("Initialize 'ms-specific eIDAS node' metadata-provider with URL: {}", metadataUrl); + + addMetadataResolverIntoChain(createNewMetadataProvider(metadataUrl)); + } + + } catch (final EaafConfigurationException | CertificateException | IOException e) { + log.warn("Can NOT inject static eIDAS Node metadata-soure.", e); + log.warn("eIDAS Node communication can be FAIL."); + + } + } + + private void initializeTrustStore() throws EaafException { + // set configuration + final KeyStoreConfiguration trustStoreConfig = new KeyStoreConfiguration(); + trustStoreConfig.setFriendlyName(FRIENDLYNAME_METADATA_TRUSTSTORE); + trustStoreConfig.setKeyStoreType(basicConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_TYPE, + KeyStoreType.JKS.getKeyStoreType())); + trustStoreConfig.setKeyStoreName(basicConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_NAME)); + trustStoreConfig.setSoftKeyStoreFilePath(basicConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_PATH)); + trustStoreConfig.setSoftKeyStorePassword(basicConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_PASSWORD)); + + // validate configuration + trustStoreConfig.validate(); + + // open new TrustStore + metadataSigningTrustStore = keyStoreFactory.buildNewKeyStore(trustStoreConfig); + + } + +} + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthRequestBuilderConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthRequestBuilderConfiguration.java new file mode 100644 index 00000000..ddaf872d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthRequestBuilderConfiguration.java @@ -0,0 +1,300 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; + +import java.util.List; + +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation; + +import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration; +import org.opensaml.saml.saml2.core.NameIDType; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.w3c.dom.Element; + +public class IdAustriaClientAuthRequestBuilderConfiguration implements IPvpAuthnRequestBuilderConfiguruation { + + private boolean isPassive; + private String spEntityId; + private String qaaLevel; + private EntityDescriptor idpEntity; + private EaafX509Credential signCred; + private String scopeRequesterId; + private String providerName; + private List requestedAttributes; + private String reqId; + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#isPassivRequest() + */ + @Override + public Boolean isPassivRequest() { + return this.isPassive; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getAssertionConsumerServiceId() + */ + @Override + public Integer getAssertionConsumerServiceId() { + return 0; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getEntityID() + */ + @Override + public String getSpEntityID() { + return this.spEntityId; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() + */ + @Override + public String getNameIdPolicyFormat() { + return NameIDType.PERSISTENT; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() + */ + @Override + public boolean getNameIdPolicyAllowCreation() { + return true; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getAuthnContextClassRef() + */ + @Override + public String getAuthnContextClassRef() { + return this.qaaLevel; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getAuthnContextComparison() + */ + @Override + public AuthnContextComparisonTypeEnumeration getAuthnContextComparison() { + return AuthnContextComparisonTypeEnumeration.MINIMUM; + } + + /** + * Set isPassive flag in SAML2 request. + * + * @param isPassive the isPassive to set. + */ + public void setPassive(boolean isPassive) { + this.isPassive = isPassive; + } + + /** + * Set the requester EntityId. + * + * @param spEntityId EntityId of SP + */ + public void setSpEntityID(String spEntityId) { + this.spEntityId = spEntityId; + } + + /** + * Set required LoA. + * + * @param loa the LoA to set. + */ + public void setRequestedLoA(String loa) { + qaaLevel = loa; + } + + /** + * Set EntityId of IDP. + * + * @param idpEntity the idpEntity to set. + */ + public void setIdpEntity(EntityDescriptor idpEntity) { + this.idpEntity = idpEntity; + } + + /** + * Set message signing credentials. + * + * @param signCred the signCred to set. + */ + public void setSignCred(EaafX509Credential signCred) { + this.signCred = signCred; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getAuthnRequestSigningCredential() + */ + @Override + public EaafX509Credential getAuthnRequestSigningCredential() { + return this.signCred; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getIDPEntityDescriptor() + */ + @Override + public EntityDescriptor getIdpEntityDescriptor() { + return this.idpEntity; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSubjectNameID() + */ + @Override + public String getSubjectNameID() { + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSPNameForLogging() + */ + @Override + public String getSpNameForLogging() { + return IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDFormat() + */ + @Override + public String getSubjectNameIdFormat() { + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getRequestID() + */ + @Override + public String getRequestID() { + return this.reqId; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDQualifier() + */ + @Override + public String getSubjectNameIdQualifier() { + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationMethode() + */ + @Override + public String getSubjectConformationMethode() { + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationDate() + */ + @Override + public Element getSubjectConformationDate() { + return null; + } + + @Override + public List getRequestedAttributes() { + return this.requestedAttributes; + + } + + @Override + public String getProviderName() { + return this.providerName; + } + + @Override + public String getScopeRequesterId() { + return this.scopeRequesterId; + } + + /** + * Set the entityId of the SP that requests the proxy for eIDAS authentication. + * + * @param scopeRequesterId RequestId in SAML2 Proxy extension + */ + public void setScopeRequesterId(String scopeRequesterId) { + this.scopeRequesterId = scopeRequesterId; + } + + /** + * Set a friendlyName for the SP that requests the proxy for eIDAS + * authentication. + * + * @param providerName SAML2 provider-name attribute-value + */ + public void setProviderName(String providerName) { + this.providerName = providerName; + } + + /** + * Set a Set of PVP attributes that a requested by using requested attributes. + * + * @param requestedAttributes Requested SAML2 attributes + */ + public void setRequestedAttributes(List requestedAttributes) { + this.requestedAttributes = requestedAttributes; + } + + /** + * Set a RequestId for this Authn. Request. + * + * @param reqId SAML2 message requestId + */ + public void setRequestId(String reqId) { + this.reqId = reqId; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AhExtendedPvpAttributeDefinitions.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AhExtendedPvpAttributeDefinitions.java deleted file mode 100644 index af9a2972..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AhExtendedPvpAttributeDefinitions.java +++ /dev/null @@ -1,24 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; - -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class AhExtendedPvpAttributeDefinitions implements ExtendedPvpAttributeDefinitions { - private static final Logger log = - LoggerFactory.getLogger(AhExtendedPvpAttributeDefinitions.class); - - private AhExtendedPvpAttributeDefinitions() { - log.trace("Instance class: {} for SonarQube", - AhExtendedPvpAttributeDefinitions.class.getName()); - - } - - public static final String EID_BCBIND_NAME = "urn:eidgvat:attributes.bcbind"; - public static final String EID_BCBIND_FRIENDLY_NAME = "bcBind"; - - public static final String EID_BINDING_PUBKEY_NAME = "urn:eidgvat:attributes.binding.pubkey"; - public static final String EID_BINDING_PUBKEY_FRIENDLY_NAME = "BindingPubKey"; - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AuthHandlerConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AuthHandlerConstants.java deleted file mode 100644 index 60219759..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/AuthHandlerConstants.java +++ /dev/null @@ -1,141 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; - - -public class AuthHandlerConstants { - - private AuthHandlerConstants() { - - } - - // TODO: maybe update to another target - public static final String DEFAULT_INTERNAL_BPK_TARGET = "urn:publicid:gv.at:cdid+ZP-MH"; - - // configuration parameters - public static final String PROP_CONFIG_APPLICATION_PREFIX = "authhandler."; - public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX = "core.context.url.prefix"; - public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION = - "core.context.url.request.validation"; - public static final String PROP_CONFIG_LEGACY_ALLOW = "core.legacy.allowLegacyMode"; - - public static final String PROP_CONFIG_WEBCONTENT_STATIC_PATH = - "core.webcontent.static.directory"; - public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH = "core.webcontent.templates"; - public static final String PROP_CONFIG_WEBCONTENT_PROPERTIES_PATH = "core.webcontent.properties"; - - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_NAME = "core.cache.transaction.name"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_ENABLED = - "core.cache.transaction.encryption.enabled"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEY_TYPE = - "core.cache.transaction.encryption.type"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_PASSPHRASE = - "core.cache.transaction.encryption.passphrase"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_SALT = - "core.cache.transaction.encryption.salt"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEYSTORE_NAME = - "core.cache.transaction.encryption.keystore.name"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEY_ALIAS = - "core.cache.transaction.encryption.key.alias"; - - public static final String PROP_CONFIG_CACHE_ATTRIBUTEPROXY_NAME = - "core.cache.attributeproxy.name"; - - public static final String PROP_CONFIG_BACKEND_ENDPOINT_GETALLSUPPORTEDATTRIBUTES = - "backend.endpoints.getallsupportedattributes"; - public static final String PROP_CONFIG_BACKEND_ENDPOINT_GETAPPLICATIONCONFIGURATION = - "backend.endpoints.getapplicationconfiguration"; - - public static final String PROP_CONFIG_INTERNAL_BPK_TARGET = "core.internal.bpk.target"; - - public static final String PROP_CONFIG_INTERNAL_FRONTEND_ONLY_MODE = "core.internal.frontend.only.mode"; - public static final boolean PROP_DEFAULT_CONFIG_INTERNAL_FRONTEND_ONLY_MODE = false; - - // Servlet End-Points - public static final String ENDPOINT_PROCESSENGINE_CONTROLLER = "/api/process"; - public static final String ENDPOINT_ERROR_IFRAME_HOPPING = "/error/parenthop"; - - - // GUI template directories - public static final String CLASSPATH_TEMPLATE_DIR = "/templates/"; - public static final String FILESYSTEM_TEMPLATE_DIR = "./templates/"; - public static final String TEMPLATE_HTML_ERROR = "error_message.html"; - - // GUI template defaultfiles - public static final String TEMPLATE_AUTHPROCESS_SELECTION_VDA_FULLFRAME = "authSelection.html"; - public static final String TEMPLATE_AUTHPROCESS_SELECTION_VDA_IFRAME = "authSelection_iframe.html"; - public static final String TEMPLATE_USER_CONSENT_REQUEST = "userConsent.html"; - public static final String TEMPLATE_IFRAME_TO_PARENT_HOPE = "iframe_parent_hope.html"; - public static final String TEMPLATE_MANDATE_SELECTION = "mandateSelection.html"; - public static final String TEMPLATE_PROF_REP_MANDATE_SELECTION = "profRepMandateSelection.html"; - public static final String TEMPLATE_MANDATE_SELECTION_DUMMY = "mandateSelection_dummy.html"; - - - - // http request parameters - public static final String HTTP_PARAM_APPLICATION_ID = "appId"; - public static final String HTTP_PARAM_STOP_PROCESS = "stopAuthProcess"; - public static final String HTTP_PARAM_EIDAS_PROCESS = "useeIDAS"; - public static final String HTTP_PARAM_EID_PROCESS = "useeID"; - public static final String HTTP_PARAM_EID_BINDING_AUTH_PROCESS = "useBindingAuth"; - public static final String HTTP_PARAM_USE_MANDATES = "useMandate"; - public static final String HTTP_PARAM_AUTHMETHOD = "authMethod"; - public static final String HTTP_PARAM_CONSENT_RELEASE_ATTRIBUTES = "releaseAttributes"; - public static final String HTTP_PARAM_CONSENT_STORE_CONSENT = "storeConsent"; - - @Deprecated - public static final String HTTP_PARAM_EIDMIGRATIONPILOT_PROCESS = "pilotMigration"; - @Deprecated - public static final String HTTP_PARAM_EIDMIGRATIONPILOT_SHOW_INFO_PAGE = "pilotMigrationInfoPage"; - @Deprecated - public static final String HTTP_PARAM_MOBILESIGNATURE_PROCESS = "usemobileSig"; - - // UI options - public static final String UI_PARAM_USE_MANDATES = HTTP_PARAM_USE_MANDATES; - public static final String UI_PARAM_USE_ONLY_MANDATES = "useOnlyMandate"; - public static final String UI_PARAM_USE_EIDAS = HTTP_PARAM_EIDAS_PROCESS; - public static final String UI_PARAM_DSGVO_SHORT_INFO = "dsgvoShortText"; - public static final String UI_PARAM_DSGVO_SP_PRIVACY_STATEMENT_URL = "dsgvoPrivacyStatementUrl"; - public static final String UI_PARAM_DSGVO_SP_SERVICE_URL = "dsgvoServiceUrl"; - public static final String UI_PARAM_DSGVO_SP_LOGO = "dsgvoSpLogo"; - public static final String UI_PARAM_DSGVO_SP_LOGO_SET = "dsgvoSpLogoSet"; - public static final String UI_PARAM_DSGVO_SP_LOGO_SET_DATAURL = "dataUrl"; - public static final String UI_PARAM_DSGVO_SP_LOGO_SET_THEME = "theme"; - public static final String UI_PARAM_DSGVO_SP_LOGO_SET_RESOLUTION = "resolution"; - public static final String UI_PARAM_DSGVO_SP_LOGO_SET_TYPE = "type"; - - public enum LogoType { SVG, PNG, UNKNOWN } - - public enum AuthBlockType { - CADES("CAdES"), JWS("JWS"), NONE("none"); - - private final String internalType; - - AuthBlockType(final String type) { - this.internalType = type; - - } - - /** - * Get Type identifier for this AuthBlock. - * - * @return - */ - public String getAuthBlockType() { - return this.internalType; - } - - @Override - public String toString() { - return getAuthBlockType(); - - } - } - - // process context parameters - public static final String PROCESSCONTEXT_USERCONSENT_NEEDED = "userConsentNeeded"; - public static final String PROCESSCONTEXT_AUTHPROCESSSELECTION_DONE = "authProcSelectDone"; - public static final String PROCESSCONTEXT_SWITCH_LANGUAGE = "changeLanguage"; - public static final String PROCESSCONTEXT_IFRAME_PARENT_NEEDED = "iframeParentNeeded"; - - public static final String PROCESSCONTEXT_WAS_EID_PROCESS = "wasEidProcess"; - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthConstants.java deleted file mode 100644 index ef7f667c..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthConstants.java +++ /dev/null @@ -1,166 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; - - -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.impl.data.Triple; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; - - -public class EidasCentralAuthConstants { - - private EidasCentralAuthConstants() { - - } - - public static final String SAML2_STATUSCODE_USERSTOP = "1005"; - - public static final String MODULE_NAME_FOR_LOGGING = "eIDAS central authentication"; - - public static final int METADATA_VALIDUNTIL_IN_HOURS = 24; - - // public static final String HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION = - // AuthHandlerConstants.HTTP_PARAM_EIDAS_PROCESS; - - public static final String ENDPOINT_POST = "/sp/eidas/post"; - public static final String ENDPOINT_REDIRECT = "/sp/eidas/redirect"; - public static final String ENDPOINT_METADATA = "/sp/eidas/metadata"; - - public static final String CONFIG_PROPS_PREFIX = "modules.eidascentralauth."; - public static final String CONFIG_PROPS_KEYSTORE_TYPE = CONFIG_PROPS_PREFIX + "keystore.type"; - public static final String CONFIG_PROPS_KEYSTORE_NAME = CONFIG_PROPS_PREFIX + "keystore.name"; - public static final String CONFIG_PROPS_KEYSTORE_PATH = CONFIG_PROPS_PREFIX + "keystore.path"; - public static final String CONFIG_PROPS_KEYSTORE_PASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; - public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX - + "metadata.sign.password"; - public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS = CONFIG_PROPS_PREFIX - + "metadata.sign.alias"; - public static final String CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD = CONFIG_PROPS_PREFIX - + "request.sign.password"; - public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS = CONFIG_PROPS_PREFIX - + "request.sign.alias"; - public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX - + "response.encryption.password"; - public static final String CONFIG_PROPS_ENCRYPTION_ALIAS = CONFIG_PROPS_PREFIX - + "response.encryption.alias"; - - public static final String CONFIG_PROPS_TRUSTSTORE_TYPE = CONFIG_PROPS_PREFIX + "truststore.type"; - public static final String CONFIG_PROPS_TRUSTSTORE_NAME = CONFIG_PROPS_PREFIX + "truststore.name"; - public static final String CONFIG_PROPS_TRUSTSTORE_PATH = CONFIG_PROPS_PREFIX + "truststore.path"; - public static final String CONFIG_PROPS_TRUSTSTORE_PASSWORD = CONFIG_PROPS_PREFIX + "truststore.password"; - - public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX - + "required.additional.attributes"; - public static final String CONFIG_PROPS_REQUIRED_LOA = CONFIG_PROPS_PREFIX - + "required.loa"; - public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "node.entityId"; - public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "node.metadataUrl"; - public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID"; - - - public static final String CONFIG_PROPS_METADATA_CONTACT_GIVENNAME = - CONFIG_PROPS_PREFIX + "metadata.contact.givenname"; - public static final String CONFIG_PROPS_METADATA_CONTACT_SURNAME = - CONFIG_PROPS_PREFIX + "metadata.contact.surname"; - public static final String CONFIG_PROPS_METADATA_CONTACT_EMAIL = - CONFIG_PROPS_PREFIX + "metadata.contact.email"; - public static final String CONFIG_PROPS_METADATA_ORGANISATION_NAME = - CONFIG_PROPS_PREFIX + "metadata.organisation.name"; - public static final String CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME = - CONFIG_PROPS_PREFIX + "metadata.organisation.friendyname"; - public static final String CONFIG_PROPS_METADATA_ORGANISATION_URL = - CONFIG_PROPS_PREFIX + "metadata.organisation.url"; - - public static final String CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL = "auth.eidas.node.entityId"; - - public static final String CONFIG_PROPS_SEMPER_MANDATES_ACTIVE = CONFIG_PROPS_PREFIX - + "semper.mandates.active"; - public static final String CONFIG_PROPS_SEMPER_MANDATES_MS_PROXY_LIST = CONFIG_PROPS_PREFIX - + "semper.msproxy.list"; - - public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EaafConstants.EIDAS_LOA_HIGH; - - @Deprecated - public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES_WITHOUT_EID = - Collections.unmodifiableList(new ArrayList>() { - private static final long serialVersionUID = 1L; - { - // add PVP Version attribute - add(Triple.newInstance(PvpAttributeDefinitions.PVP_VERSION_NAME, - PvpAttributeDefinitions.PVP_VERSION_FRIENDLY_NAME, true)); - - // request entity information - add(Triple.newInstance(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, - PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false)); - add(Triple.newInstance(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, - PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true)); - add(Triple.newInstance(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, - PvpAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, true)); - - // entity eID information - add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME, - AhExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, false)); - add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME, - AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, false)); - - // Deprecated information - add(Triple.newInstance(PvpAttributeDefinitions.GIVEN_NAME_NAME, - PvpAttributeDefinitions.GIVEN_NAME_FRIENDLY_NAME, false)); - add(Triple.newInstance(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, - PvpAttributeDefinitions.PRINCIPAL_NAME_FRIENDLY_NAME, false)); - add(Triple.newInstance(PvpAttributeDefinitions.BIRTHDATE_NAME, - PvpAttributeDefinitions.BIRTHDATE_FRIENDLY_NAME, false)); - add(Triple.newInstance(PvpAttributeDefinitions.BPK_NAME, PvpAttributeDefinitions.BPK_FRIENDLY_NAME, - false)); - add(Triple.newInstance(PvpAttributeDefinitions.EID_IDENTITY_LINK_NAME, - PvpAttributeDefinitions.EID_IDENTITY_LINK_FRIENDLY_NAME, false)); - - //request pII transactionId from MS-Connector - add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, - ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_FRIENDLY_NAME, false)); - - } - }); - - public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES = - Collections.unmodifiableList(new ArrayList>() { - private static final long serialVersionUID = 1L; - { - // add PVP Version attribute - add(Triple.newInstance(PvpAttributeDefinitions.PVP_VERSION_NAME, - PvpAttributeDefinitions.PVP_VERSION_FRIENDLY_NAME, true)); - - // entity metadata information - add(Triple.newInstance(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, - PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true)); - add(Triple.newInstance(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, - PvpAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, true)); - - // entity eID information - add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME, - AhExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, true)); - add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME, - AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, true)); - - //request pII transactionId from MS-Connector - add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, - ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_FRIENDLY_NAME, false)); - - } - }); - - public static final List DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES = - Collections.unmodifiableList(new ArrayList() { - private static final long serialVersionUID = 1L; - { - for (final Triple el : DEFAULT_REQUIRED_PVP_ATTRIBUTES) { - add(el.getFirst()); - } - } - }); - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthCredentialProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthCredentialProvider.java deleted file mode 100644 index 81ef82ed..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthCredentialProvider.java +++ /dev/null @@ -1,130 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; - -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; - -import org.springframework.beans.factory.annotation.Autowired; - -/** - * Credential provider for eIDAS PVP S-Profile client. - * - * @author tlenz - * - */ -public class EidasCentralAuthCredentialProvider extends AbstractCredentialProvider { - - @Autowired - IConfiguration authConfig; - - private static final String FRIENDLYNAME = "eIDAS centrial authentication"; - - @Override - public KeyStoreConfiguration getBasicKeyStoreConfig() throws EaafConfigurationException { - final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); - keyStoreConfig.setFriendlyName(FRIENDLYNAME); - keyStoreConfig.setKeyStoreType( - authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE_TYPE, - KeyStoreType.PKCS12.getKeyStoreType())); - keyStoreConfig.setKeyStoreName( - authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE_NAME)); - keyStoreConfig.setSoftKeyStoreFilePath(getKeyStoreFilePath()); - keyStoreConfig.setSoftKeyStorePassword( - authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE_PASSWORD)); - - return keyStoreConfig; - - } - - private String getKeyStoreFilePath() throws EaafConfigurationException { - final String path = authConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE_PATH); - if (path == null) { - throw new EaafConfigurationException("module.eidasauth.00", - new Object[] { EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE_PATH }); - - } - return path; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getMetadataKeyAlias() - */ - @Override - public String getMetadataKeyAlias() { - return authConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getMetadataKeyPassword() - */ - @Override - public String getMetadataKeyPassword() { - return authConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getSignatureKeyAlias() - */ - @Override - public String getSignatureKeyAlias() { - return authConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getSignatureKeyPassword() - */ - @Override - public String getSignatureKeyPassword() { - return authConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getEncryptionKeyAlias() - */ - @Override - public String getEncryptionKeyAlias() { - return authConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getEncryptionKeyPassword() - */ - @Override - public String getEncryptionKeyPassword() { - return authConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD); - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataConfiguration.java deleted file mode 100644 index ca71807f..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataConfiguration.java +++ /dev/null @@ -1,471 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; - - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.data.Triple; -import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; - -import org.opensaml.saml.saml2.core.Attribute; -import org.opensaml.saml.saml2.core.NameIDType; -import org.opensaml.saml.saml2.metadata.ContactPerson; -import org.opensaml.saml.saml2.metadata.Organization; -import org.opensaml.saml.saml2.metadata.RequestedAttribute; -import org.opensaml.security.credential.Credential; - -import lombok.extern.slf4j.Slf4j; - -/** - * Configuration object to generate PVP S-Profile metadata for SAML2 client. - * - * @author tlenz - * - */ -@Slf4j -public class EidasCentralAuthMetadataConfiguration implements IPvpMetadataBuilderConfiguration { - - private Collection additionalAttributes = null; - - private final String authUrl; - private final EidasCentralAuthCredentialProvider credentialProvider; - private final IPvp2BasicConfiguration pvpConfiguration; - - /** - * Configuration object to create PVP2 S-Profile metadata information. - * - * @param authUrl Public URL prefix of the application - * @param credentialProvider Credentials used by PVP2 S-Profile end-point - * @param pvpConfiguration Basic PVP2 S-Profile end-point configuration - */ - public EidasCentralAuthMetadataConfiguration(String authUrl, - EidasCentralAuthCredentialProvider credentialProvider, - IPvp2BasicConfiguration pvpConfiguration) { - this.authUrl = authUrl; - this.credentialProvider = credentialProvider; - this.pvpConfiguration = pvpConfiguration; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getMetadataValidUntil() - */ - @Override - public int getMetadataValidUntil() { - return EidasCentralAuthConstants.METADATA_VALIDUNTIL_IN_HOURS; - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * buildEntitiesDescriptorAsRootElement() - */ - @Override - public boolean buildEntitiesDescriptorAsRootElement() { - return false; - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * buildIDPSSODescriptor() - */ - @Override - public boolean buildIdpSsoDescriptor() { - return false; - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * buildSPSSODescriptor() - */ - @Override - public boolean buildSpSsoDescriptor() { - return true; - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getEntityIDPostfix() - */ - @Override - public String getEntityID() { - return authUrl + EidasCentralAuthConstants.ENDPOINT_METADATA; - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getEntityFriendlyName() - */ - @Override - public String getEntityFriendlyName() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getContactPersonInformation() - */ - @Override - public List getContactPersonInformation() { - try { - return pvpConfiguration.getIdpContacts(); - - } catch (final EaafException e) { - log.warn("Can not load Metadata entry: Contect Person", e); - return null; - - } - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getOrgansiationInformation() - */ - @Override - public Organization getOrgansiationInformation() { - try { - return pvpConfiguration.getIdpOrganisation(); - - } catch (final EaafException e) { - log.warn("Can not load Metadata entry: Organisation", e); - return null; - - } - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getMetadataSigningCredentials() - */ - @Override - public EaafX509Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { - return credentialProvider.getMetaDataSigningCredential(); - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getRequestorResponseSigningCredentials() - */ - @Override - public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { - return credentialProvider.getMessageSigningCredential(); - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getEncryptionCredentials() - */ - @Override - public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { - return credentialProvider.getMessageEncryptionCredential(); - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getIDPWebSSOPostBindingURL() - */ - @Override - public String getIdpWebSsoPostBindingUrl() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getIDPWebSSORedirectBindingURL() - */ - @Override - public String getIdpWebSsoRedirectBindingUrl() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getIDPSLOPostBindingURL() - */ - @Override - public String getIdpSloPostBindingUrl() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getIDPSLORedirectBindingURL() - */ - @Override - public String getIdpSloRedirectBindingUrl() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getSPAssertionConsumerServicePostBindingURL() - */ - @Override - public String getSpAssertionConsumerServicePostBindingUrl() { - return authUrl + EidasCentralAuthConstants.ENDPOINT_POST; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getSPAssertionConsumerServiceRedirectBindingURL() - */ - @Override - public String getSpAssertionConsumerServiceRedirectBindingUrl() { - return authUrl + EidasCentralAuthConstants.ENDPOINT_REDIRECT; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getSPSLOPostBindingURL() - */ - @Override - public String getSpSloPostBindingUrl() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getSPSLORedirectBindingURL() - */ - @Override - public String getSpSloRedirectBindingUrl() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getSPSLOSOAPBindingURL() - */ - @Override - public String getSpSloSoapBindingUrl() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getIDPPossibleAttributes() - */ - @Override - public List getIdpPossibleAttributes() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getIDPPossibleNameITTypes() - */ - @Override - public List getIdpPossibleNameIdTypes() { - return null; - } - - - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getSPRequiredAttributes() - */ - @Override - public Collection getSpRequiredAttributes() { - final Map requestedAttributes = new HashMap<>(); - - if (pvpConfiguration.getBasicConfiguration().getBasicConfigurationBoolean( - AuthHandlerConstants.PROP_CONFIG_LEGACY_ALLOW, false)) { - log.trace("Build required attributes for legacy operaton ... "); - injectDefinedAttributes(requestedAttributes, - EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES_WITHOUT_EID); - - } else { - log.trace("Build required attributes for E-ID operaton ... "); - injectDefinedAttributes(requestedAttributes, - EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES); - - } - - if (additionalAttributes != null) { - log.trace("Add additional PVP attributes into metadata ... "); - for (final RequestedAttribute el : additionalAttributes) { - if (requestedAttributes.containsKey(el.getName())) { - log.debug("Attribute " + el.getName() - + " is already added by default configuration. Overwrite it by user configuration"); - } - - requestedAttributes.put(el.getName(), el); - - } - } - - return requestedAttributes.values(); - - } - - - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getSPAllowedNameITTypes() - */ - @Override - public List getSpAllowedNameIdTypes() { - return Arrays.asList(NameIDType.PERSISTENT); - - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPMetadataBuilderConfiguration#getSPNameForLogging() - */ - @Override - public String getSpNameForLogging() { - return EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPMetadataBuilderConfiguration#wantAssertionSigned() - */ - @Override - public boolean wantAssertionSigned() { - return false; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned() - */ - @Override - public boolean wantAuthnRequestSigned() { - return true; - } - - /** - * Add additonal PVP attributes that are required by this deployment. - * - * @param additionalAttr List of PVP attribute name and isRequired flag - */ - public void setAdditionalRequiredAttributes(List> additionalAttr) { - if (additionalAttr != null && !additionalAttr.isEmpty()) { - additionalAttributes = new ArrayList<>(); - for (final Pair el : additionalAttr) { - final Attribute attributBuilder = PvpAttributeBuilder.buildEmptyAttribute(el.getFirst()); - if (attributBuilder != null) { - additionalAttributes.add( - PvpAttributeBuilder.buildReqAttribute( - attributBuilder.getName(), - attributBuilder.getFriendlyName(), - el.getSecond())); - - } else { - log.info("NO PVP attribute with name: " + el.getFirst()); - } - - } - } - } - - private void injectDefinedAttributes(Map requestedAttributes, - List> attributes) { - for (final Triple el : attributes) { - requestedAttributes.put(el.getFirst(), PvpAttributeBuilder.buildReqAttribute(el.getFirst(), el - .getSecond(), el.getThird())); - - } - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataController.java deleted file mode 100644 index 90e1e674..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataController.java +++ /dev/null @@ -1,149 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; - - -import java.io.IOException; -import java.net.MalformedURLException; -import java.net.URL; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.http.HttpUtils; -import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; -import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; -import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder; - -import org.apache.commons.lang3.StringUtils; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -import com.google.common.net.MediaType; -import lombok.extern.slf4j.Slf4j; - -/** - * Controller that generates SAML2 metadata for eIDAS authentication client. - * - * @author tlenz - * - */ -@Slf4j -@Controller -public class EidasCentralAuthMetadataController extends AbstractController { - - private static final String ERROR_CODE_INTERNAL_00 = "eaaf.core.00"; - - @Autowired - PvpMetadataBuilder metadatabuilder; - @Autowired - EidasCentralAuthCredentialProvider credentialProvider; - @Autowired - IPvp2BasicConfiguration pvpConfiguration; - - /** - * Default construction with logging. - * - */ - public EidasCentralAuthMetadataController() { - super(); - log.debug("Registering servlet " + getClass().getName() - + " with mappings '" + EidasCentralAuthConstants.ENDPOINT_METADATA - + "'."); - - } - - /** - * End-point that produce PVP2 metadata for eIDAS authentication client. - * - * @param req http Request - * @param resp http Response - * @throws IOException In case of an I/O error - * @throws EaafException In case of a metadata generation error - */ - @RequestMapping(value = EidasCentralAuthConstants.ENDPOINT_METADATA, - method = { RequestMethod.GET }) - public void getSpMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException, - EaafException { - // check PublicURL prefix - try { - final String authUrl = getAuthUrlFromHttpContext(req); - - // initialize metadata builder configuration - final EidasCentralAuthMetadataConfiguration metadataConfig = - new EidasCentralAuthMetadataConfiguration(authUrl, credentialProvider, pvpConfiguration); - metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes()); - - // build metadata - final String xmlMetadata = metadatabuilder.buildPvpMetadata(metadataConfig); - - // write response - final byte[] content = xmlMetadata.getBytes("UTF-8"); - resp.setStatus(HttpServletResponse.SC_OK); - resp.setContentLength(content.length); - resp.setContentType(MediaType.XML_UTF_8.toString()); - resp.getOutputStream().write(content); - - } catch (final Exception e) { - log.warn("Build federated-authentication PVP metadata FAILED.", e); - protAuthService.handleErrorNoRedirect(e, req, resp, false); - - } - - } - - private String getAuthUrlFromHttpContext(HttpServletRequest req) throws EaafException { - // check if End-Point is valid - final String authUrlString = HttpUtils.extractAuthUrlFromRequest(req); - URL authReqUrl; - try { - authReqUrl = new URL(authUrlString); - - } catch (final MalformedURLException e) { - log.warn("Requested URL: {} is not a valid URL.", authUrlString); - throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString }, e); - - } - - final String idpAuthUrl = authConfig.validateIdpUrl(authReqUrl); - if (idpAuthUrl == null) { - log.warn("Requested URL: {} is NOT found in configuration.", authReqUrl); - throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString }); - - } - - return idpAuthUrl; - } - - private List> getAdditonalRequiredAttributes() { - final List> result = new ArrayList<>(); - - // load attributes from configuration - final Map addReqAttributes = authConfig.getBasicConfigurationWithPrefix( - EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST); - for (final String el : addReqAttributes.values()) { - if (StringUtils.isNotEmpty(el)) { - log.trace("Parse additional attr. definition: " + el); - final List attr = KeyValueUtils.getListOfCsvValues(el.trim()); - if (attr.size() == 2) { - result.add(Pair.newInstance(attr.get(0), Boolean.parseBoolean(attr.get(1)))); - - } else { - log.info("IGNORE additional attr. definition: " + el - + " Reason: Format not valid"); - } - } - } - - return result; - - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataProvider.java deleted file mode 100644 index b920e789..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthMetadataProvider.java +++ /dev/null @@ -1,169 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; - -import java.io.IOException; -import java.security.KeyStore; -import java.security.Provider; -import java.security.cert.CertificateException; -import java.text.MessageFormat; -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; - -import javax.annotation.PostConstruct; - -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; - -import org.apache.commons.lang3.StringUtils; -import org.opensaml.saml.metadata.resolver.MetadataResolver; -import org.opensaml.saml.metadata.resolver.filter.MetadataFilter; -import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain; -import org.springframework.beans.factory.annotation.Autowired; - -import lombok.extern.slf4j.Slf4j; - -/** - * SAML2 metadata-provider implementation for eIDAS client. - * - * @author tlenz - * - */ -@Slf4j -public class EidasCentralAuthMetadataProvider extends AbstractChainingMetadataProvider { - - private static final String FRIENDLYNAME_METADATA_TRUSTSTORE = "'eIDAS_client metadata truststore'"; - private static final String PROVIDER_ID_PATTERN = "eIDAS resolver: {0}"; - public static final String PROVIDER_ID = "'eIDAS_client metadata provider'"; - - @Autowired - private IConfiguration basicConfig; - - @Autowired - private PvpMetadataResolverFactory metadataProviderFactory; - @Autowired - private IHttpClientFactory httpClientFactory; - - @Autowired - private EaafKeyStoreFactory keyStoreFactory; - - private Pair metadataSigningTrustStore; - - @Override - protected String getMetadataUrl(String entityId) throws EaafConfigurationException { - log.trace("eIDAS Auth. uses SAML2 well-known location approach. EntityId is Metadata-URL"); - return entityId; - - } - - @Override - protected MetadataResolver createNewMetadataProvider(String entityId) throws EaafConfigurationException, - IOException, CertificateException { - final List filterList = new ArrayList<>(); - filterList.add(new SchemaValidationFilter(true)); - filterList.add(new SimpleMetadataSignatureVerificationFilter( - metadataSigningTrustStore.getFirst(), entityId)); - - final MetadataFilterChain filter = new MetadataFilterChain(); - filter.setFilters(filterList); - - try { - return metadataProviderFactory.createMetadataProvider(getMetadataUrl(entityId), - filter, - MessageFormat.format(PROVIDER_ID_PATTERN, entityId), - httpClientFactory.getHttpClient()); - - } catch (final Pvp2MetadataException e) { - log.info("Can NOT build metadata provider for entityId: {}", entityId); - throw new EaafConfigurationException("module.eidasauth.04", - new Object[] { entityId, e.getMessage() }, e); - - } - } - - @Override - protected List getAllMetadataUrlsFromConfiguration() throws EaafConfigurationException { - return Collections.emptyList(); - - } - - @Override - protected String getMetadataProviderId() { - return PROVIDER_ID; - - } - - @Override - public void runGarbageCollector() { - log.trace("Garbage collection is NOT supported by: {}", getId()); - } - - @Override - public void doDestroy() { - super.fullyDestroy(); - - } - - @PostConstruct - private void initialize() throws EaafException { - // initialize truststore to validate metadata signing certificates - initializeTrustStore(); - - // load metadata with metadataURL, as backup - initializeFileSystemMetadata(); - - } - - private void initializeFileSystemMetadata() { - try { - final String metadataUrl = basicConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_NODE_METADATAURL); - if (StringUtils.isNotEmpty(metadataUrl)) { - log.info("Use not recommended metadata-provider initialization!" - + " SAML2 'Well-Known-Location' is the preferred methode."); - log.info("Initialize 'ms-specific eIDAS node' metadata-provider with URL: {}", metadataUrl); - - addMetadataResolverIntoChain(createNewMetadataProvider(metadataUrl)); - } - - } catch (final EaafConfigurationException | CertificateException | IOException e) { - log.warn("Can NOT inject static eIDAS Node metadata-soure.", e); - log.warn("eIDAS Node communication can be FAIL."); - - } - } - - private void initializeTrustStore() throws EaafException { - // set configuration - final KeyStoreConfiguration trustStoreConfig = new KeyStoreConfiguration(); - trustStoreConfig.setFriendlyName(FRIENDLYNAME_METADATA_TRUSTSTORE); - trustStoreConfig.setKeyStoreType(basicConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_TRUSTSTORE_TYPE, - KeyStoreType.JKS.getKeyStoreType())); - trustStoreConfig.setKeyStoreName(basicConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_TRUSTSTORE_NAME)); - trustStoreConfig.setSoftKeyStoreFilePath(basicConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_TRUSTSTORE_PATH)); - trustStoreConfig.setSoftKeyStorePassword(basicConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_TRUSTSTORE_PASSWORD)); - - // validate configuration - trustStoreConfig.validate(); - - // open new TrustStore - metadataSigningTrustStore = keyStoreFactory.buildNewKeyStore(trustStoreConfig); - - } - -} - diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthRequestBuilderConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthRequestBuilderConfiguration.java deleted file mode 100644 index 723654eb..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/EidasCentralAuthRequestBuilderConfiguration.java +++ /dev/null @@ -1,300 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; - -import java.util.List; - -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; -import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation; - -import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration; -import org.opensaml.saml.saml2.core.NameIDType; -import org.opensaml.saml.saml2.metadata.EntityDescriptor; -import org.w3c.dom.Element; - -public class EidasCentralAuthRequestBuilderConfiguration implements IPvpAuthnRequestBuilderConfiguruation { - - private boolean isPassive; - private String spEntityId; - private String qaaLevel; - private EntityDescriptor idpEntity; - private EaafX509Credential signCred; - private String scopeRequesterId; - private String providerName; - private List requestedAttributes; - private String reqId; - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#isPassivRequest() - */ - @Override - public Boolean isPassivRequest() { - return this.isPassive; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getAssertionConsumerServiceId() - */ - @Override - public Integer getAssertionConsumerServiceId() { - return 0; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getEntityID() - */ - @Override - public String getSpEntityID() { - return this.spEntityId; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() - */ - @Override - public String getNameIdPolicyFormat() { - return NameIDType.PERSISTENT; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() - */ - @Override - public boolean getNameIdPolicyAllowCreation() { - return true; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getAuthnContextClassRef() - */ - @Override - public String getAuthnContextClassRef() { - return this.qaaLevel; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getAuthnContextComparison() - */ - @Override - public AuthnContextComparisonTypeEnumeration getAuthnContextComparison() { - return AuthnContextComparisonTypeEnumeration.MINIMUM; - } - - /** - * Set isPassive flag in SAML2 request. - * - * @param isPassive the isPassive to set. - */ - public void setPassive(boolean isPassive) { - this.isPassive = isPassive; - } - - /** - * Set the requester EntityId. - * - * @param spEntityId EntityId of SP - */ - public void setSpEntityID(String spEntityId) { - this.spEntityId = spEntityId; - } - - /** - * Set required LoA. - * - * @param loa the LoA to set. - */ - public void setRequestedLoA(String loa) { - qaaLevel = loa; - } - - /** - * Set EntityId of IDP. - * - * @param idpEntity the idpEntity to set. - */ - public void setIdpEntity(EntityDescriptor idpEntity) { - this.idpEntity = idpEntity; - } - - /** - * Set message signing credentials. - * - * @param signCred the signCred to set. - */ - public void setSignCred(EaafX509Credential signCred) { - this.signCred = signCred; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getAuthnRequestSigningCredential() - */ - @Override - public EaafX509Credential getAuthnRequestSigningCredential() { - return this.signCred; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getIDPEntityDescriptor() - */ - @Override - public EntityDescriptor getIdpEntityDescriptor() { - return this.idpEntity; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getSubjectNameID() - */ - @Override - public String getSubjectNameID() { - return null; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getSPNameForLogging() - */ - @Override - public String getSpNameForLogging() { - return EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDFormat() - */ - @Override - public String getSubjectNameIdFormat() { - return null; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getRequestID() - */ - @Override - public String getRequestID() { - return this.reqId; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDQualifier() - */ - @Override - public String getSubjectNameIdQualifier() { - return null; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationMethode() - */ - @Override - public String getSubjectConformationMethode() { - return null; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationDate() - */ - @Override - public Element getSubjectConformationDate() { - return null; - } - - @Override - public List getRequestedAttributes() { - return this.requestedAttributes; - - } - - @Override - public String getProviderName() { - return this.providerName; - } - - @Override - public String getScopeRequesterId() { - return this.scopeRequesterId; - } - - /** - * Set the entityId of the SP that requests the proxy for eIDAS authentication. - * - * @param scopeRequesterId RequestId in SAML2 Proxy extension - */ - public void setScopeRequesterId(String scopeRequesterId) { - this.scopeRequesterId = scopeRequesterId; - } - - /** - * Set a friendlyName for the SP that requests the proxy for eIDAS - * authentication. - * - * @param providerName SAML2 provider-name attribute-value - */ - public void setProviderName(String providerName) { - this.providerName = providerName; - } - - /** - * Set a Set of PVP attributes that a requested by using requested attributes. - * - * @param requestedAttributes Requested SAML2 attributes - */ - public void setRequestedAttributes(List requestedAttributes) { - this.requestedAttributes = requestedAttributes; - } - - /** - * Set a RequestId for this Authn. Request. - * - * @param reqId SAML2 message requestId - */ - public void setRequestId(String reqId) { - this.reqId = reqId; - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/IAhSpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/IAhSpConfiguration.java deleted file mode 100644 index d8e873c0..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/mobilesig/IAhSpConfiguration.java +++ /dev/null @@ -1,151 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig; - -import java.util.List; - -import javax.annotation.Nonnull; -import javax.annotation.Nullable; - -import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; -import at.gv.egiz.eaaf.core.impl.data.Pair; - -public interface IAhSpConfiguration extends ISpConfiguration { - - - /** - * Flag if this Service Provider is enabled. - * - * @return true if the SP is enabled, otherwise false - */ - boolean isEnabled(); - - /** - * Get unique identifier that is used in Application-Register from BM.I. - * - *

If no BM.I specific identifier is available then this method returns - * the same identifier as getUniqueIdentifier()

- * - * @return unique identifier from BM.I AppReg, or generic uniqueId of no specific exists - */ - String getUniqueApplicationRegisterIdentifier(); - - /** - * Flag that marks this Service-Provider as public or private. - * - *

Default: If it is not set or has an unknown value, its private by default

- * - * @return true if it is from public, otherwise false - */ - boolean isPublicServiceProvider(); - - /** - * Enable test identities for this Service Provider. - * - * @return true if test identities are allowed, otherwise false - */ - boolean isTestCredentialEnabled(); - - /** - * Get a List of OID's that refine the set of allowed test identities. - * - * @return @link {@link List} of test-identity OID's - */ - @Nullable - List getTestCredentialOids(); - - - /** - * Get a List of unique attribute URI's that are required by this SP. - * - * @return {@link List} of attribute URI's / parameter {@link Pair}s - */ - List> getRequiredAttributes(); - - - /** - * Get the CountryCode for this service.
- *
- * Default: AT - * - * @return - */ - String getCountryCode(); - - /** - * Set the CountryCode for this service. If not countryCode is set, AT is used as default. - * - * @param cc Service-Provider country-code - */ - void setCountryCode(String cc); - - /** - * Enable mandates for this service provider. - * - * @return true if mandates are enabled, otherwise false - */ - boolean isMandateEnabled(); - - /** - * Enables multi-mandates for this service-provider. - * - * @return true if multi-mandates are enabled, otherwise false - */ - boolean isMultiMandateEnabled(); - - /** - * Only mandates are allowed for this service provider. - * - * @return true if only mandates are allowed, otherwise false - */ - boolean isOnlyMandateEnabled(); - - /** - * Get a {@link List} of mandate profiles that are supported by this Service provider. - * - * @return - */ - @Nonnull List getMandateProfiles(); - - - /** - * eIDAS authentication allowed flag. - * - * @return true if eIDAS authentication is enabled, otherwise false - */ - boolean isEidasEnabled(); - - /** - * Get a List of targets for additional bPKs that are required by this service provider. - * - * @return List of prefixed bPK targets - */ - @Nonnull List getAdditionalBpkTargets(); - - /** - * Get a list of foreign bPK targets that are required by this service provider. - * - * @return List of pairs with prefixed bPK targets as first element and VKZ as second element - */ - @Nonnull List> getAdditionalForeignBpkTargets(); - - /** - * Flag that indicates that service-provider as restricted or unrestricted. - * - *

A restricted service-provider can only used by test-identities that contains a - * valid application-restriction in User-Certificate Pinning

- * - *

Default: true

- * - * @return true if it is restricted, otherwise false - */ - boolean isRestrictedServiceProvider(); - - - /** - * Defines the time in minutes how long the last VDA registration h@Override - ave passed as maximum. - * - * @return time in minutes - */ - long lastVdaAuthenticationDelay(); - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java index 3f2ae1f2..5f242c1b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java @@ -23,11 +23,11 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig.EidasCentralAuthConstants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig.EidasCentralAuthCredentialProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig.EidasCentralAuthMetadataProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig.EidasCentralAuthRequestBuilderConfiguration; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.mobilesig.IAhSpConfiguration; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthCredentialProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthRequestBuilderConfiguration; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IAhSpConfiguration; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; @@ -72,9 +72,9 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet @Autowired PvpAuthnRequestBuilder authnReqBuilder; @Autowired - EidasCentralAuthCredentialProvider credential; + IdAustriaClientAuthCredentialProvider credential; @Autowired - EidasCentralAuthMetadataProvider metadataService; + IdAustriaClientAuthMetadataProvider metadataService; // @Autowired // ITransactionStorage transactionStorage; @@ -107,18 +107,18 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet } // setup AuthnRequestBuilder configuration - final EidasCentralAuthRequestBuilderConfiguration authnReqConfig = - new EidasCentralAuthRequestBuilderConfiguration(); + final IdAustriaClientAuthRequestBuilderConfiguration authnReqConfig = + new IdAustriaClientAuthRequestBuilderConfiguration(); final SecureRandomIdentifierGenerationStrategy gen = new SecureRandomIdentifierGenerationStrategy(); authnReqConfig.setRequestId(gen.generateIdentifier()); authnReqConfig.setIdpEntity(entityDesc); authnReqConfig.setPassive(false); authnReqConfig.setSignCred(credential.getMessageSigningCredential()); - authnReqConfig.setSpEntityID(pendingReq.getAuthUrl() + EidasCentralAuthConstants.ENDPOINT_METADATA); + authnReqConfig.setSpEntityID(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_METADATA); authnReqConfig.setRequestedLoA(authConfig.getBasicConfiguration( - EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_LOA, - EidasCentralAuthConstants.CONFIG_DEFAULT_LOA_EIDAS_LEVEL)); + IdAustriaClientAuthConstants.CONFIG_PROPS_REQUIRED_LOA, + IdAustriaClientAuthConstants.CONFIG_DEFAULT_LOA_EIDAS_LEVEL)); authnReqConfig.setScopeRequesterId( pendingReq.getServiceProviderConfiguration(IAhSpConfiguration.class) diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index dd0e1345..c6d69c5d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -135,13 +135,13 @@ scope="prototype" /> + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthCredentialProvider" /> + class=" at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthMetadataProvider" /> + class=" at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthMetadataController" /> \ No newline at end of file -- cgit v1.2.3 From 17ed45c5d47d8b23a36c0088c2922c0f0fefe234 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Fri, 29 Jan 2021 09:37:44 +0100 Subject: fixed package name, added JCE --- eidas_modules/authmodule-eIDAS-v2/pom.xml | 9 + .../AhExtendedPvpAttributeDefinitions.java | 24 -- .../v2/idAustriaClient/AuthHandlerConstants.java | 141 ------ .../v2/idAustriaClient/IAhSpConfiguration.java | 151 ------- .../IdAustriaClientAuthConstants.java | 166 -------- .../IdAustriaClientAuthCredentialProvider.java | 130 ------ .../IdAustriaClientAuthMetadataConfiguration.java | 471 --------------------- .../IdAustriaClientAuthMetadataController.java | 149 ------- .../IdAustriaClientAuthMetadataProvider.java | 169 -------- ...striaClientAuthRequestBuilderConfiguration.java | 300 ------------- .../AhAuthProcessDataConstants.java | 9 + .../idaustriaclient/AhAuthProcessDataWrapper.java | 224 ++++++++++ .../AhExtendedPvpAttributeDefinitions.java | 24 ++ .../v2/idaustriaclient/AuthHandlerConstants.java | 141 ++++++ .../idaustriaclient/EidasAuthEventConstants.java | 10 + .../v2/idaustriaclient/IAhAuthProcessData.java | 190 +++++++++ .../v2/idaustriaclient/IAhSpConfiguration.java | 151 +++++++ .../eidas/v2/idaustriaclient/IRawMandateDao.java | 32 ++ .../eidas/v2/idaustriaclient/ISignedMandate.java | 19 + .../IdAustriaClientAuthConstants.java | 166 ++++++++ .../IdAustriaClientAuthCredentialProvider.java | 130 ++++++ .../IdAustriaClientAuthMetadataConfiguration.java | 471 +++++++++++++++++++++ .../IdAustriaClientAuthMetadataController.java | 149 +++++++ .../IdAustriaClientAuthMetadataProvider.java | 169 ++++++++ ...striaClientAuthRequestBuilderConfiguration.java | 300 +++++++++++++ .../eidas/v2/idaustriaclient/MisException.java | 17 + .../GenerateMobilePhoneSignatureRequestTask.java | 16 +- ...eSignatureResponseAndSearchInRegistersTask.java | 342 +++++++++++++++ .../src/main/resources/eidas_v2_auth.beans.xml | 6 +- 29 files changed, 2561 insertions(+), 1715 deletions(-) delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AhExtendedPvpAttributeDefinitions.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AuthHandlerConstants.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IAhSpConfiguration.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthConstants.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthCredentialProvider.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataConfiguration.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataController.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataProvider.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthRequestBuilderConfiguration.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataConstants.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataWrapper.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhExtendedPvpAttributeDefinitions.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AuthHandlerConstants.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhAuthProcessData.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhSpConfiguration.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IRawMandateDao.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/ISignedMandate.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataProvider.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthRequestBuilderConfiguration.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/MisException.java (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml index 680c528e..f578c52d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/pom.xml +++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml @@ -50,6 +50,15 @@ eaaf-core + + iaik.prod + iaik_jce_full + 5.52_moa + + + + + eu.eidas diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AhExtendedPvpAttributeDefinitions.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AhExtendedPvpAttributeDefinitions.java deleted file mode 100644 index 8dea6df3..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AhExtendedPvpAttributeDefinitions.java +++ /dev/null @@ -1,24 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; - -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class AhExtendedPvpAttributeDefinitions implements ExtendedPvpAttributeDefinitions { - private static final Logger log = - LoggerFactory.getLogger(AhExtendedPvpAttributeDefinitions.class); - - private AhExtendedPvpAttributeDefinitions() { - log.trace("Instance class: {} for SonarQube", - AhExtendedPvpAttributeDefinitions.class.getName()); - - } - - public static final String EID_BCBIND_NAME = "urn:eidgvat:attributes.bcbind"; - public static final String EID_BCBIND_FRIENDLY_NAME = "bcBind"; - - public static final String EID_BINDING_PUBKEY_NAME = "urn:eidgvat:attributes.binding.pubkey"; - public static final String EID_BINDING_PUBKEY_FRIENDLY_NAME = "BindingPubKey"; - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AuthHandlerConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AuthHandlerConstants.java deleted file mode 100644 index 9c6929c2..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AuthHandlerConstants.java +++ /dev/null @@ -1,141 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; - - -public class AuthHandlerConstants { - - private AuthHandlerConstants() { - - } - - // TODO: maybe update to another target - public static final String DEFAULT_INTERNAL_BPK_TARGET = "urn:publicid:gv.at:cdid+ZP-MH"; - - // configuration parameters - public static final String PROP_CONFIG_APPLICATION_PREFIX = "authhandler."; - public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX = "core.context.url.prefix"; - public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION = - "core.context.url.request.validation"; - public static final String PROP_CONFIG_LEGACY_ALLOW = "core.legacy.allowLegacyMode"; - - public static final String PROP_CONFIG_WEBCONTENT_STATIC_PATH = - "core.webcontent.static.directory"; - public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH = "core.webcontent.templates"; - public static final String PROP_CONFIG_WEBCONTENT_PROPERTIES_PATH = "core.webcontent.properties"; - - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_NAME = "core.cache.transaction.name"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_ENABLED = - "core.cache.transaction.encryption.enabled"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEY_TYPE = - "core.cache.transaction.encryption.type"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_PASSPHRASE = - "core.cache.transaction.encryption.passphrase"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_SALT = - "core.cache.transaction.encryption.salt"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEYSTORE_NAME = - "core.cache.transaction.encryption.keystore.name"; - public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEY_ALIAS = - "core.cache.transaction.encryption.key.alias"; - - public static final String PROP_CONFIG_CACHE_ATTRIBUTEPROXY_NAME = - "core.cache.attributeproxy.name"; - - public static final String PROP_CONFIG_BACKEND_ENDPOINT_GETALLSUPPORTEDATTRIBUTES = - "backend.endpoints.getallsupportedattributes"; - public static final String PROP_CONFIG_BACKEND_ENDPOINT_GETAPPLICATIONCONFIGURATION = - "backend.endpoints.getapplicationconfiguration"; - - public static final String PROP_CONFIG_INTERNAL_BPK_TARGET = "core.internal.bpk.target"; - - public static final String PROP_CONFIG_INTERNAL_FRONTEND_ONLY_MODE = "core.internal.frontend.only.mode"; - public static final boolean PROP_DEFAULT_CONFIG_INTERNAL_FRONTEND_ONLY_MODE = false; - - // Servlet End-Points - public static final String ENDPOINT_PROCESSENGINE_CONTROLLER = "/api/process"; - public static final String ENDPOINT_ERROR_IFRAME_HOPPING = "/error/parenthop"; - - - // GUI template directories - public static final String CLASSPATH_TEMPLATE_DIR = "/templates/"; - public static final String FILESYSTEM_TEMPLATE_DIR = "./templates/"; - public static final String TEMPLATE_HTML_ERROR = "error_message.html"; - - // GUI template defaultfiles - public static final String TEMPLATE_AUTHPROCESS_SELECTION_VDA_FULLFRAME = "authSelection.html"; - public static final String TEMPLATE_AUTHPROCESS_SELECTION_VDA_IFRAME = "authSelection_iframe.html"; - public static final String TEMPLATE_USER_CONSENT_REQUEST = "userConsent.html"; - public static final String TEMPLATE_IFRAME_TO_PARENT_HOPE = "iframe_parent_hope.html"; - public static final String TEMPLATE_MANDATE_SELECTION = "mandateSelection.html"; - public static final String TEMPLATE_PROF_REP_MANDATE_SELECTION = "profRepMandateSelection.html"; - public static final String TEMPLATE_MANDATE_SELECTION_DUMMY = "mandateSelection_dummy.html"; - - - - // http request parameters - public static final String HTTP_PARAM_APPLICATION_ID = "appId"; - public static final String HTTP_PARAM_STOP_PROCESS = "stopAuthProcess"; - public static final String HTTP_PARAM_EIDAS_PROCESS = "useeIDAS"; - public static final String HTTP_PARAM_EID_PROCESS = "useeID"; - public static final String HTTP_PARAM_EID_BINDING_AUTH_PROCESS = "useBindingAuth"; - public static final String HTTP_PARAM_USE_MANDATES = "useMandate"; - public static final String HTTP_PARAM_AUTHMETHOD = "authMethod"; - public static final String HTTP_PARAM_CONSENT_RELEASE_ATTRIBUTES = "releaseAttributes"; - public static final String HTTP_PARAM_CONSENT_STORE_CONSENT = "storeConsent"; - - @Deprecated - public static final String HTTP_PARAM_EIDMIGRATIONPILOT_PROCESS = "pilotMigration"; - @Deprecated - public static final String HTTP_PARAM_EIDMIGRATIONPILOT_SHOW_INFO_PAGE = "pilotMigrationInfoPage"; - @Deprecated - public static final String HTTP_PARAM_MOBILESIGNATURE_PROCESS = "usemobileSig"; - - // UI options - public static final String UI_PARAM_USE_MANDATES = HTTP_PARAM_USE_MANDATES; - public static final String UI_PARAM_USE_ONLY_MANDATES = "useOnlyMandate"; - public static final String UI_PARAM_USE_EIDAS = HTTP_PARAM_EIDAS_PROCESS; - public static final String UI_PARAM_DSGVO_SHORT_INFO = "dsgvoShortText"; - public static final String UI_PARAM_DSGVO_SP_PRIVACY_STATEMENT_URL = "dsgvoPrivacyStatementUrl"; - public static final String UI_PARAM_DSGVO_SP_SERVICE_URL = "dsgvoServiceUrl"; - public static final String UI_PARAM_DSGVO_SP_LOGO = "dsgvoSpLogo"; - public static final String UI_PARAM_DSGVO_SP_LOGO_SET = "dsgvoSpLogoSet"; - public static final String UI_PARAM_DSGVO_SP_LOGO_SET_DATAURL = "dataUrl"; - public static final String UI_PARAM_DSGVO_SP_LOGO_SET_THEME = "theme"; - public static final String UI_PARAM_DSGVO_SP_LOGO_SET_RESOLUTION = "resolution"; - public static final String UI_PARAM_DSGVO_SP_LOGO_SET_TYPE = "type"; - - public enum LogoType { SVG, PNG, UNKNOWN } - - public enum AuthBlockType { - CADES("CAdES"), JWS("JWS"), NONE("none"); - - private final String internalType; - - AuthBlockType(final String type) { - this.internalType = type; - - } - - /** - * Get Type identifier for this AuthBlock. - * - * @return - */ - public String getAuthBlockType() { - return this.internalType; - } - - @Override - public String toString() { - return getAuthBlockType(); - - } - } - - // process context parameters - public static final String PROCESSCONTEXT_USERCONSENT_NEEDED = "userConsentNeeded"; - public static final String PROCESSCONTEXT_AUTHPROCESSSELECTION_DONE = "authProcSelectDone"; - public static final String PROCESSCONTEXT_SWITCH_LANGUAGE = "changeLanguage"; - public static final String PROCESSCONTEXT_IFRAME_PARENT_NEEDED = "iframeParentNeeded"; - - public static final String PROCESSCONTEXT_WAS_EID_PROCESS = "wasEidProcess"; - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IAhSpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IAhSpConfiguration.java deleted file mode 100644 index 2a54f541..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IAhSpConfiguration.java +++ /dev/null @@ -1,151 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; - -import java.util.List; - -import javax.annotation.Nonnull; -import javax.annotation.Nullable; - -import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; -import at.gv.egiz.eaaf.core.impl.data.Pair; - -public interface IAhSpConfiguration extends ISpConfiguration { - - - /** - * Flag if this Service Provider is enabled. - * - * @return true if the SP is enabled, otherwise false - */ - boolean isEnabled(); - - /** - * Get unique identifier that is used in Application-Register from BM.I. - * - *

If no BM.I specific identifier is available then this method returns - * the same identifier as getUniqueIdentifier()

- * - * @return unique identifier from BM.I AppReg, or generic uniqueId of no specific exists - */ - String getUniqueApplicationRegisterIdentifier(); - - /** - * Flag that marks this Service-Provider as public or private. - * - *

Default: If it is not set or has an unknown value, its private by default

- * - * @return true if it is from public, otherwise false - */ - boolean isPublicServiceProvider(); - - /** - * Enable test identities for this Service Provider. - * - * @return true if test identities are allowed, otherwise false - */ - boolean isTestCredentialEnabled(); - - /** - * Get a List of OID's that refine the set of allowed test identities. - * - * @return @link {@link List} of test-identity OID's - */ - @Nullable - List getTestCredentialOids(); - - - /** - * Get a List of unique attribute URI's that are required by this SP. - * - * @return {@link List} of attribute URI's / parameter {@link Pair}s - */ - List> getRequiredAttributes(); - - - /** - * Get the CountryCode for this service.
- *
- * Default: AT - * - * @return - */ - String getCountryCode(); - - /** - * Set the CountryCode for this service. If not countryCode is set, AT is used as default. - * - * @param cc Service-Provider country-code - */ - void setCountryCode(String cc); - - /** - * Enable mandates for this service provider. - * - * @return true if mandates are enabled, otherwise false - */ - boolean isMandateEnabled(); - - /** - * Enables multi-mandates for this service-provider. - * - * @return true if multi-mandates are enabled, otherwise false - */ - boolean isMultiMandateEnabled(); - - /** - * Only mandates are allowed for this service provider. - * - * @return true if only mandates are allowed, otherwise false - */ - boolean isOnlyMandateEnabled(); - - /** - * Get a {@link List} of mandate profiles that are supported by this Service provider. - * - * @return - */ - @Nonnull List getMandateProfiles(); - - - /** - * eIDAS authentication allowed flag. - * - * @return true if eIDAS authentication is enabled, otherwise false - */ - boolean isEidasEnabled(); - - /** - * Get a List of targets for additional bPKs that are required by this service provider. - * - * @return List of prefixed bPK targets - */ - @Nonnull List getAdditionalBpkTargets(); - - /** - * Get a list of foreign bPK targets that are required by this service provider. - * - * @return List of pairs with prefixed bPK targets as first element and VKZ as second element - */ - @Nonnull List> getAdditionalForeignBpkTargets(); - - /** - * Flag that indicates that service-provider as restricted or unrestricted. - * - *

A restricted service-provider can only used by test-identities that contains a - * valid application-restriction in User-Certificate Pinning

- * - *

Default: true

- * - * @return true if it is restricted, otherwise false - */ - boolean isRestrictedServiceProvider(); - - - /** - * Defines the time in minutes how long the last VDA registration h@Override - ave passed as maximum. - * - * @return time in minutes - */ - long lastVdaAuthenticationDelay(); - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthConstants.java deleted file mode 100644 index 22910614..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthConstants.java +++ /dev/null @@ -1,166 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; - - -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.impl.data.Triple; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; - - -public class IdAustriaClientAuthConstants { - - private IdAustriaClientAuthConstants() { - - } - - public static final String SAML2_STATUSCODE_USERSTOP = "1005"; - - public static final String MODULE_NAME_FOR_LOGGING = "ID Austria Client"; - - public static final int METADATA_VALIDUNTIL_IN_HOURS = 24; - - // public static final String HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION = - // AuthHandlerConstants.HTTP_PARAM_EIDAS_PROCESS; - - public static final String ENDPOINT_POST = "/idAustriaSp/post"; - public static final String ENDPOINT_REDIRECT = "/idAustriaSp/redirect"; - public static final String ENDPOINT_METADATA = "/idAustriaSp/metadata"; - - public static final String CONFIG_PROPS_PREFIX = "modules.idaustriaclient."; - public static final String CONFIG_PROPS_KEYSTORE_TYPE = CONFIG_PROPS_PREFIX + "keystore.type"; - public static final String CONFIG_PROPS_KEYSTORE_NAME = CONFIG_PROPS_PREFIX + "keystore.name"; - public static final String CONFIG_PROPS_KEYSTORE_PATH = CONFIG_PROPS_PREFIX + "keystore.path"; - public static final String CONFIG_PROPS_KEYSTORE_PASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; - public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX - + "metadata.sign.password"; - public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS = CONFIG_PROPS_PREFIX - + "metadata.sign.alias"; - public static final String CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD = CONFIG_PROPS_PREFIX - + "request.sign.password"; - public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS = CONFIG_PROPS_PREFIX - + "request.sign.alias"; - public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX - + "response.encryption.password"; - public static final String CONFIG_PROPS_ENCRYPTION_ALIAS = CONFIG_PROPS_PREFIX - + "response.encryption.alias"; - - public static final String CONFIG_PROPS_TRUSTSTORE_TYPE = CONFIG_PROPS_PREFIX + "truststore.type"; - public static final String CONFIG_PROPS_TRUSTSTORE_NAME = CONFIG_PROPS_PREFIX + "truststore.name"; - public static final String CONFIG_PROPS_TRUSTSTORE_PATH = CONFIG_PROPS_PREFIX + "truststore.path"; - public static final String CONFIG_PROPS_TRUSTSTORE_PASSWORD = CONFIG_PROPS_PREFIX + "truststore.password"; - - public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX - + "required.additional.attributes"; - public static final String CONFIG_PROPS_REQUIRED_LOA = CONFIG_PROPS_PREFIX - + "required.loa"; - public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "node.entityId"; - public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "node.metadataUrl"; - public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID"; - - - public static final String CONFIG_PROPS_METADATA_CONTACT_GIVENNAME = - CONFIG_PROPS_PREFIX + "metadata.contact.givenname"; - public static final String CONFIG_PROPS_METADATA_CONTACT_SURNAME = - CONFIG_PROPS_PREFIX + "metadata.contact.surname"; - public static final String CONFIG_PROPS_METADATA_CONTACT_EMAIL = - CONFIG_PROPS_PREFIX + "metadata.contact.email"; - public static final String CONFIG_PROPS_METADATA_ORGANISATION_NAME = - CONFIG_PROPS_PREFIX + "metadata.organisation.name"; - public static final String CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME = - CONFIG_PROPS_PREFIX + "metadata.organisation.friendyname"; - public static final String CONFIG_PROPS_METADATA_ORGANISATION_URL = - CONFIG_PROPS_PREFIX + "metadata.organisation.url"; - - public static final String CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL = "auth.eidas.node.entityId"; - - public static final String CONFIG_PROPS_SEMPER_MANDATES_ACTIVE = CONFIG_PROPS_PREFIX - + "semper.mandates.active"; - public static final String CONFIG_PROPS_SEMPER_MANDATES_MS_PROXY_LIST = CONFIG_PROPS_PREFIX - + "semper.msproxy.list"; - - public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EaafConstants.EIDAS_LOA_HIGH; - - @Deprecated - public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES_WITHOUT_EID = - Collections.unmodifiableList(new ArrayList>() { - private static final long serialVersionUID = 1L; - { - // add PVP Version attribute - add(Triple.newInstance(PvpAttributeDefinitions.PVP_VERSION_NAME, - PvpAttributeDefinitions.PVP_VERSION_FRIENDLY_NAME, true)); - - // request entity information - add(Triple.newInstance(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, - PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false)); - add(Triple.newInstance(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, - PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true)); - add(Triple.newInstance(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, - PvpAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, true)); - - // entity eID information - add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME, - AhExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, false)); - add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME, - AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, false)); - - // Deprecated information - add(Triple.newInstance(PvpAttributeDefinitions.GIVEN_NAME_NAME, - PvpAttributeDefinitions.GIVEN_NAME_FRIENDLY_NAME, false)); - add(Triple.newInstance(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, - PvpAttributeDefinitions.PRINCIPAL_NAME_FRIENDLY_NAME, false)); - add(Triple.newInstance(PvpAttributeDefinitions.BIRTHDATE_NAME, - PvpAttributeDefinitions.BIRTHDATE_FRIENDLY_NAME, false)); - add(Triple.newInstance(PvpAttributeDefinitions.BPK_NAME, PvpAttributeDefinitions.BPK_FRIENDLY_NAME, - false)); - add(Triple.newInstance(PvpAttributeDefinitions.EID_IDENTITY_LINK_NAME, - PvpAttributeDefinitions.EID_IDENTITY_LINK_FRIENDLY_NAME, false)); - - //request pII transactionId from MS-Connector - add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, - ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_FRIENDLY_NAME, false)); - - } - }); - - public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES = - Collections.unmodifiableList(new ArrayList>() { - private static final long serialVersionUID = 1L; - { - // add PVP Version attribute - add(Triple.newInstance(PvpAttributeDefinitions.PVP_VERSION_NAME, - PvpAttributeDefinitions.PVP_VERSION_FRIENDLY_NAME, true)); - - // entity metadata information - add(Triple.newInstance(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, - PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true)); - add(Triple.newInstance(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, - PvpAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, true)); - - // entity eID information - add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME, - AhExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, true)); - add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME, - AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, true)); - - //request pII transactionId from MS-Connector - add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, - ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_FRIENDLY_NAME, false)); - - } - }); - - public static final List DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES = - Collections.unmodifiableList(new ArrayList() { - private static final long serialVersionUID = 1L; - { - for (final Triple el : DEFAULT_REQUIRED_PVP_ATTRIBUTES) { - add(el.getFirst()); - } - } - }); - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthCredentialProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthCredentialProvider.java deleted file mode 100644 index 1aa85e71..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthCredentialProvider.java +++ /dev/null @@ -1,130 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; - -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; - -import org.springframework.beans.factory.annotation.Autowired; - -/** - * Credential provider for eIDAS PVP S-Profile client. - * - * @author tlenz - * - */ -public class IdAustriaClientAuthCredentialProvider extends AbstractCredentialProvider { - - @Autowired - IConfiguration authConfig; - - private static final String FRIENDLYNAME = "eIDAS centrial authentication"; - - @Override - public KeyStoreConfiguration getBasicKeyStoreConfig() throws EaafConfigurationException { - final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); - keyStoreConfig.setFriendlyName(FRIENDLYNAME); - keyStoreConfig.setKeyStoreType( - authConfig.getBasicConfiguration(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_TYPE, - KeyStoreType.PKCS12.getKeyStoreType())); - keyStoreConfig.setKeyStoreName( - authConfig.getBasicConfiguration(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_NAME)); - keyStoreConfig.setSoftKeyStoreFilePath(getKeyStoreFilePath()); - keyStoreConfig.setSoftKeyStorePassword( - authConfig.getBasicConfiguration(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PASSWORD)); - - return keyStoreConfig; - - } - - private String getKeyStoreFilePath() throws EaafConfigurationException { - final String path = authConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH); - if (path == null) { - throw new EaafConfigurationException("module.eidasauth.00", - new Object[] { IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH }); - - } - return path; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getMetadataKeyAlias() - */ - @Override - public String getMetadataKeyAlias() { - return authConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getMetadataKeyPassword() - */ - @Override - public String getMetadataKeyPassword() { - return authConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getSignatureKeyAlias() - */ - @Override - public String getSignatureKeyAlias() { - return authConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getSignatureKeyPassword() - */ - @Override - public String getSignatureKeyPassword() { - return authConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getEncryptionKeyAlias() - */ - @Override - public String getEncryptionKeyAlias() { - return authConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getEncryptionKeyPassword() - */ - @Override - public String getEncryptionKeyPassword() { - return authConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD); - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataConfiguration.java deleted file mode 100644 index 4b5861e9..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataConfiguration.java +++ /dev/null @@ -1,471 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; - - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.data.Triple; -import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; - -import org.opensaml.saml.saml2.core.Attribute; -import org.opensaml.saml.saml2.core.NameIDType; -import org.opensaml.saml.saml2.metadata.ContactPerson; -import org.opensaml.saml.saml2.metadata.Organization; -import org.opensaml.saml.saml2.metadata.RequestedAttribute; -import org.opensaml.security.credential.Credential; - -import lombok.extern.slf4j.Slf4j; - -/** - * Configuration object to generate PVP S-Profile metadata for SAML2 client. - * - * @author tlenz - * - */ -@Slf4j -public class IdAustriaClientAuthMetadataConfiguration implements IPvpMetadataBuilderConfiguration { - - private Collection additionalAttributes = null; - - private final String authUrl; - private final IdAustriaClientAuthCredentialProvider credentialProvider; - private final IPvp2BasicConfiguration pvpConfiguration; - - /** - * Configuration object to create PVP2 S-Profile metadata information. - * - * @param authUrl Public URL prefix of the application - * @param credentialProvider Credentials used by PVP2 S-Profile end-point - * @param pvpConfiguration Basic PVP2 S-Profile end-point configuration - */ - public IdAustriaClientAuthMetadataConfiguration(String authUrl, - IdAustriaClientAuthCredentialProvider credentialProvider, - IPvp2BasicConfiguration pvpConfiguration) { - this.authUrl = authUrl; - this.credentialProvider = credentialProvider; - this.pvpConfiguration = pvpConfiguration; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getMetadataValidUntil() - */ - @Override - public int getMetadataValidUntil() { - return IdAustriaClientAuthConstants.METADATA_VALIDUNTIL_IN_HOURS; - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * buildEntitiesDescriptorAsRootElement() - */ - @Override - public boolean buildEntitiesDescriptorAsRootElement() { - return false; - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * buildIDPSSODescriptor() - */ - @Override - public boolean buildIdpSsoDescriptor() { - return false; - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * buildSPSSODescriptor() - */ - @Override - public boolean buildSpSsoDescriptor() { - return true; - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getEntityIDPostfix() - */ - @Override - public String getEntityID() { - return authUrl + IdAustriaClientAuthConstants.ENDPOINT_METADATA; - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getEntityFriendlyName() - */ - @Override - public String getEntityFriendlyName() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getContactPersonInformation() - */ - @Override - public List getContactPersonInformation() { - try { - return pvpConfiguration.getIdpContacts(); - - } catch (final EaafException e) { - log.warn("Can not load Metadata entry: Contect Person", e); - return null; - - } - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getOrgansiationInformation() - */ - @Override - public Organization getOrgansiationInformation() { - try { - return pvpConfiguration.getIdpOrganisation(); - - } catch (final EaafException e) { - log.warn("Can not load Metadata entry: Organisation", e); - return null; - - } - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getMetadataSigningCredentials() - */ - @Override - public EaafX509Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { - return credentialProvider.getMetaDataSigningCredential(); - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getRequestorResponseSigningCredentials() - */ - @Override - public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { - return credentialProvider.getMessageSigningCredential(); - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getEncryptionCredentials() - */ - @Override - public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { - return credentialProvider.getMessageEncryptionCredential(); - - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getIDPWebSSOPostBindingURL() - */ - @Override - public String getIdpWebSsoPostBindingUrl() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getIDPWebSSORedirectBindingURL() - */ - @Override - public String getIdpWebSsoRedirectBindingUrl() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getIDPSLOPostBindingURL() - */ - @Override - public String getIdpSloPostBindingUrl() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getIDPSLORedirectBindingURL() - */ - @Override - public String getIdpSloRedirectBindingUrl() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getSPAssertionConsumerServicePostBindingURL() - */ - @Override - public String getSpAssertionConsumerServicePostBindingUrl() { - return authUrl + IdAustriaClientAuthConstants.ENDPOINT_POST; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getSPAssertionConsumerServiceRedirectBindingURL() - */ - @Override - public String getSpAssertionConsumerServiceRedirectBindingUrl() { - return authUrl + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getSPSLOPostBindingURL() - */ - @Override - public String getSpSloPostBindingUrl() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getSPSLORedirectBindingURL() - */ - @Override - public String getSpSloRedirectBindingUrl() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getSPSLOSOAPBindingURL() - */ - @Override - public String getSpSloSoapBindingUrl() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getIDPPossibleAttributes() - */ - @Override - public List getIdpPossibleAttributes() { - return null; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getIDPPossibleNameITTypes() - */ - @Override - public List getIdpPossibleNameIdTypes() { - return null; - } - - - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getSPRequiredAttributes() - */ - @Override - public Collection getSpRequiredAttributes() { - final Map requestedAttributes = new HashMap<>(); - - if (pvpConfiguration.getBasicConfiguration().getBasicConfigurationBoolean( - AuthHandlerConstants.PROP_CONFIG_LEGACY_ALLOW, false)) { - log.trace("Build required attributes for legacy operaton ... "); - injectDefinedAttributes(requestedAttributes, - IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES_WITHOUT_EID); - - } else { - log.trace("Build required attributes for E-ID operaton ... "); - injectDefinedAttributes(requestedAttributes, - IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES); - - } - - if (additionalAttributes != null) { - log.trace("Add additional PVP attributes into metadata ... "); - for (final RequestedAttribute el : additionalAttributes) { - if (requestedAttributes.containsKey(el.getName())) { - log.debug("Attribute " + el.getName() - + " is already added by default configuration. Overwrite it by user configuration"); - } - - requestedAttributes.put(el.getName(), el); - - } - } - - return requestedAttributes.values(); - - } - - - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# - * getSPAllowedNameITTypes() - */ - @Override - public List getSpAllowedNameIdTypes() { - return Arrays.asList(NameIDType.PERSISTENT); - - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPMetadataBuilderConfiguration#getSPNameForLogging() - */ - @Override - public String getSpNameForLogging() { - return IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPMetadataBuilderConfiguration#wantAssertionSigned() - */ - @Override - public boolean wantAssertionSigned() { - return false; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned() - */ - @Override - public boolean wantAuthnRequestSigned() { - return true; - } - - /** - * Add additonal PVP attributes that are required by this deployment. - * - * @param additionalAttr List of PVP attribute name and isRequired flag - */ - public void setAdditionalRequiredAttributes(List> additionalAttr) { - if (additionalAttr != null && !additionalAttr.isEmpty()) { - additionalAttributes = new ArrayList<>(); - for (final Pair el : additionalAttr) { - final Attribute attributBuilder = PvpAttributeBuilder.buildEmptyAttribute(el.getFirst()); - if (attributBuilder != null) { - additionalAttributes.add( - PvpAttributeBuilder.buildReqAttribute( - attributBuilder.getName(), - attributBuilder.getFriendlyName(), - el.getSecond())); - - } else { - log.info("NO PVP attribute with name: " + el.getFirst()); - } - - } - } - } - - private void injectDefinedAttributes(Map requestedAttributes, - List> attributes) { - for (final Triple el : attributes) { - requestedAttributes.put(el.getFirst(), PvpAttributeBuilder.buildReqAttribute(el.getFirst(), el - .getSecond(), el.getThird())); - - } - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataController.java deleted file mode 100644 index 87886397..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataController.java +++ /dev/null @@ -1,149 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; - - -import java.io.IOException; -import java.net.MalformedURLException; -import java.net.URL; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.http.HttpUtils; -import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; -import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; -import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder; - -import org.apache.commons.lang3.StringUtils; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -import com.google.common.net.MediaType; -import lombok.extern.slf4j.Slf4j; - -/** - * Controller that generates SAML2 metadata for eIDAS authentication client. - * - * @author tlenz - * - */ -@Slf4j -@Controller -public class IdAustriaClientAuthMetadataController extends AbstractController { - - private static final String ERROR_CODE_INTERNAL_00 = "eaaf.core.00"; - - @Autowired - PvpMetadataBuilder metadatabuilder; - @Autowired - IdAustriaClientAuthCredentialProvider credentialProvider; - @Autowired - IPvp2BasicConfiguration pvpConfiguration; - - /** - * Default construction with logging. - * - */ - public IdAustriaClientAuthMetadataController() { - super(); - log.debug("Registering servlet " + getClass().getName() - + " with mappings '" + IdAustriaClientAuthConstants.ENDPOINT_METADATA - + "'."); - - } - - /** - * End-point that produce PVP2 metadata for eIDAS authentication client. - * - * @param req http Request - * @param resp http Response - * @throws IOException In case of an I/O error - * @throws EaafException In case of a metadata generation error - */ - @RequestMapping(value = IdAustriaClientAuthConstants.ENDPOINT_METADATA, - method = { RequestMethod.GET }) - public void getSpMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException, - EaafException { - // check PublicURL prefix - try { - final String authUrl = getAuthUrlFromHttpContext(req); - - // initialize metadata builder configuration - final IdAustriaClientAuthMetadataConfiguration metadataConfig = - new IdAustriaClientAuthMetadataConfiguration(authUrl, credentialProvider, pvpConfiguration); - metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes()); - - // build metadata - final String xmlMetadata = metadatabuilder.buildPvpMetadata(metadataConfig); - - // write response - final byte[] content = xmlMetadata.getBytes("UTF-8"); - resp.setStatus(HttpServletResponse.SC_OK); - resp.setContentLength(content.length); - resp.setContentType(MediaType.XML_UTF_8.toString()); - resp.getOutputStream().write(content); - - } catch (final Exception e) { - log.warn("Build federated-authentication PVP metadata FAILED.", e); - protAuthService.handleErrorNoRedirect(e, req, resp, false); - - } - - } - - private String getAuthUrlFromHttpContext(HttpServletRequest req) throws EaafException { - // check if End-Point is valid - final String authUrlString = HttpUtils.extractAuthUrlFromRequest(req); - URL authReqUrl; - try { - authReqUrl = new URL(authUrlString); - - } catch (final MalformedURLException e) { - log.warn("Requested URL: {} is not a valid URL.", authUrlString); - throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString }, e); - - } - - final String idpAuthUrl = authConfig.validateIdpUrl(authReqUrl); - if (idpAuthUrl == null) { - log.warn("Requested URL: {} is NOT found in configuration.", authReqUrl); - throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString }); - - } - - return idpAuthUrl; - } - - private List> getAdditonalRequiredAttributes() { - final List> result = new ArrayList<>(); - - // load attributes from configuration - final Map addReqAttributes = authConfig.getBasicConfigurationWithPrefix( - IdAustriaClientAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST); - for (final String el : addReqAttributes.values()) { - if (StringUtils.isNotEmpty(el)) { - log.trace("Parse additional attr. definition: " + el); - final List attr = KeyValueUtils.getListOfCsvValues(el.trim()); - if (attr.size() == 2) { - result.add(Pair.newInstance(attr.get(0), Boolean.parseBoolean(attr.get(1)))); - - } else { - log.info("IGNORE additional attr. definition: " + el - + " Reason: Format not valid"); - } - } - } - - return result; - - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataProvider.java deleted file mode 100644 index c0bfa290..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataProvider.java +++ /dev/null @@ -1,169 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; - -import java.io.IOException; -import java.security.KeyStore; -import java.security.Provider; -import java.security.cert.CertificateException; -import java.text.MessageFormat; -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; - -import javax.annotation.PostConstruct; - -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; - -import org.apache.commons.lang3.StringUtils; -import org.opensaml.saml.metadata.resolver.MetadataResolver; -import org.opensaml.saml.metadata.resolver.filter.MetadataFilter; -import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain; -import org.springframework.beans.factory.annotation.Autowired; - -import lombok.extern.slf4j.Slf4j; - -/** - * SAML2 metadata-provider implementation for eIDAS client. - * - * @author tlenz - * - */ -@Slf4j -public class IdAustriaClientAuthMetadataProvider extends AbstractChainingMetadataProvider { - - private static final String FRIENDLYNAME_METADATA_TRUSTSTORE = "'eIDAS_client metadata truststore'"; - private static final String PROVIDER_ID_PATTERN = "eIDAS resolver: {0}"; - public static final String PROVIDER_ID = "'eIDAS_client metadata provider'"; - - @Autowired - private IConfiguration basicConfig; - - @Autowired - private PvpMetadataResolverFactory metadataProviderFactory; - @Autowired - private IHttpClientFactory httpClientFactory; - - @Autowired - private EaafKeyStoreFactory keyStoreFactory; - - private Pair metadataSigningTrustStore; - - @Override - protected String getMetadataUrl(String entityId) throws EaafConfigurationException { - log.trace("eIDAS Auth. uses SAML2 well-known location approach. EntityId is Metadata-URL"); - return entityId; - - } - - @Override - protected MetadataResolver createNewMetadataProvider(String entityId) throws EaafConfigurationException, - IOException, CertificateException { - final List filterList = new ArrayList<>(); - filterList.add(new SchemaValidationFilter(true)); - filterList.add(new SimpleMetadataSignatureVerificationFilter( - metadataSigningTrustStore.getFirst(), entityId)); - - final MetadataFilterChain filter = new MetadataFilterChain(); - filter.setFilters(filterList); - - try { - return metadataProviderFactory.createMetadataProvider(getMetadataUrl(entityId), - filter, - MessageFormat.format(PROVIDER_ID_PATTERN, entityId), - httpClientFactory.getHttpClient()); - - } catch (final Pvp2MetadataException e) { - log.info("Can NOT build metadata provider for entityId: {}", entityId); - throw new EaafConfigurationException("module.eidasauth.04", - new Object[] { entityId, e.getMessage() }, e); - - } - } - - @Override - protected List getAllMetadataUrlsFromConfiguration() throws EaafConfigurationException { - return Collections.emptyList(); - - } - - @Override - protected String getMetadataProviderId() { - return PROVIDER_ID; - - } - - @Override - public void runGarbageCollector() { - log.trace("Garbage collection is NOT supported by: {}", getId()); - } - - @Override - public void doDestroy() { - super.fullyDestroy(); - - } - - @PostConstruct - private void initialize() throws EaafException { - // initialize truststore to validate metadata signing certificates - initializeTrustStore(); - - // load metadata with metadataURL, as backup - initializeFileSystemMetadata(); - - } - - private void initializeFileSystemMetadata() { - try { - final String metadataUrl = basicConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_METADATAURL); - if (StringUtils.isNotEmpty(metadataUrl)) { - log.info("Use not recommended metadata-provider initialization!" - + " SAML2 'Well-Known-Location' is the preferred methode."); - log.info("Initialize 'ms-specific eIDAS node' metadata-provider with URL: {}", metadataUrl); - - addMetadataResolverIntoChain(createNewMetadataProvider(metadataUrl)); - } - - } catch (final EaafConfigurationException | CertificateException | IOException e) { - log.warn("Can NOT inject static eIDAS Node metadata-soure.", e); - log.warn("eIDAS Node communication can be FAIL."); - - } - } - - private void initializeTrustStore() throws EaafException { - // set configuration - final KeyStoreConfiguration trustStoreConfig = new KeyStoreConfiguration(); - trustStoreConfig.setFriendlyName(FRIENDLYNAME_METADATA_TRUSTSTORE); - trustStoreConfig.setKeyStoreType(basicConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_TYPE, - KeyStoreType.JKS.getKeyStoreType())); - trustStoreConfig.setKeyStoreName(basicConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_NAME)); - trustStoreConfig.setSoftKeyStoreFilePath(basicConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_PATH)); - trustStoreConfig.setSoftKeyStorePassword(basicConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_PASSWORD)); - - // validate configuration - trustStoreConfig.validate(); - - // open new TrustStore - metadataSigningTrustStore = keyStoreFactory.buildNewKeyStore(trustStoreConfig); - - } - -} - diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthRequestBuilderConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthRequestBuilderConfiguration.java deleted file mode 100644 index ddaf872d..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthRequestBuilderConfiguration.java +++ /dev/null @@ -1,300 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; - -import java.util.List; - -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; -import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation; - -import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration; -import org.opensaml.saml.saml2.core.NameIDType; -import org.opensaml.saml.saml2.metadata.EntityDescriptor; -import org.w3c.dom.Element; - -public class IdAustriaClientAuthRequestBuilderConfiguration implements IPvpAuthnRequestBuilderConfiguruation { - - private boolean isPassive; - private String spEntityId; - private String qaaLevel; - private EntityDescriptor idpEntity; - private EaafX509Credential signCred; - private String scopeRequesterId; - private String providerName; - private List requestedAttributes; - private String reqId; - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#isPassivRequest() - */ - @Override - public Boolean isPassivRequest() { - return this.isPassive; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getAssertionConsumerServiceId() - */ - @Override - public Integer getAssertionConsumerServiceId() { - return 0; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getEntityID() - */ - @Override - public String getSpEntityID() { - return this.spEntityId; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() - */ - @Override - public String getNameIdPolicyFormat() { - return NameIDType.PERSISTENT; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() - */ - @Override - public boolean getNameIdPolicyAllowCreation() { - return true; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getAuthnContextClassRef() - */ - @Override - public String getAuthnContextClassRef() { - return this.qaaLevel; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getAuthnContextComparison() - */ - @Override - public AuthnContextComparisonTypeEnumeration getAuthnContextComparison() { - return AuthnContextComparisonTypeEnumeration.MINIMUM; - } - - /** - * Set isPassive flag in SAML2 request. - * - * @param isPassive the isPassive to set. - */ - public void setPassive(boolean isPassive) { - this.isPassive = isPassive; - } - - /** - * Set the requester EntityId. - * - * @param spEntityId EntityId of SP - */ - public void setSpEntityID(String spEntityId) { - this.spEntityId = spEntityId; - } - - /** - * Set required LoA. - * - * @param loa the LoA to set. - */ - public void setRequestedLoA(String loa) { - qaaLevel = loa; - } - - /** - * Set EntityId of IDP. - * - * @param idpEntity the idpEntity to set. - */ - public void setIdpEntity(EntityDescriptor idpEntity) { - this.idpEntity = idpEntity; - } - - /** - * Set message signing credentials. - * - * @param signCred the signCred to set. - */ - public void setSignCred(EaafX509Credential signCred) { - this.signCred = signCred; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getAuthnRequestSigningCredential() - */ - @Override - public EaafX509Credential getAuthnRequestSigningCredential() { - return this.signCred; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getIDPEntityDescriptor() - */ - @Override - public EntityDescriptor getIdpEntityDescriptor() { - return this.idpEntity; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getSubjectNameID() - */ - @Override - public String getSubjectNameID() { - return null; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getSPNameForLogging() - */ - @Override - public String getSpNameForLogging() { - return IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDFormat() - */ - @Override - public String getSubjectNameIdFormat() { - return null; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getRequestID() - */ - @Override - public String getRequestID() { - return this.reqId; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDQualifier() - */ - @Override - public String getSubjectNameIdQualifier() { - return null; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationMethode() - */ - @Override - public String getSubjectConformationMethode() { - return null; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. - * IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationDate() - */ - @Override - public Element getSubjectConformationDate() { - return null; - } - - @Override - public List getRequestedAttributes() { - return this.requestedAttributes; - - } - - @Override - public String getProviderName() { - return this.providerName; - } - - @Override - public String getScopeRequesterId() { - return this.scopeRequesterId; - } - - /** - * Set the entityId of the SP that requests the proxy for eIDAS authentication. - * - * @param scopeRequesterId RequestId in SAML2 Proxy extension - */ - public void setScopeRequesterId(String scopeRequesterId) { - this.scopeRequesterId = scopeRequesterId; - } - - /** - * Set a friendlyName for the SP that requests the proxy for eIDAS - * authentication. - * - * @param providerName SAML2 provider-name attribute-value - */ - public void setProviderName(String providerName) { - this.providerName = providerName; - } - - /** - * Set a Set of PVP attributes that a requested by using requested attributes. - * - * @param requestedAttributes Requested SAML2 attributes - */ - public void setRequestedAttributes(List requestedAttributes) { - this.requestedAttributes = requestedAttributes; - } - - /** - * Set a RequestId for this Authn. Request. - * - * @param reqId SAML2 message requestId - */ - public void setRequestId(String reqId) { - this.reqId = reqId; - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataConstants.java new file mode 100644 index 00000000..36ea2440 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataConstants.java @@ -0,0 +1,9 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +import at.gv.egiz.eaaf.core.api.idp.EaafAuthProcessDataConstants; + +public interface AhAuthProcessDataConstants extends EaafAuthProcessDataConstants { + + + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataWrapper.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataWrapper.java new file mode 100644 index 00000000..1b20960b --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataWrapper.java @@ -0,0 +1,224 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + + +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.util.Map; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import iaik.x509.X509Certificate; + +public class AhAuthProcessDataWrapper extends AuthProcessDataWrapper + implements IAhAuthProcessData, AhAuthProcessDataConstants { + private static final Logger log = LoggerFactory.getLogger(AhAuthProcessDataWrapper.class); + + public static final String VALUE_SIGNER_CERT = "direct_signerCert"; + public static final String VALUE_VDAURL = "direct_bkuUrl"; + + public static final String VALUE_MANDATES_REFVALUE = "direct_mis_refvalue"; + + public static final String VALUE_EID_QCBIND = "direct_eid_qcBind"; + public static final String VALUE_EID_VSZ = "direct_eid_vsz"; + public static final String VALUE_EID_SIGNEDAUTHBLOCK = "direct_eid_authblock"; + public static final String VALUE_EID_SIGNEDAUTHBLOCK_TYPE = "direct_eid_authblock_type"; + public static final String VALUE_EID_MIS_MANDATE = "direct_eid_mis_mandate"; + + public static final String VALUE_INTERNAL_BPK = "direct_internal_bpk"; + public static final String VALUE_INTERNAL_BPKYPE = "direct_internal_bpktype"; + + public static final String VALUE_INTERNAL_MANDATE_ELGA_PROCESS = "direct_is_elga_mandate_process"; + public static final String VALUE_INTERNAL_VDA_AUTHENTICATION_PROCESS = "direct_is_vda_auth_process"; + + public AhAuthProcessDataWrapper(final Map authProcessData) { + super(authProcessData); + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSignerCertificate() + */ + @Override + public X509Certificate getSignerCertificate() { + final byte[] encCert = getEncodedSignerCertificate(); + + if (encCert != null) { + try { + return new X509Certificate(encCert); + } catch (final CertificateException e) { + log.warn("Signer certificate can not be loaded from session database!", e); + + } + } + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getEncodedSignerCertificate() + */ + @Override + public byte[] getEncodedSignerCertificate() { + return wrapStoredObject(VALUE_SIGNER_CERT, null, byte[].class); + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSignerCertificate(iaik.x509. + * X509Certificate) + */ + @Override + public void setSignerCertificate(final java.security.cert.X509Certificate signerCertificate) { + try { + authProcessData.put(VALUE_SIGNER_CERT, signerCertificate.getEncoded()); + + } catch (final CertificateEncodingException e) { + log.warn("Signer certificate can not be stored to session database!", e); + } + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getBkuURL() + */ + @Override + public String getVdaUrl() { + return wrapStoredObject(VALUE_VDAURL, null, String.class); + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setBkuURL(java.lang.String) + */ + @Override + public void setVdaUrl(final String vdaUrl) { + authProcessData.put(VALUE_VDAURL, vdaUrl); + + } + + @Override + public String getMandateReferenceValue() { + return wrapStoredObject(VALUE_MANDATES_REFVALUE, null, String.class); + } + + @Override + public void setMandateReferenceValue(final String refValue) { + authProcessData.put(VALUE_MANDATES_REFVALUE, refValue); + + } + + @Override + public String getQcBind() { + return wrapStoredObject(VALUE_EID_QCBIND, null, String.class); + } + + @Override + public void setQcBind(final String qcBind) { + authProcessData.put(VALUE_EID_QCBIND, qcBind); + + } + + @Override + public String getVsz() { + return wrapStoredObject(VALUE_EID_VSZ, null, String.class); + } + + @Override + public void setVsz(final String vsz) { + authProcessData.put(VALUE_EID_VSZ, vsz); + + } + + @Override + public byte[] getSignedAuthBlock() { + return wrapStoredObject(VALUE_EID_SIGNEDAUTHBLOCK, null, byte[].class); + } + + @Override + public void setSignedAuthBlock(final byte[] signedConsent) { + authProcessData.put(VALUE_EID_SIGNEDAUTHBLOCK, signedConsent); + + } + + @Override + public AuthHandlerConstants.AuthBlockType getSignedAuthBlockType() { + return wrapStoredObject(VALUE_EID_SIGNEDAUTHBLOCK_TYPE, AuthHandlerConstants.AuthBlockType.NONE, + AuthHandlerConstants.AuthBlockType.class); + } + + @Override + public void setSignedAuthBlockType(final AuthHandlerConstants.AuthBlockType authBlockType) { + authProcessData.put(VALUE_EID_SIGNEDAUTHBLOCK_TYPE, authBlockType); + + } + + @Override + public ISignedMandate getMandateDate() { + return wrapStoredObject(VALUE_EID_MIS_MANDATE, null, ISignedMandate.class); + + } + + @Override + public void setMandateDate(final ISignedMandate mandateDate) { + authProcessData.put(VALUE_EID_MIS_MANDATE, mandateDate); + + } + + @Override + public String getInternalBpk() { + return wrapStoredObject(VALUE_INTERNAL_BPK, null, String.class); + } + + @Override + public void setInternalBpk(final String bpk) { + authProcessData.put(VALUE_INTERNAL_BPK, bpk); + + } + + @Override + public String getInternalBpkType() { + return wrapStoredObject(VALUE_INTERNAL_BPKYPE, null, String.class); + + } + + @Override + public void setInternalBpkType(final String bpkType) { + authProcessData.put(VALUE_INTERNAL_BPKYPE, bpkType); + + } + + @Override + public boolean isElgaMandateProcess() { + return wrapStoredObject(VALUE_INTERNAL_MANDATE_ELGA_PROCESS, false, Boolean.class); + + } + + @Override + public void setElgaMandateProcess(boolean flag) { + authProcessData.put(VALUE_INTERNAL_MANDATE_ELGA_PROCESS, flag); + + } + + @Override + public boolean isVdaAuthentication() { + return wrapStoredObject(VALUE_INTERNAL_VDA_AUTHENTICATION_PROCESS, false, Boolean.class); + + } + + @Override + public void setVdaAuthentication(boolean flag) { + authProcessData.put(VALUE_INTERNAL_VDA_AUTHENTICATION_PROCESS, flag); + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhExtendedPvpAttributeDefinitions.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhExtendedPvpAttributeDefinitions.java new file mode 100644 index 00000000..b74767de --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhExtendedPvpAttributeDefinitions.java @@ -0,0 +1,24 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class AhExtendedPvpAttributeDefinitions implements ExtendedPvpAttributeDefinitions { + private static final Logger log = + LoggerFactory.getLogger(AhExtendedPvpAttributeDefinitions.class); + + private AhExtendedPvpAttributeDefinitions() { + log.trace("Instance class: {} for SonarQube", + AhExtendedPvpAttributeDefinitions.class.getName()); + + } + + public static final String EID_BCBIND_NAME = "urn:eidgvat:attributes.bcbind"; + public static final String EID_BCBIND_FRIENDLY_NAME = "bcBind"; + + public static final String EID_BINDING_PUBKEY_NAME = "urn:eidgvat:attributes.binding.pubkey"; + public static final String EID_BINDING_PUBKEY_FRIENDLY_NAME = "BindingPubKey"; + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AuthHandlerConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AuthHandlerConstants.java new file mode 100644 index 00000000..1bbc31e0 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AuthHandlerConstants.java @@ -0,0 +1,141 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + + +public class AuthHandlerConstants { + + private AuthHandlerConstants() { + + } + + // TODO: maybe update to another target + public static final String DEFAULT_INTERNAL_BPK_TARGET = "urn:publicid:gv.at:cdid+ZP-MH"; + + // configuration parameters + public static final String PROP_CONFIG_APPLICATION_PREFIX = "authhandler."; + public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX = "core.context.url.prefix"; + public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION = + "core.context.url.request.validation"; + public static final String PROP_CONFIG_LEGACY_ALLOW = "core.legacy.allowLegacyMode"; + + public static final String PROP_CONFIG_WEBCONTENT_STATIC_PATH = + "core.webcontent.static.directory"; + public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH = "core.webcontent.templates"; + public static final String PROP_CONFIG_WEBCONTENT_PROPERTIES_PATH = "core.webcontent.properties"; + + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_NAME = "core.cache.transaction.name"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_ENABLED = + "core.cache.transaction.encryption.enabled"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEY_TYPE = + "core.cache.transaction.encryption.type"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_PASSPHRASE = + "core.cache.transaction.encryption.passphrase"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_SALT = + "core.cache.transaction.encryption.salt"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEYSTORE_NAME = + "core.cache.transaction.encryption.keystore.name"; + public static final String PROP_CONFIG_CACHE_TRANSACTIONS_ENC_KEY_ALIAS = + "core.cache.transaction.encryption.key.alias"; + + public static final String PROP_CONFIG_CACHE_ATTRIBUTEPROXY_NAME = + "core.cache.attributeproxy.name"; + + public static final String PROP_CONFIG_BACKEND_ENDPOINT_GETALLSUPPORTEDATTRIBUTES = + "backend.endpoints.getallsupportedattributes"; + public static final String PROP_CONFIG_BACKEND_ENDPOINT_GETAPPLICATIONCONFIGURATION = + "backend.endpoints.getapplicationconfiguration"; + + public static final String PROP_CONFIG_INTERNAL_BPK_TARGET = "core.internal.bpk.target"; + + public static final String PROP_CONFIG_INTERNAL_FRONTEND_ONLY_MODE = "core.internal.frontend.only.mode"; + public static final boolean PROP_DEFAULT_CONFIG_INTERNAL_FRONTEND_ONLY_MODE = false; + + // Servlet End-Points + public static final String ENDPOINT_PROCESSENGINE_CONTROLLER = "/api/process"; + public static final String ENDPOINT_ERROR_IFRAME_HOPPING = "/error/parenthop"; + + + // GUI template directories + public static final String CLASSPATH_TEMPLATE_DIR = "/templates/"; + public static final String FILESYSTEM_TEMPLATE_DIR = "./templates/"; + public static final String TEMPLATE_HTML_ERROR = "error_message.html"; + + // GUI template defaultfiles + public static final String TEMPLATE_AUTHPROCESS_SELECTION_VDA_FULLFRAME = "authSelection.html"; + public static final String TEMPLATE_AUTHPROCESS_SELECTION_VDA_IFRAME = "authSelection_iframe.html"; + public static final String TEMPLATE_USER_CONSENT_REQUEST = "userConsent.html"; + public static final String TEMPLATE_IFRAME_TO_PARENT_HOPE = "iframe_parent_hope.html"; + public static final String TEMPLATE_MANDATE_SELECTION = "mandateSelection.html"; + public static final String TEMPLATE_PROF_REP_MANDATE_SELECTION = "profRepMandateSelection.html"; + public static final String TEMPLATE_MANDATE_SELECTION_DUMMY = "mandateSelection_dummy.html"; + + + + // http request parameters + public static final String HTTP_PARAM_APPLICATION_ID = "appId"; + public static final String HTTP_PARAM_STOP_PROCESS = "stopAuthProcess"; + public static final String HTTP_PARAM_EIDAS_PROCESS = "useeIDAS"; + public static final String HTTP_PARAM_EID_PROCESS = "useeID"; + public static final String HTTP_PARAM_EID_BINDING_AUTH_PROCESS = "useBindingAuth"; + public static final String HTTP_PARAM_USE_MANDATES = "useMandate"; + public static final String HTTP_PARAM_AUTHMETHOD = "authMethod"; + public static final String HTTP_PARAM_CONSENT_RELEASE_ATTRIBUTES = "releaseAttributes"; + public static final String HTTP_PARAM_CONSENT_STORE_CONSENT = "storeConsent"; + + @Deprecated + public static final String HTTP_PARAM_EIDMIGRATIONPILOT_PROCESS = "pilotMigration"; + @Deprecated + public static final String HTTP_PARAM_EIDMIGRATIONPILOT_SHOW_INFO_PAGE = "pilotMigrationInfoPage"; + @Deprecated + public static final String HTTP_PARAM_MOBILESIGNATURE_PROCESS = "usemobileSig"; + + // UI options + public static final String UI_PARAM_USE_MANDATES = HTTP_PARAM_USE_MANDATES; + public static final String UI_PARAM_USE_ONLY_MANDATES = "useOnlyMandate"; + public static final String UI_PARAM_USE_EIDAS = HTTP_PARAM_EIDAS_PROCESS; + public static final String UI_PARAM_DSGVO_SHORT_INFO = "dsgvoShortText"; + public static final String UI_PARAM_DSGVO_SP_PRIVACY_STATEMENT_URL = "dsgvoPrivacyStatementUrl"; + public static final String UI_PARAM_DSGVO_SP_SERVICE_URL = "dsgvoServiceUrl"; + public static final String UI_PARAM_DSGVO_SP_LOGO = "dsgvoSpLogo"; + public static final String UI_PARAM_DSGVO_SP_LOGO_SET = "dsgvoSpLogoSet"; + public static final String UI_PARAM_DSGVO_SP_LOGO_SET_DATAURL = "dataUrl"; + public static final String UI_PARAM_DSGVO_SP_LOGO_SET_THEME = "theme"; + public static final String UI_PARAM_DSGVO_SP_LOGO_SET_RESOLUTION = "resolution"; + public static final String UI_PARAM_DSGVO_SP_LOGO_SET_TYPE = "type"; + + public enum LogoType { SVG, PNG, UNKNOWN } + + public enum AuthBlockType { + CADES("CAdES"), JWS("JWS"), NONE("none"); + + private final String internalType; + + AuthBlockType(final String type) { + this.internalType = type; + + } + + /** + * Get Type identifier for this AuthBlock. + * + * @return + */ + public String getAuthBlockType() { + return this.internalType; + } + + @Override + public String toString() { + return getAuthBlockType(); + + } + } + + // process context parameters + public static final String PROCESSCONTEXT_USERCONSENT_NEEDED = "userConsentNeeded"; + public static final String PROCESSCONTEXT_AUTHPROCESSSELECTION_DONE = "authProcSelectDone"; + public static final String PROCESSCONTEXT_SWITCH_LANGUAGE = "changeLanguage"; + public static final String PROCESSCONTEXT_IFRAME_PARENT_NEEDED = "iframeParentNeeded"; + + public static final String PROCESSCONTEXT_WAS_EID_PROCESS = "wasEidProcess"; + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java new file mode 100644 index 00000000..bca04369 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java @@ -0,0 +1,10 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +public class EidasAuthEventConstants { + + public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_SELECTED = 6200; + public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_REQUESTED = 6201; + public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED = 6202; + public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR = 6203; + public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID = 6204; +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhAuthProcessData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhAuthProcessData.java new file mode 100644 index 00000000..47d3d37c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhAuthProcessData.java @@ -0,0 +1,190 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +import java.security.cert.X509Certificate; + +import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; + +public interface IAhAuthProcessData extends IAuthProcessDataContainer { + + /** + * Get the certificate that was used to sign the Consent. + * + * @return {@link X509Certificate} + */ + X509Certificate getSignerCertificate(); + + /** + * Get the certificate that was used to sign the Consent. + * + * @return Serialized certificate + */ + byte[] getEncodedSignerCertificate(); + + /** + * Set the certificate that was used to sign the Consent. + * + * @param signerCertificate Signer certificate of the user + */ + void setSignerCertificate(X509Certificate signerCertificate); + + + /** + * Get URL to VDA that was used for authentication. + * + * @return + */ + String getVdaUrl(); + + /** + * Set URL to VDA that was used for authentication. + * + * @param vdaUrl URL to VDA that was used for authentication + */ + void setVdaUrl(String vdaUrl); + + /** + * Get the reference-value that used to interact with MIS service. + * + * @return + */ + String getMandateReferenceValue(); + + /** + * Set the reference-value that used to interact with MIS service. + * + * @param refValue Mandate reference value + */ + void setMandateReferenceValue(String refValue); + + /** + * Get the qcBind of the user that was received by VDA or other storage during authentication. + * + * @return + */ + String getQcBind(); + + /** + * Set the qcBind of the user that was received by VDA or other storage during authentication. + * + * @param qcBind raw qcBind data-structure (serialized JSON) + */ + void setQcBind(String qcBind); + + /** + * Get the vSZ of the user. + * + * @return + */ + String getVsz(); + + /** + * Set the vSZ of the user. + * + * @param vsz user's encrypted baseId + */ + void setVsz(String vsz); + + /** + * Get the signed AuthBlock of the user. + * + * @return + */ + byte[] getSignedAuthBlock(); + + /** + * Set the signed AuthBlock of the user. + * + * @param authBlock raw signed consent + */ + void setSignedAuthBlock(byte[] authBlock); + + /** + * Get a textual type identifier of the AuthBlock. + * + * @return AuthBlock type + */ + AuthHandlerConstants.AuthBlockType getSignedAuthBlockType(); + + /** + * Set a textual identifier for the type of the AuthBlock. + * + * @param authBlockType AuthBlock type + */ + void setSignedAuthBlockType(final AuthHandlerConstants.AuthBlockType authBlockType); + + /** + * Get the selected mandate of the user that was issued by MIS. + * + * @return + */ + ISignedMandate getMandateDate(); + + /** + * Set the selected mandate of the user that is issued by MIS. + * + * @param signedMandate Raw mandate structure for E-ID backend + */ + void setMandateDate(ISignedMandate signedMandate); + + + /** + * Get bPK for this entity.
+ * THIS bPK is only for AuthHandler internal usage + * + * @return bPK, or null if no bPK is set + */ + String getInternalBpk(); + + /** + * Get bPK type for this entity.
+ * THIS bPK is only for AuthHandler internal usage + * + * @return bPKType, or null if no bPKType is set + */ + String getInternalBpkType(); + + /** + * Set the bPK for INTERNAL USAGE of the current entity. + * + * @param bpk bPK for internal usage + */ + void setInternalBpk(String bpk); + + /** + * Set the bPK for INTERNAL USAGE of the current entity. + * + * @param bpkType bPK for internal usage + */ + void setInternalBpkType(String bpkType); + + + /** + * Indicate if the current process uses ELGA mandates. + * + * @return true if ELGA mandates are used, otherwise false + */ + boolean isElgaMandateProcess(); + + /** + * Set flag if the current process is an ELGA mandate process. + * + * @param flag true if it is an ELGA mandate-process, otherwise false + */ + void setElgaMandateProcess(boolean flag); + + + /** + * Indicate if the current process was authenticated by a VDA. + * + * @return true if the current process was authenticated by VDA, otherwise false + */ + boolean isVdaAuthentication(); + + /** + * Set flag that indicates if the current process was authenticated by a VDA. + * + * @param flag true in case of VDA authentication, otherwise false + */ + void setVdaAuthentication(boolean flag); + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhSpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhSpConfiguration.java new file mode 100644 index 00000000..081b215a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhSpConfiguration.java @@ -0,0 +1,151 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +import java.util.List; + +import javax.annotation.Nonnull; +import javax.annotation.Nullable; + +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.impl.data.Pair; + +public interface IAhSpConfiguration extends ISpConfiguration { + + + /** + * Flag if this Service Provider is enabled. + * + * @return true if the SP is enabled, otherwise false + */ + boolean isEnabled(); + + /** + * Get unique identifier that is used in Application-Register from BM.I. + * + *

If no BM.I specific identifier is available then this method returns + * the same identifier as getUniqueIdentifier()

+ * + * @return unique identifier from BM.I AppReg, or generic uniqueId of no specific exists + */ + String getUniqueApplicationRegisterIdentifier(); + + /** + * Flag that marks this Service-Provider as public or private. + * + *

Default: If it is not set or has an unknown value, its private by default

+ * + * @return true if it is from public, otherwise false + */ + boolean isPublicServiceProvider(); + + /** + * Enable test identities for this Service Provider. + * + * @return true if test identities are allowed, otherwise false + */ + boolean isTestCredentialEnabled(); + + /** + * Get a List of OID's that refine the set of allowed test identities. + * + * @return @link {@link List} of test-identity OID's + */ + @Nullable + List getTestCredentialOids(); + + + /** + * Get a List of unique attribute URI's that are required by this SP. + * + * @return {@link List} of attribute URI's / parameter {@link Pair}s + */ + List> getRequiredAttributes(); + + + /** + * Get the CountryCode for this service.
+ *
+ * Default: AT + * + * @return + */ + String getCountryCode(); + + /** + * Set the CountryCode for this service. If not countryCode is set, AT is used as default. + * + * @param cc Service-Provider country-code + */ + void setCountryCode(String cc); + + /** + * Enable mandates for this service provider. + * + * @return true if mandates are enabled, otherwise false + */ + boolean isMandateEnabled(); + + /** + * Enables multi-mandates for this service-provider. + * + * @return true if multi-mandates are enabled, otherwise false + */ + boolean isMultiMandateEnabled(); + + /** + * Only mandates are allowed for this service provider. + * + * @return true if only mandates are allowed, otherwise false + */ + boolean isOnlyMandateEnabled(); + + /** + * Get a {@link List} of mandate profiles that are supported by this Service provider. + * + * @return + */ + @Nonnull List getMandateProfiles(); + + + /** + * eIDAS authentication allowed flag. + * + * @return true if eIDAS authentication is enabled, otherwise false + */ + boolean isEidasEnabled(); + + /** + * Get a List of targets for additional bPKs that are required by this service provider. + * + * @return List of prefixed bPK targets + */ + @Nonnull List getAdditionalBpkTargets(); + + /** + * Get a list of foreign bPK targets that are required by this service provider. + * + * @return List of pairs with prefixed bPK targets as first element and VKZ as second element + */ + @Nonnull List> getAdditionalForeignBpkTargets(); + + /** + * Flag that indicates that service-provider as restricted or unrestricted. + * + *

A restricted service-provider can only used by test-identities that contains a + * valid application-restriction in User-Certificate Pinning

+ * + *

Default: true

+ * + * @return true if it is restricted, otherwise false + */ + boolean isRestrictedServiceProvider(); + + + /** + * Defines the time in minutes how long the last VDA registration h@Override + ave passed as maximum. + * + * @return time in minutes + */ + long lastVdaAuthenticationDelay(); + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IRawMandateDao.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IRawMandateDao.java new file mode 100644 index 00000000..7e3b2aa1 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IRawMandateDao.java @@ -0,0 +1,32 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +import java.io.Serializable; +import java.util.Date; + +public interface IRawMandateDao extends Serializable { + + boolean isNaturalPerson(); + + boolean isProfRepresentation(); + + String getIdentifier(); + + String getIdentifierType(); + + String getGivenName(); + + String getFamilyName(); + + Date getDateOfBirth(); + + String getCommonName(); + + String getMandateTypeOid(); + + String getMandateAnnotation(); + + String getMandateId(); + + String getMandateContent(); + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/ISignedMandate.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/ISignedMandate.java new file mode 100644 index 00000000..edd167fb --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/ISignedMandate.java @@ -0,0 +1,19 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +public interface ISignedMandate extends IRawMandateDao { + + /** + * Get the full signed mandate issued by the MIS component. + * + * @return serialized JWS that contains the mandate + */ + String getSignedMandate(); + + /** + * Get formated date-of-birth. + * + * @return date-of-birth as 'yyyy-MM-dd' + */ + String getDateOfBirthFormated(); + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java new file mode 100644 index 00000000..7d8b9dc8 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java @@ -0,0 +1,166 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + + +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.impl.data.Triple; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + + +public class IdAustriaClientAuthConstants { + + private IdAustriaClientAuthConstants() { + + } + + public static final String SAML2_STATUSCODE_USERSTOP = "1005"; + + public static final String MODULE_NAME_FOR_LOGGING = "ID Austria Client"; + + public static final int METADATA_VALIDUNTIL_IN_HOURS = 24; + + // public static final String HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION = + // AuthHandlerConstants.HTTP_PARAM_EIDAS_PROCESS; + + public static final String ENDPOINT_POST = "/idAustriaSp/post"; + public static final String ENDPOINT_REDIRECT = "/idAustriaSp/redirect"; + public static final String ENDPOINT_METADATA = "/idAustriaSp/metadata"; + + public static final String CONFIG_PROPS_PREFIX = "modules.idaustriaclient."; + public static final String CONFIG_PROPS_KEYSTORE_TYPE = CONFIG_PROPS_PREFIX + "keystore.type"; + public static final String CONFIG_PROPS_KEYSTORE_NAME = CONFIG_PROPS_PREFIX + "keystore.name"; + public static final String CONFIG_PROPS_KEYSTORE_PATH = CONFIG_PROPS_PREFIX + "keystore.path"; + public static final String CONFIG_PROPS_KEYSTORE_PASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; + public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX + + "metadata.sign.password"; + public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS = CONFIG_PROPS_PREFIX + + "metadata.sign.alias"; + public static final String CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD = CONFIG_PROPS_PREFIX + + "request.sign.password"; + public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS = CONFIG_PROPS_PREFIX + + "request.sign.alias"; + public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX + + "response.encryption.password"; + public static final String CONFIG_PROPS_ENCRYPTION_ALIAS = CONFIG_PROPS_PREFIX + + "response.encryption.alias"; + + public static final String CONFIG_PROPS_TRUSTSTORE_TYPE = CONFIG_PROPS_PREFIX + "truststore.type"; + public static final String CONFIG_PROPS_TRUSTSTORE_NAME = CONFIG_PROPS_PREFIX + "truststore.name"; + public static final String CONFIG_PROPS_TRUSTSTORE_PATH = CONFIG_PROPS_PREFIX + "truststore.path"; + public static final String CONFIG_PROPS_TRUSTSTORE_PASSWORD = CONFIG_PROPS_PREFIX + "truststore.password"; + + public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + + "required.additional.attributes"; + public static final String CONFIG_PROPS_REQUIRED_LOA = CONFIG_PROPS_PREFIX + + "required.loa"; + public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "node.entityId"; + public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "node.metadataUrl"; + public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID"; + + + public static final String CONFIG_PROPS_METADATA_CONTACT_GIVENNAME = + CONFIG_PROPS_PREFIX + "metadata.contact.givenname"; + public static final String CONFIG_PROPS_METADATA_CONTACT_SURNAME = + CONFIG_PROPS_PREFIX + "metadata.contact.surname"; + public static final String CONFIG_PROPS_METADATA_CONTACT_EMAIL = + CONFIG_PROPS_PREFIX + "metadata.contact.email"; + public static final String CONFIG_PROPS_METADATA_ORGANISATION_NAME = + CONFIG_PROPS_PREFIX + "metadata.organisation.name"; + public static final String CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME = + CONFIG_PROPS_PREFIX + "metadata.organisation.friendyname"; + public static final String CONFIG_PROPS_METADATA_ORGANISATION_URL = + CONFIG_PROPS_PREFIX + "metadata.organisation.url"; + + public static final String CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL = "auth.eidas.node.entityId"; + + public static final String CONFIG_PROPS_SEMPER_MANDATES_ACTIVE = CONFIG_PROPS_PREFIX + + "semper.mandates.active"; + public static final String CONFIG_PROPS_SEMPER_MANDATES_MS_PROXY_LIST = CONFIG_PROPS_PREFIX + + "semper.msproxy.list"; + + public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EaafConstants.EIDAS_LOA_HIGH; + + @Deprecated + public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES_WITHOUT_EID = + Collections.unmodifiableList(new ArrayList>() { + private static final long serialVersionUID = 1L; + { + // add PVP Version attribute + add(Triple.newInstance(PvpAttributeDefinitions.PVP_VERSION_NAME, + PvpAttributeDefinitions.PVP_VERSION_FRIENDLY_NAME, true)); + + // request entity information + add(Triple.newInstance(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, + PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, + PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true)); + add(Triple.newInstance(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, + PvpAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, true)); + + // entity eID information + add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME, + AhExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, false)); + add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME, + AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, false)); + + // Deprecated information + add(Triple.newInstance(PvpAttributeDefinitions.GIVEN_NAME_NAME, + PvpAttributeDefinitions.GIVEN_NAME_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, + PvpAttributeDefinitions.PRINCIPAL_NAME_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.BIRTHDATE_NAME, + PvpAttributeDefinitions.BIRTHDATE_FRIENDLY_NAME, false)); + add(Triple.newInstance(PvpAttributeDefinitions.BPK_NAME, PvpAttributeDefinitions.BPK_FRIENDLY_NAME, + false)); + add(Triple.newInstance(PvpAttributeDefinitions.EID_IDENTITY_LINK_NAME, + PvpAttributeDefinitions.EID_IDENTITY_LINK_FRIENDLY_NAME, false)); + + //request pII transactionId from MS-Connector + add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, + ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_FRIENDLY_NAME, false)); + + } + }); + + public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES = + Collections.unmodifiableList(new ArrayList>() { + private static final long serialVersionUID = 1L; + { + // add PVP Version attribute + add(Triple.newInstance(PvpAttributeDefinitions.PVP_VERSION_NAME, + PvpAttributeDefinitions.PVP_VERSION_FRIENDLY_NAME, true)); + + // entity metadata information + add(Triple.newInstance(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, + PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true)); + add(Triple.newInstance(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, + PvpAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, true)); + + // entity eID information + add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME, + AhExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, true)); + add(Triple.newInstance(AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME, + AhExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, true)); + + //request pII transactionId from MS-Connector + add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, + ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_FRIENDLY_NAME, false)); + + } + }); + + public static final List DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES = + Collections.unmodifiableList(new ArrayList() { + private static final long serialVersionUID = 1L; + { + for (final Triple el : DEFAULT_REQUIRED_PVP_ATTRIBUTES) { + add(el.getFirst()); + } + } + }); + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java new file mode 100644 index 00000000..69386194 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java @@ -0,0 +1,130 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; + +import org.springframework.beans.factory.annotation.Autowired; + +/** + * Credential provider for eIDAS PVP S-Profile client. + * + * @author tlenz + * + */ +public class IdAustriaClientAuthCredentialProvider extends AbstractCredentialProvider { + + @Autowired + IConfiguration authConfig; + + private static final String FRIENDLYNAME = "eIDAS centrial authentication"; + + @Override + public KeyStoreConfiguration getBasicKeyStoreConfig() throws EaafConfigurationException { + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setFriendlyName(FRIENDLYNAME); + keyStoreConfig.setKeyStoreType( + authConfig.getBasicConfiguration(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_TYPE, + KeyStoreType.PKCS12.getKeyStoreType())); + keyStoreConfig.setKeyStoreName( + authConfig.getBasicConfiguration(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_NAME)); + keyStoreConfig.setSoftKeyStoreFilePath(getKeyStoreFilePath()); + keyStoreConfig.setSoftKeyStorePassword( + authConfig.getBasicConfiguration(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PASSWORD)); + + return keyStoreConfig; + + } + + private String getKeyStoreFilePath() throws EaafConfigurationException { + final String path = authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH); + if (path == null) { + throw new EaafConfigurationException("module.eidasauth.00", + new Object[] { IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH }); + + } + return path; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getMetadataKeyAlias() + */ + @Override + public String getMetadataKeyAlias() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getMetadataKeyPassword() + */ + @Override + public String getMetadataKeyPassword() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getSignatureKeyAlias() + */ + @Override + public String getSignatureKeyAlias() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getSignatureKeyPassword() + */ + @Override + public String getSignatureKeyPassword() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getEncryptionKeyAlias() + */ + @Override + public String getEncryptionKeyAlias() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getEncryptionKeyPassword() + */ + @Override + public String getEncryptionKeyPassword() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java new file mode 100644 index 00000000..93aefb42 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java @@ -0,0 +1,471 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Triple; +import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; + +import org.opensaml.saml.saml2.core.Attribute; +import org.opensaml.saml.saml2.core.NameIDType; +import org.opensaml.saml.saml2.metadata.ContactPerson; +import org.opensaml.saml.saml2.metadata.Organization; +import org.opensaml.saml.saml2.metadata.RequestedAttribute; +import org.opensaml.security.credential.Credential; + +import lombok.extern.slf4j.Slf4j; + +/** + * Configuration object to generate PVP S-Profile metadata for SAML2 client. + * + * @author tlenz + * + */ +@Slf4j +public class IdAustriaClientAuthMetadataConfiguration implements IPvpMetadataBuilderConfiguration { + + private Collection additionalAttributes = null; + + private final String authUrl; + private final IdAustriaClientAuthCredentialProvider credentialProvider; + private final IPvp2BasicConfiguration pvpConfiguration; + + /** + * Configuration object to create PVP2 S-Profile metadata information. + * + * @param authUrl Public URL prefix of the application + * @param credentialProvider Credentials used by PVP2 S-Profile end-point + * @param pvpConfiguration Basic PVP2 S-Profile end-point configuration + */ + public IdAustriaClientAuthMetadataConfiguration(String authUrl, + IdAustriaClientAuthCredentialProvider credentialProvider, + IPvp2BasicConfiguration pvpConfiguration) { + this.authUrl = authUrl; + this.credentialProvider = credentialProvider; + this.pvpConfiguration = pvpConfiguration; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getMetadataValidUntil() + */ + @Override + public int getMetadataValidUntil() { + return IdAustriaClientAuthConstants.METADATA_VALIDUNTIL_IN_HOURS; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * buildEntitiesDescriptorAsRootElement() + */ + @Override + public boolean buildEntitiesDescriptorAsRootElement() { + return false; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * buildIDPSSODescriptor() + */ + @Override + public boolean buildIdpSsoDescriptor() { + return false; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * buildSPSSODescriptor() + */ + @Override + public boolean buildSpSsoDescriptor() { + return true; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getEntityIDPostfix() + */ + @Override + public String getEntityID() { + return authUrl + IdAustriaClientAuthConstants.ENDPOINT_METADATA; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getEntityFriendlyName() + */ + @Override + public String getEntityFriendlyName() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getContactPersonInformation() + */ + @Override + public List getContactPersonInformation() { + try { + return pvpConfiguration.getIdpContacts(); + + } catch (final EaafException e) { + log.warn("Can not load Metadata entry: Contect Person", e); + return null; + + } + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getOrgansiationInformation() + */ + @Override + public Organization getOrgansiationInformation() { + try { + return pvpConfiguration.getIdpOrganisation(); + + } catch (final EaafException e) { + log.warn("Can not load Metadata entry: Organisation", e); + return null; + + } + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getMetadataSigningCredentials() + */ + @Override + public EaafX509Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getMetaDataSigningCredential(); + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getRequestorResponseSigningCredentials() + */ + @Override + public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getMessageSigningCredential(); + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getEncryptionCredentials() + */ + @Override + public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getMessageEncryptionCredential(); + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPWebSSOPostBindingURL() + */ + @Override + public String getIdpWebSsoPostBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPWebSSORedirectBindingURL() + */ + @Override + public String getIdpWebSsoRedirectBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPSLOPostBindingURL() + */ + @Override + public String getIdpSloPostBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPSLORedirectBindingURL() + */ + @Override + public String getIdpSloRedirectBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPAssertionConsumerServicePostBindingURL() + */ + @Override + public String getSpAssertionConsumerServicePostBindingUrl() { + return authUrl + IdAustriaClientAuthConstants.ENDPOINT_POST; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPAssertionConsumerServiceRedirectBindingURL() + */ + @Override + public String getSpAssertionConsumerServiceRedirectBindingUrl() { + return authUrl + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPSLOPostBindingURL() + */ + @Override + public String getSpSloPostBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPSLORedirectBindingURL() + */ + @Override + public String getSpSloRedirectBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPSLOSOAPBindingURL() + */ + @Override + public String getSpSloSoapBindingUrl() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPPossibleAttributes() + */ + @Override + public List getIdpPossibleAttributes() { + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getIDPPossibleNameITTypes() + */ + @Override + public List getIdpPossibleNameIdTypes() { + return null; + } + + + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPRequiredAttributes() + */ + @Override + public Collection getSpRequiredAttributes() { + final Map requestedAttributes = new HashMap<>(); + + if (pvpConfiguration.getBasicConfiguration().getBasicConfigurationBoolean( + AuthHandlerConstants.PROP_CONFIG_LEGACY_ALLOW, false)) { + log.trace("Build required attributes for legacy operaton ... "); + injectDefinedAttributes(requestedAttributes, + IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES_WITHOUT_EID); + + } else { + log.trace("Build required attributes for E-ID operaton ... "); + injectDefinedAttributes(requestedAttributes, + IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES); + + } + + if (additionalAttributes != null) { + log.trace("Add additional PVP attributes into metadata ... "); + for (final RequestedAttribute el : additionalAttributes) { + if (requestedAttributes.containsKey(el.getName())) { + log.debug("Attribute " + el.getName() + + " is already added by default configuration. Overwrite it by user configuration"); + } + + requestedAttributes.put(el.getName(), el); + + } + } + + return requestedAttributes.values(); + + } + + + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# + * getSPAllowedNameITTypes() + */ + @Override + public List getSpAllowedNameIdTypes() { + return Arrays.asList(NameIDType.PERSISTENT); + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPMetadataBuilderConfiguration#getSPNameForLogging() + */ + @Override + public String getSpNameForLogging() { + return IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPMetadataBuilderConfiguration#wantAssertionSigned() + */ + @Override + public boolean wantAssertionSigned() { + return false; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned() + */ + @Override + public boolean wantAuthnRequestSigned() { + return true; + } + + /** + * Add additonal PVP attributes that are required by this deployment. + * + * @param additionalAttr List of PVP attribute name and isRequired flag + */ + public void setAdditionalRequiredAttributes(List> additionalAttr) { + if (additionalAttr != null && !additionalAttr.isEmpty()) { + additionalAttributes = new ArrayList<>(); + for (final Pair el : additionalAttr) { + final Attribute attributBuilder = PvpAttributeBuilder.buildEmptyAttribute(el.getFirst()); + if (attributBuilder != null) { + additionalAttributes.add( + PvpAttributeBuilder.buildReqAttribute( + attributBuilder.getName(), + attributBuilder.getFriendlyName(), + el.getSecond())); + + } else { + log.info("NO PVP attribute with name: " + el.getFirst()); + } + + } + } + } + + private void injectDefinedAttributes(Map requestedAttributes, + List> attributes) { + for (final Triple el : attributes) { + requestedAttributes.put(el.getFirst(), PvpAttributeBuilder.buildReqAttribute(el.getFirst(), el + .getSecond(), el.getThird())); + + } + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java new file mode 100644 index 00000000..a2966c7e --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java @@ -0,0 +1,149 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + + +import java.io.IOException; +import java.net.MalformedURLException; +import java.net.URL; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.http.HttpUtils; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import com.google.common.net.MediaType; +import lombok.extern.slf4j.Slf4j; + +/** + * Controller that generates SAML2 metadata for eIDAS authentication client. + * + * @author tlenz + * + */ +@Slf4j +@Controller +public class IdAustriaClientAuthMetadataController extends AbstractController { + + private static final String ERROR_CODE_INTERNAL_00 = "eaaf.core.00"; + + @Autowired + PvpMetadataBuilder metadatabuilder; + @Autowired + IdAustriaClientAuthCredentialProvider credentialProvider; + @Autowired + IPvp2BasicConfiguration pvpConfiguration; + + /** + * Default construction with logging. + * + */ + public IdAustriaClientAuthMetadataController() { + super(); + log.debug("Registering servlet " + getClass().getName() + + " with mappings '" + IdAustriaClientAuthConstants.ENDPOINT_METADATA + + "'."); + + } + + /** + * End-point that produce PVP2 metadata for eIDAS authentication client. + * + * @param req http Request + * @param resp http Response + * @throws IOException In case of an I/O error + * @throws EaafException In case of a metadata generation error + */ + @RequestMapping(value = IdAustriaClientAuthConstants.ENDPOINT_METADATA, + method = { RequestMethod.GET }) + public void getSpMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException, + EaafException { + // check PublicURL prefix + try { + final String authUrl = getAuthUrlFromHttpContext(req); + + // initialize metadata builder configuration + final IdAustriaClientAuthMetadataConfiguration metadataConfig = + new IdAustriaClientAuthMetadataConfiguration(authUrl, credentialProvider, pvpConfiguration); + metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes()); + + // build metadata + final String xmlMetadata = metadatabuilder.buildPvpMetadata(metadataConfig); + + // write response + final byte[] content = xmlMetadata.getBytes("UTF-8"); + resp.setStatus(HttpServletResponse.SC_OK); + resp.setContentLength(content.length); + resp.setContentType(MediaType.XML_UTF_8.toString()); + resp.getOutputStream().write(content); + + } catch (final Exception e) { + log.warn("Build federated-authentication PVP metadata FAILED.", e); + protAuthService.handleErrorNoRedirect(e, req, resp, false); + + } + + } + + private String getAuthUrlFromHttpContext(HttpServletRequest req) throws EaafException { + // check if End-Point is valid + final String authUrlString = HttpUtils.extractAuthUrlFromRequest(req); + URL authReqUrl; + try { + authReqUrl = new URL(authUrlString); + + } catch (final MalformedURLException e) { + log.warn("Requested URL: {} is not a valid URL.", authUrlString); + throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString }, e); + + } + + final String idpAuthUrl = authConfig.validateIdpUrl(authReqUrl); + if (idpAuthUrl == null) { + log.warn("Requested URL: {} is NOT found in configuration.", authReqUrl); + throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString }); + + } + + return idpAuthUrl; + } + + private List> getAdditonalRequiredAttributes() { + final List> result = new ArrayList<>(); + + // load attributes from configuration + final Map addReqAttributes = authConfig.getBasicConfigurationWithPrefix( + IdAustriaClientAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST); + for (final String el : addReqAttributes.values()) { + if (StringUtils.isNotEmpty(el)) { + log.trace("Parse additional attr. definition: " + el); + final List attr = KeyValueUtils.getListOfCsvValues(el.trim()); + if (attr.size() == 2) { + result.add(Pair.newInstance(attr.get(0), Boolean.parseBoolean(attr.get(1)))); + + } else { + log.info("IGNORE additional attr. definition: " + el + + " Reason: Format not valid"); + } + } + } + + return result; + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataProvider.java new file mode 100644 index 00000000..46278ad8 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataProvider.java @@ -0,0 +1,169 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +import java.io.IOException; +import java.security.KeyStore; +import java.security.Provider; +import java.security.cert.CertificateException; +import java.text.MessageFormat; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import javax.annotation.PostConstruct; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml.metadata.resolver.MetadataResolver; +import org.opensaml.saml.metadata.resolver.filter.MetadataFilter; +import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain; +import org.springframework.beans.factory.annotation.Autowired; + +import lombok.extern.slf4j.Slf4j; + +/** + * SAML2 metadata-provider implementation for eIDAS client. + * + * @author tlenz + * + */ +@Slf4j +public class IdAustriaClientAuthMetadataProvider extends AbstractChainingMetadataProvider { + + private static final String FRIENDLYNAME_METADATA_TRUSTSTORE = "'eIDAS_client metadata truststore'"; + private static final String PROVIDER_ID_PATTERN = "eIDAS resolver: {0}"; + public static final String PROVIDER_ID = "'eIDAS_client metadata provider'"; + + @Autowired + private IConfiguration basicConfig; + + @Autowired + private PvpMetadataResolverFactory metadataProviderFactory; + @Autowired + private IHttpClientFactory httpClientFactory; + + @Autowired + private EaafKeyStoreFactory keyStoreFactory; + + private Pair metadataSigningTrustStore; + + @Override + protected String getMetadataUrl(String entityId) throws EaafConfigurationException { + log.trace("eIDAS Auth. uses SAML2 well-known location approach. EntityId is Metadata-URL"); + return entityId; + + } + + @Override + protected MetadataResolver createNewMetadataProvider(String entityId) throws EaafConfigurationException, + IOException, CertificateException { + final List filterList = new ArrayList<>(); + filterList.add(new SchemaValidationFilter(true)); + filterList.add(new SimpleMetadataSignatureVerificationFilter( + metadataSigningTrustStore.getFirst(), entityId)); + + final MetadataFilterChain filter = new MetadataFilterChain(); + filter.setFilters(filterList); + + try { + return metadataProviderFactory.createMetadataProvider(getMetadataUrl(entityId), + filter, + MessageFormat.format(PROVIDER_ID_PATTERN, entityId), + httpClientFactory.getHttpClient()); + + } catch (final Pvp2MetadataException e) { + log.info("Can NOT build metadata provider for entityId: {}", entityId); + throw new EaafConfigurationException("module.eidasauth.04", + new Object[] { entityId, e.getMessage() }, e); + + } + } + + @Override + protected List getAllMetadataUrlsFromConfiguration() throws EaafConfigurationException { + return Collections.emptyList(); + + } + + @Override + protected String getMetadataProviderId() { + return PROVIDER_ID; + + } + + @Override + public void runGarbageCollector() { + log.trace("Garbage collection is NOT supported by: {}", getId()); + } + + @Override + public void doDestroy() { + super.fullyDestroy(); + + } + + @PostConstruct + private void initialize() throws EaafException { + // initialize truststore to validate metadata signing certificates + initializeTrustStore(); + + // load metadata with metadataURL, as backup + initializeFileSystemMetadata(); + + } + + private void initializeFileSystemMetadata() { + try { + final String metadataUrl = basicConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_METADATAURL); + if (StringUtils.isNotEmpty(metadataUrl)) { + log.info("Use not recommended metadata-provider initialization!" + + " SAML2 'Well-Known-Location' is the preferred methode."); + log.info("Initialize 'ms-specific eIDAS node' metadata-provider with URL: {}", metadataUrl); + + addMetadataResolverIntoChain(createNewMetadataProvider(metadataUrl)); + } + + } catch (final EaafConfigurationException | CertificateException | IOException e) { + log.warn("Can NOT inject static eIDAS Node metadata-soure.", e); + log.warn("eIDAS Node communication can be FAIL."); + + } + } + + private void initializeTrustStore() throws EaafException { + // set configuration + final KeyStoreConfiguration trustStoreConfig = new KeyStoreConfiguration(); + trustStoreConfig.setFriendlyName(FRIENDLYNAME_METADATA_TRUSTSTORE); + trustStoreConfig.setKeyStoreType(basicConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_TYPE, + KeyStoreType.JKS.getKeyStoreType())); + trustStoreConfig.setKeyStoreName(basicConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_NAME)); + trustStoreConfig.setSoftKeyStoreFilePath(basicConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_PATH)); + trustStoreConfig.setSoftKeyStorePassword(basicConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_PASSWORD)); + + // validate configuration + trustStoreConfig.validate(); + + // open new TrustStore + metadataSigningTrustStore = keyStoreFactory.buildNewKeyStore(trustStoreConfig); + + } + +} + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthRequestBuilderConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthRequestBuilderConfiguration.java new file mode 100644 index 00000000..65b6a198 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthRequestBuilderConfiguration.java @@ -0,0 +1,300 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +import java.util.List; + +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation; + +import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration; +import org.opensaml.saml.saml2.core.NameIDType; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.w3c.dom.Element; + +public class IdAustriaClientAuthRequestBuilderConfiguration implements IPvpAuthnRequestBuilderConfiguruation { + + private boolean isPassive; + private String spEntityId; + private String qaaLevel; + private EntityDescriptor idpEntity; + private EaafX509Credential signCred; + private String scopeRequesterId; + private String providerName; + private List requestedAttributes; + private String reqId; + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#isPassivRequest() + */ + @Override + public Boolean isPassivRequest() { + return this.isPassive; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getAssertionConsumerServiceId() + */ + @Override + public Integer getAssertionConsumerServiceId() { + return 0; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getEntityID() + */ + @Override + public String getSpEntityID() { + return this.spEntityId; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() + */ + @Override + public String getNameIdPolicyFormat() { + return NameIDType.PERSISTENT; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() + */ + @Override + public boolean getNameIdPolicyAllowCreation() { + return true; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getAuthnContextClassRef() + */ + @Override + public String getAuthnContextClassRef() { + return this.qaaLevel; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getAuthnContextComparison() + */ + @Override + public AuthnContextComparisonTypeEnumeration getAuthnContextComparison() { + return AuthnContextComparisonTypeEnumeration.MINIMUM; + } + + /** + * Set isPassive flag in SAML2 request. + * + * @param isPassive the isPassive to set. + */ + public void setPassive(boolean isPassive) { + this.isPassive = isPassive; + } + + /** + * Set the requester EntityId. + * + * @param spEntityId EntityId of SP + */ + public void setSpEntityID(String spEntityId) { + this.spEntityId = spEntityId; + } + + /** + * Set required LoA. + * + * @param loa the LoA to set. + */ + public void setRequestedLoA(String loa) { + qaaLevel = loa; + } + + /** + * Set EntityId of IDP. + * + * @param idpEntity the idpEntity to set. + */ + public void setIdpEntity(EntityDescriptor idpEntity) { + this.idpEntity = idpEntity; + } + + /** + * Set message signing credentials. + * + * @param signCred the signCred to set. + */ + public void setSignCred(EaafX509Credential signCred) { + this.signCred = signCred; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getAuthnRequestSigningCredential() + */ + @Override + public EaafX509Credential getAuthnRequestSigningCredential() { + return this.signCred; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getIDPEntityDescriptor() + */ + @Override + public EntityDescriptor getIdpEntityDescriptor() { + return this.idpEntity; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSubjectNameID() + */ + @Override + public String getSubjectNameID() { + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSPNameForLogging() + */ + @Override + public String getSpNameForLogging() { + return IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDFormat() + */ + @Override + public String getSubjectNameIdFormat() { + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getRequestID() + */ + @Override + public String getRequestID() { + return this.reqId; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDQualifier() + */ + @Override + public String getSubjectNameIdQualifier() { + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationMethode() + */ + @Override + public String getSubjectConformationMethode() { + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. + * IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationDate() + */ + @Override + public Element getSubjectConformationDate() { + return null; + } + + @Override + public List getRequestedAttributes() { + return this.requestedAttributes; + + } + + @Override + public String getProviderName() { + return this.providerName; + } + + @Override + public String getScopeRequesterId() { + return this.scopeRequesterId; + } + + /** + * Set the entityId of the SP that requests the proxy for eIDAS authentication. + * + * @param scopeRequesterId RequestId in SAML2 Proxy extension + */ + public void setScopeRequesterId(String scopeRequesterId) { + this.scopeRequesterId = scopeRequesterId; + } + + /** + * Set a friendlyName for the SP that requests the proxy for eIDAS + * authentication. + * + * @param providerName SAML2 provider-name attribute-value + */ + public void setProviderName(String providerName) { + this.providerName = providerName; + } + + /** + * Set a Set of PVP attributes that a requested by using requested attributes. + * + * @param requestedAttributes Requested SAML2 attributes + */ + public void setRequestedAttributes(List requestedAttributes) { + this.requestedAttributes = requestedAttributes; + } + + /** + * Set a RequestId for this Authn. Request. + * + * @param reqId SAML2 message requestId + */ + public void setRequestId(String reqId) { + this.reqId = reqId; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/MisException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/MisException.java new file mode 100644 index 00000000..71826d23 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/MisException.java @@ -0,0 +1,17 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; + +public class MisException extends EaafException { + + private static final long serialVersionUID = 1L; + + public MisException(final String errorId, final Object[] params) { + super(errorId, params); + } + + public MisException(final String errorId, final Object[] params, final Throwable e) { + super(errorId, params, e); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java index 5f242c1b..aa8deb2b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java @@ -23,11 +23,11 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthConstants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthCredentialProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthMetadataProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthRequestBuilderConfiguration; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IAhSpConfiguration; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthRequestBuilderConfiguration; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IAhSpConfiguration; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; @@ -75,9 +75,6 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet IdAustriaClientAuthCredentialProvider credential; @Autowired IdAustriaClientAuthMetadataProvider metadataService; - // @Autowired - // ITransactionStorage transactionStorage; - @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) @@ -136,9 +133,6 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig, relayState, response); - //MsEidasNodeConstants.ENDPOINT_PVP_POST - //MsEidasNodeConstants.ENDPOINT_PVP_METADATA - //TODO } catch (final Exception e) { log.error("Initial search FAILED.", e); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java index b598cb92..9e6aa7cc 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java @@ -29,18 +29,59 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.AhAuthProcessDataWrapper; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.AuthHandlerConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.EidasAuthEventConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.MisException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.messaging.decoder.MessageDecodingException; +import org.opensaml.saml.saml2.core.Response; +import org.opensaml.saml.saml2.core.StatusCode; +import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import javax.naming.ConfigurationException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.TransformerException; +import java.io.IOException; +import java.util.Arrays; +import java.util.Base64; import java.util.List; +import java.util.Set; /** * Task that searches ErnB and ZMR before adding person to SZR. @@ -51,6 +92,31 @@ import java.util.List; @Component("ReceiveMobilePhoneSignatureResponseTask") public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends AbstractAuthServletTask { + @Autowired + private SamlVerificationEngine samlVerificationEngine; + @Autowired + private IdAustriaClientAuthCredentialProvider credentialProvider; + @Autowired(required = true) + IdAustriaClientAuthMetadataProvider metadataProvider; + + private static final String ERROR_PVP_03 = "sp.pvp2.03"; + private static final String ERROR_PVP_05 = "sp.pvp2.05"; + private static final String ERROR_PVP_06 = "sp.pvp2.06"; + private static final String ERROR_PVP_08 = "sp.pvp2.08"; + private static final String ERROR_PVP_10 = "sp.pvp2.10"; + private static final String ERROR_PVP_11 = "sp.pvp2.11"; + private static final String ERROR_PVP_12 = "sp.pvp2.12"; + + private static final String ERROR_MSG_00 = + "Receive INVALID PVP Response from federated IDP"; + private static final String ERROR_MSG_01 = + "Processing PVP response from 'ms-specific eIDAS node' FAILED."; + private static final String ERROR_MSG_02 = + "PVP response decrytion FAILED. No credential found."; + private static final String ERROR_MSG_03 = + "PVP response validation FAILED."; + + private final IErnpClient ernpClient; private final IZmrClient zmrClient; @@ -71,6 +137,123 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends SimpleEidasData eidData = authProcessData.getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class); + + InboundMessage msg = null; + + try { + + IDecoder decoder = null; + EaafUriCompare comperator = null; + // select Response Binding + if (request.getMethod().equalsIgnoreCase("POST")) { + decoder = new PostBinding(); + comperator = new EaafUriCompare(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_POST); + log.trace("Receive PVP Response from 'ID Austria node', by using POST-Binding."); + + } else if (request.getMethod().equalsIgnoreCase("GET")) { + decoder = new RedirectBinding(); + comperator = new EaafUriCompare(pendingReq.getAuthUrl() + + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT); + log.trace("Receive PVP Response from 'ID Austria node', by using Redirect-Binding."); + + } else { + log.warn("Receive PVP Response, but Binding (" + + request.getMethod() + ") is not supported."); + throw new AuthnResponseValidationException(ERROR_PVP_03, new Object[]{ + IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}); + + } + + // decode PVP response object + msg = (InboundMessage) decoder.decode( + request, response, metadataProvider, IDPSSODescriptor.DEFAULT_ELEMENT_NAME, + comperator); + + // validate response signature + if (!msg.isVerified()) { + samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine( + metadataProvider)); + msg.setVerified(true); + + } + + // validate assertion + final Pair processedMsg = + preProcessAuthResponse((PvpSProfileResponse) msg); + + //check if SAML2 response contains user-stop decision + if (processedMsg.getSecond()) { + stopProcessFromUserDecision(executionContext, request, response); + + } else { + // validate entityId of response + final String msNodeEntityID = authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID); + final String respEntityId = msg.getEntityID(); + if (!msNodeEntityID.equals(respEntityId)) { + log.warn("Response Issuer is not a 'ms-specific eIDAS node'. Stopping eIDAS authentication ..."); + throw new AuthnResponseValidationException(ERROR_PVP_08, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, + msg.getEntityID()}); + + } + + // initialize Attribute extractor + final AssertionAttributeExtractor extractor = + new AssertionAttributeExtractor(processedMsg.getFirst().getResponse()); + + getAuthDataFromInterfederation(extractor); + + // set NeedConsent to false, because user gives consont during authentication + pendingReq.setNeedUserConsent(false); + + // store pending-request + requestStoreage.storePendingRequest(pendingReq); + + //set E-ID process flag to execution context + final AhAuthProcessDataWrapper session = pendingReq.getSessionData( + AhAuthProcessDataWrapper.class); + executionContext.put(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS, session.isEidProcess()); + executionContext.put(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES, session.isMandateUsed()); + + + log.info("Receive a valid assertion from IDP " + msg.getEntityID()); + + } + + } catch (final AuthnResponseValidationException e) { + throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e); + + } catch (MessageDecodingException | SecurityException | SamlSigningException e) { + //final String samlRequest = request.getParameter("SAMLRequest"); + //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}", + // samlRequest, null, e); + throw new TaskExecutionException(pendingReq, ERROR_MSG_00, + new AuthnResponseValidationException(ERROR_PVP_11, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e)); + + } catch (IOException | MarshallingException | TransformerException e) { + log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); + throw new TaskExecutionException(pendingReq, ERROR_MSG_01, + new AuthnResponseValidationException(ERROR_PVP_12, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, + e)); + + } catch (final CredentialsNotAvailableException e) { + log.debug("PVP response decrytion FAILED. No credential found.", e); + throw new TaskExecutionException(pendingReq, ERROR_MSG_02, + new AuthnResponseValidationException(ERROR_PVP_10, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e)); + + } catch (final Exception e) { + log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e); + throw new TaskExecutionException(pendingReq, ERROR_MSG_03, + new AuthnResponseValidationException(ERROR_PVP_12, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); + + } + + //TODO extract bPK-ZP from response String bpkzp = "TODO"; MergedRegisterSearchResult result = searchInZmrAndErnp(bpkzp); @@ -93,6 +276,165 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends } } + private Pair preProcessAuthResponse(PvpSProfileResponse msg) + throws IOException, MarshallingException, TransformerException, + CredentialsNotAvailableException, AuthnResponseValidationException, SamlAssertionValidationExeption { + log.debug("Start PVP21 assertion processing... "); + final Response samlResp = (Response) msg.getResponse(); + + // check SAML2 response status-code + if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS)) { + // validate PVP 2.1 assertion + samlVerificationEngine.validateAssertion(samlResp, + credentialProvider.getMessageEncryptionCredential(), + pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_METADATA, + IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING); + + msg.setSamlMessage(Saml2Utils.asDomDocument(samlResp).getDocumentElement()); + revisionsLogger.logEvent(pendingReq, + EidasAuthEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED, + samlResp.getID()); + return Pair.newInstance(msg, false); + + } else { + log.info("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue() + + " from 'ms-specific eIDAS node'."); + StatusCode subStatusCode = getSubStatusCode(samlResp); + if (subStatusCode != null + && IdAustriaClientAuthConstants.SAML2_STATUSCODE_USERSTOP.equals(subStatusCode.getValue())) { + log.info("Find 'User-Stop operation' in SAML2 response. Stopping authentication process ... "); + return Pair.newInstance(msg, true); + + } + + revisionsLogger.logEvent(pendingReq, + EidasAuthEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR); + throw new AuthnResponseValidationException(ERROR_PVP_05, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, + samlResp.getIssuer().getValue(), + samlResp.getStatus().getStatusCode().getValue(), + samlResp.getStatus().getStatusMessage().getMessage()}); + + } + + } + + /** + * Get SAML2 Sub-StatusCode if not null. + * + * @param samlResp SAML2 response + * @return Sub-StatusCode or null if it's not set + */ + private StatusCode getSubStatusCode(Response samlResp) { + if (samlResp.getStatus().getStatusCode().getStatusCode() != null + && StringUtils.isNotEmpty(samlResp.getStatus().getStatusCode().getStatusCode().getValue())) { + return samlResp.getStatus().getStatusCode().getStatusCode(); + } + return null; + } + + private void getAuthDataFromInterfederation(AssertionAttributeExtractor extractor) + throws EaafBuilderException, ConfigurationException { + + List requiredEidasNodeAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES; + if (authConfig.getBasicConfigurationBoolean( + AuthHandlerConstants.PROP_CONFIG_LEGACY_ALLOW, false)) { + log.trace("Build required attributes for legacy operaton ... "); + requiredEidasNodeAttributes = Arrays.asList( + PvpAttributeDefinitions.PVP_VERSION_NAME, + PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, + PvpAttributeDefinitions.EID_ISSUING_NATION_NAME); + + } + + try { + // check if all attributes are include + if (!extractor.containsAllRequiredAttributes() + || !extractor.containsAllRequiredAttributes( + requiredEidasNodeAttributes)) { + log.warn("PVP Response from 'ms-specific eIDAS node' contains not all requested attributes."); + throw new AssertionValidationExeption(ERROR_PVP_06, new Object[]{ + IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}); + + } + + // copy attributes into MOASession + final AhAuthProcessDataWrapper session = pendingReq.getSessionData( + AhAuthProcessDataWrapper.class); + final Set includedAttrNames = extractor.getAllIncludeAttributeNames(); + for (final String attrName : includedAttrNames) { + injectAuthInfosIntoSession(session, attrName, + extractor.getSingleAttributeValue(attrName)); + + } + + //set piiTransactionId from eIDAS Connector + String piiTransactionId = extractor.getSingleAttributeValue( + ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME); + if (StringUtils.isNotEmpty(piiTransactionId) && pendingReq instanceof RequestImpl) { + log.info("Receive piiTransactionId from Austrian eIDAS Connector. Use this for further processing"); + ((RequestImpl) pendingReq).setUniquePiiTransactionIdentifier(piiTransactionId); + + } else { + log.debug("Receive no piiTransactionId from Austrian eIDAS Connector."); + + } + + // set foreigner flag + session.setForeigner(true); + + // set IssuerInstant from Assertion + session.setIssueInstant(extractor.getAssertionIssuingDate()); + + // set CCE URL + if (extractor.getFullAssertion().getIssuer() != null + && StringUtils.isNotEmpty(extractor.getFullAssertion().getIssuer().getValue())) { + session.setVdaUrl(extractor.getFullAssertion().getIssuer().getValue()); + + } else { + session.setVdaUrl("eIDAS_Authentication"); + + } + + } catch (final EaafStorageException | MisException | AssertionValidationExeption | IOException e) { + throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e); + + } + } + + private void injectAuthInfosIntoSession(AhAuthProcessDataWrapper session, String attrName, String attrValue) + throws EaafStorageException, MisException, IOException { + log.trace("Inject attribute: {} with value: {} into AuthSession", attrName, attrValue); + log.debug("Inject attribute: {} into AuthSession", attrName); + + if (ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME.equals(attrName)) { + log.debug("Find eidasBind attribute. Switching to E-ID mode ... "); + session.setEidProcess(true); + session.setQcBind(attrValue); + // session.setVsz(extractVszFromEidasBind(attrValue)); + //T + + } else if (ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME.equals(attrName)) { + session.setSignedAuthBlock(Base64.getDecoder().decode(attrValue)); + session.setSignedAuthBlockType(AuthHandlerConstants.AuthBlockType.JWS); + + } else if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) { + session.setQaaLevel(attrValue); + + // } else if (ExtendedPvpAttributeDefinitions.EID_MIS_MANDATE_NAME.equals(attrName) + // && authConfig.getBasicConfigurationBoolean( + // IdAustriaClientAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) { + // session.setMandateDate(new SignedMandateDao(attrValue)); + // session.setUseMandates(true); + // + } else { + session.setGenericDataToSession(attrName, attrValue); + + } + + } + + private MergedRegisterSearchResult searchInZmrAndErnp(String bpkzp) { List resultsZmr = zmrClient.searchWithBpkZp(bpkzp); List resultsErnp = ernpClient.searchWithBpkZp(bpkzp); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index c6d69c5d..680ec19c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -135,13 +135,13 @@ scope="prototype" /> + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider" /> + class=" at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider" /> + class=" at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController" /> \ No newline at end of file -- cgit v1.2.3 From de03adfbe79968f65bb711d7b3a583eeb1054140 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Mon, 1 Feb 2021 09:42:38 +0100 Subject: more transitions & tests --- connector/pom.xml | 9 + .../properties/status_messages_en.properties | 1 + connector_lib/pom.xml | 8 + eidas_modules/authmodule-eIDAS-v2/pom.xml | 21 +- .../specific/modules/auth/eidas/v2/Constants.java | 8 + .../v2/exception/InvalidUserInputException.java | 33 +++ .../IdAustriaAuthPvpConfiguration.java | 121 ++++++++++ .../IdAustriaClientAuthCredentialProvider.java | 2 +- .../GenerateMobilePhoneSignatureRequestTask.java | 3 - .../auth/eidas/v2/tasks/InitialSearchTask.java | 6 +- .../ReceiveGuiAustrianResidenceResponseTask.java | 79 ++++-- .../eidas/v2/tasks/ReceiveGuiResponseTask.java | 16 +- ...eSignatureResponseAndSearchInRegistersTask.java | 266 ++++++++++----------- .../resources/eIDAS.Authentication.process.xml | 8 +- .../src/main/resources/eidas_v2_auth.beans.xml | 12 +- .../IdAustriaClientAuthMetadataControllerTest.java | 169 +++++++++++++ .../eidas/v2/test/tasks/InitialSearchTaskTest.java | 131 ++++++++-- .../EidasRequestPreProcessingFirstTest.java | 7 +- .../resources/SpringTest-context_tasks_test.xml | 27 +++ .../resources/config/junit_config_1.properties | 34 ++- .../config/junit_config_1_springboot.properties | 119 +++++++++ .../src/test/resources/config/keys/junit_test.jks | Bin 0 -> 8410 bytes .../src/test/resources/config/keys/teststore.jks | Bin 0 -> 2028 bytes .../src/test/resources/keystore/junit_test.jks | Bin 0 -> 8410 bytes pom.xml | 16 +- 25 files changed, 873 insertions(+), 223 deletions(-) create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/junit_test.jks create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/teststore.jks create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/junit_test.jks (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/connector/pom.xml b/connector/pom.xml index 36a6d9df..c2039ad7 100644 --- a/connector/pom.xml +++ b/connector/pom.xml @@ -43,6 +43,15 @@ authmodule-eIDAS-v2 + + at.gv.egiz.eaaf + eaaf_module_pvp2_core + + + at.gv.egiz.eaaf + eaaf_module_pvp2_sp + + org.springframework.boot diff --git a/connector/src/main/resources/properties/status_messages_en.properties b/connector/src/main/resources/properties/status_messages_en.properties index c430fc90..9dcbe1a1 100644 --- a/connector/src/main/resources/properties/status_messages_en.properties +++ b/connector/src/main/resources/properties/status_messages_en.properties @@ -8,6 +8,7 @@ eidas.06=LoA from eIDAS response-message {0} does not match to requested LoA eidas.07=eIDAS Response attribute-validation FAILED. Attribute:{0} Reason: {1} eidas.08=An unexpected error occurred. eidas.09=An error occurred while loading your data from official registers. Please contact the support. +eidas.10=Invalid user input. config.01=No configuration-file parameter found. Maybe Java SystemD parameter is missing diff --git a/connector_lib/pom.xml b/connector_lib/pom.xml index f24a2801..8ed561f3 100644 --- a/connector_lib/pom.xml +++ b/connector_lib/pom.xml @@ -62,6 +62,14 @@ test-jar + + at.gv.egiz.eaaf + eaaf_module_pvp2_core + + + at.gv.egiz.eaaf + eaaf_module_pvp2_sp + diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml index f578c52d..6773cc41 100644 --- a/eidas_modules/authmodule-eIDAS-v2/pom.xml +++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml @@ -50,6 +50,15 @@ eaaf-core + + at.gv.egiz.eaaf + eaaf_module_pvp2_core + + + at.gv.egiz.eaaf + eaaf_module_pvp2_sp + + iaik.prod iaik_jce_full @@ -189,17 +198,7 @@ jose4j 0.7.2 - - at.gv.egiz.eaaf - eaaf_module_pvp2_core - 1.1.11 - compile - - - at.gv.egiz.eaaf - eaaf_module_pvp2_sp - compile - + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 858637e9..ba57b28e 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -180,4 +180,12 @@ public class Constants { public static final String COUNTRY_CODE_DE = "DE"; public static final String COUNTRY_CODE_IT = "IT"; + + public static final String TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK = "TASK_CreateNewErnpEntryTask"; + public static final String TRANSITION_TO_CREATE_GENERATE_GUI_TASK = "TASK_GenerateGuiTask"; + public static final String TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK = + "Task_GenerateGuiQueryAustrianResidenceTask"; + public static final String TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK = + "TASK_GenerateMobilePhoneSignatureRequestTask"; + public static final String TRANSITION_TO_GENERATE_EIDAS_LOGIN = "TASK_TODO"; } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java new file mode 100644 index 00000000..f28d8afa --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java @@ -0,0 +1,33 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; + +public class InvalidUserInputException extends EidasSAuthenticationException { + private static final long serialVersionUID = 1L; + + public InvalidUserInputException() { + super("eidas.10", null); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java new file mode 100644 index 00000000..30c8b65f --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java @@ -0,0 +1,121 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml.saml2.metadata.ContactPerson; +import org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration; +import org.opensaml.saml.saml2.metadata.EmailAddress; +import org.opensaml.saml.saml2.metadata.GivenName; +import org.opensaml.saml.saml2.metadata.Organization; +import org.opensaml.saml.saml2.metadata.OrganizationDisplayName; +import org.opensaml.saml.saml2.metadata.OrganizationName; +import org.opensaml.saml.saml2.metadata.OrganizationURL; +import org.opensaml.saml.saml2.metadata.SurName; +import org.springframework.beans.factory.annotation.Autowired; + +import java.util.Arrays; +import java.util.List; + +public class IdAustriaAuthPvpConfiguration implements IPvp2BasicConfiguration { + + private static final String DEFAULT_XML_LANG = "en"; + + @Autowired + private IConfiguration basicConfig; + + @Override + public String getIdpEntityId(String authUrl) throws EaafException { + return authUrl + IdAustriaClientAuthConstants.ENDPOINT_METADATA; + + } + + @Override + public String getIdpSsoPostService(String authUrl) throws EaafException { + return null; + + } + + @Override + public String getIdpSsoRedirectService(String authUrl) throws EaafException { + return null; + + } + + @Override + public String getIdpSsoSoapService(String extractAuthUrlFromRequest) throws EaafException { + return null; + + } + + @Override + public List getIdpContacts() throws EaafException { + final ContactPerson contactPerson = Saml2Utils.createSamlObject(ContactPerson.class); + final GivenName givenName = Saml2Utils.createSamlObject(GivenName.class); + final SurName surname = Saml2Utils.createSamlObject(SurName.class); + final EmailAddress emailAddress = Saml2Utils.createSamlObject(EmailAddress.class); + + givenName.setName(getAndVerifyFromConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_GIVENNAME)); + surname.setName(getAndVerifyFromConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_SURNAME)); + emailAddress.setAddress(getAndVerifyFromConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_EMAIL)); + + contactPerson.setType(ContactPersonTypeEnumeration.TECHNICAL); + contactPerson.setGivenName(givenName); + contactPerson.setSurName(surname); + contactPerson.getEmailAddresses().add(emailAddress); + + return Arrays.asList(contactPerson); + + } + + @Override + public Organization getIdpOrganisation() throws EaafException { + final Organization organisation = Saml2Utils.createSamlObject(Organization.class); + final OrganizationName orgName = Saml2Utils.createSamlObject(OrganizationName.class); + final OrganizationDisplayName orgDisplayName = Saml2Utils.createSamlObject(OrganizationDisplayName.class); + final OrganizationURL orgUrl = Saml2Utils.createSamlObject(OrganizationURL.class); + + orgName.setXMLLang(DEFAULT_XML_LANG); + orgName.setValue(getAndVerifyFromConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_NAME)); + + orgDisplayName.setXMLLang(DEFAULT_XML_LANG); + orgDisplayName.setValue(getAndVerifyFromConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME)); + + orgUrl.setXMLLang(DEFAULT_XML_LANG); + orgUrl.setValue(getAndVerifyFromConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_URL)); + + + organisation.getOrganizationNames().add(orgName); + organisation.getDisplayNames().add(orgDisplayName); + organisation.getURLs().add(orgUrl); + + return organisation; + } + + + @Override + public IConfiguration getBasicConfiguration() { + return basicConfig; + + } + + private String getAndVerifyFromConfiguration(String configKey) throws EaafConfigurationException { + final String value = basicConfig.getBasicConfiguration(configKey); + if (StringUtils.isEmpty(value)) { + throw new EaafConfigurationException("module.eidasauth.00", + new Object[]{configKey}); + + } + + return value; + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java index 69386194..2608cad1 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java @@ -19,7 +19,7 @@ public class IdAustriaClientAuthCredentialProvider extends AbstractCredentialPro @Autowired IConfiguration authConfig; - private static final String FRIENDLYNAME = "eIDAS centrial authentication"; + private static final String FRIENDLYNAME = "ID Austria authentication"; @Override public KeyStoreConfiguration getBasicKeyStoreConfig() throws EaafConfigurationException { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java index 546a2039..af1ef6f7 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java @@ -82,9 +82,6 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet log.trace("Starting GenerateMobilePhoneSignatureRequestTask"); //step 15a - //final IAhSpConfiguration spConfig = pendingReq.getServiceProviderConfiguration( - // IAhSpConfiguration.class); - // get entityID for ms-specific eIDAS node final String msNodeEntityID = "TODO"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index 99da21a1..2e754e14 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -207,13 +207,13 @@ public class InitialSearchTask extends AbstractAuthServletTask { MergedRegisterSearchResult mdsSearchResult = new MergedRegisterSearchResult(resultsZmr, resultsErnp); if (mdsSearchResult.getResultCount() == 0) { - executionContext.put("TASK_CreateNewErnpEntryTask", true); + executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK, true); } else { - executionContext.put("TASK_GenerateGuiTask", true); + executionContext.put(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK, true); } //TODO implement next phase and return correct value - return "TODO-Temporary-Endnode-105"; + return null; } private MergedRegisterSearchResult searchInZmrAndErnp(String personIdentifier) { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java index 34fbf507..977262bb 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java @@ -23,7 +23,9 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; @@ -46,33 +48,70 @@ import java.util.Enumeration; @Component("ReceiveGuiAustrianResidenceResponseTask") public class ReceiveGuiAustrianResidenceResponseTask extends AbstractAuthServletTask { - final String loginMethod = "loginSelection"; + final String formerResidenceAvailableParameterName = "formerResidenceAvailable"; + final String streetParameterName = "street"; + final String zipCodeParameterName = "zipcode"; + final String cityParameterName = "city"; + private final IZmrClient zmrClient; + + public ReceiveGuiAustrianResidenceResponseTask(IZmrClient zmrClient) { + this.zmrClient = zmrClient; + } //TODO @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - try { - log.trace("Starting ReceiveGuiAustrianResidenceResponseTask"); - // set parameter execution context - final Enumeration reqParamNames = request.getParameterNames(); - while (reqParamNames.hasMoreElements()) { - final String paramName = reqParamNames.nextElement(); - if (StringUtils.isNotEmpty(paramName) - && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) - && loginMethod.equalsIgnoreCase(paramName)) { - String value = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); - SelectedLoginMethod selection = SelectedLoginMethod.valueOf(value); - executionContext.put(loginMethod, selection); - - } + log.trace("Starting ReceiveGuiAustrianResidenceResponseTask"); + // set parameter execution context + final Enumeration reqParamNames = request.getParameterNames(); + String street = null; + String city = null; + String zipcode = null; + Boolean formerResidenceAvailable = false; + while (reqParamNames.hasMoreElements()) { + final String paramName = reqParamNames.nextElement(); + if (StringUtils.isNotEmpty(paramName) + && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) + && formerResidenceAvailableParameterName.equalsIgnoreCase(paramName)) { + formerResidenceAvailable = + Boolean.parseBoolean(StringEscapeUtils.escapeHtml(request.getParameter(paramName))); + } + if (StringUtils.isNotEmpty(paramName) + && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) + && streetParameterName.equalsIgnoreCase(paramName)) { + street = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); + } + if (StringUtils.isNotEmpty(paramName) + && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) + && cityParameterName.equalsIgnoreCase(paramName)) { + city = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); + } + if (StringUtils.isNotEmpty(paramName) + && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) + && zipCodeParameterName.equalsIgnoreCase(paramName)) { + zipcode = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); } - - } catch (final Exception e) { - log.error("Parsing selected login method FAILED.", e); - throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.", e); } + if (formerResidenceAvailable) { + //step 18 + if (street.isEmpty() || city.isEmpty() || zipcode.isEmpty()) { + //form should ensure that mandatory fields are field => + //this can never happen, expect somebody manipulated the response + throw new TaskExecutionException(pendingReq, "Invalid user input", new InvalidUserInputException()); + } + step18_RegisterSearch(street, city, zipcode);//TODO also MDS? + } else { + //step 20 or for now (phase 1) step 9 + executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK, true); + } + + + } + + private void step18_RegisterSearch(String street, String city, String zipcode) { + System.out.println(street + city + zipcode + zmrClient);//TODO } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java index fa787792..f8f22ce2 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java @@ -23,7 +23,9 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; @@ -62,7 +64,19 @@ public class ReceiveGuiResponseTask extends AbstractAuthServletTask { String value = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); SelectedLoginMethod selection = SelectedLoginMethod.valueOf(value); executionContext.put(loginMethod, selection); - + switch (selection) { + case EIDAS_LOGIN: + executionContext.put(Constants.TRANSITION_TO_GENERATE_EIDAS_LOGIN, true); + break; + case MOBILE_PHONE_SIGNATURE_LOGIN: + executionContext.put(Constants.TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK, true); + break; + case NO_OTHER_LOGIN: + executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); + break; + default: + throw new InvalidUserInputException(); + } } } } catch (final Exception e) { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java index 9d30b581..8b58f2e1 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java @@ -35,14 +35,13 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustri import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption; @@ -68,12 +67,13 @@ import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import javax.naming.ConfigurationException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.transform.TransformerException; import java.io.IOException; +import java.util.HashMap; import java.util.List; +import java.util.Set; /** * Task that searches ErnB and ZMR before adding person to SZR. @@ -132,140 +132,120 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends InboundMessage msg = null; - try { + IDecoder decoder = null; + EaafUriCompare comperator = null; + // select Response Binding + if (request.getMethod().equalsIgnoreCase("POST")) { + decoder = new PostBinding(); + comperator = new EaafUriCompare(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_POST); + log.trace("Receive PVP Response from 'ID Austria node', by using POST-Binding."); - IDecoder decoder = null; - EaafUriCompare comperator = null; - // select Response Binding - if (request.getMethod().equalsIgnoreCase("POST")) { - decoder = new PostBinding(); - comperator = new EaafUriCompare(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_POST); - log.trace("Receive PVP Response from 'ID Austria node', by using POST-Binding."); + } else if (request.getMethod().equalsIgnoreCase("GET")) { + decoder = new RedirectBinding(); + comperator = new EaafUriCompare(pendingReq.getAuthUrl() + + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT); + log.trace("Receive PVP Response from 'ID Austria node', by using Redirect-Binding."); - } else if (request.getMethod().equalsIgnoreCase("GET")) { - decoder = new RedirectBinding(); - comperator = new EaafUriCompare(pendingReq.getAuthUrl() - + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT); - log.trace("Receive PVP Response from 'ID Austria node', by using Redirect-Binding."); - - } else { - log.warn("Receive PVP Response, but Binding (" - + request.getMethod() + ") is not supported."); - throw new AuthnResponseValidationException(ERROR_PVP_03, new Object[]{ - IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}); - - } - - // decode PVP response object - msg = (InboundMessage) decoder.decode( - request, response, metadataProvider, IDPSSODescriptor.DEFAULT_ELEMENT_NAME, - comperator); - - // validate response signature - if (!msg.isVerified()) { - samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine( - metadataProvider)); - msg.setVerified(true); - - } - - // validate assertion - final Pair processedMsg = - preProcessAuthResponse((PvpSProfileResponse) msg); - - //check if SAML2 response contains user-stop decision - if (processedMsg.getSecond()) { - stopProcessFromUserDecision(executionContext, request, response); - - } else { - // validate entityId of response - final String msNodeEntityID = authConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID); - final String respEntityId = msg.getEntityID(); - if (!msNodeEntityID.equals(respEntityId)) { - log.warn("Response Issuer is not a 'ms-specific eIDAS node'. Stopping eIDAS authentication ..."); - throw new AuthnResponseValidationException(ERROR_PVP_08, - new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, - msg.getEntityID()}); - - } + } else { + log.warn("Receive PVP Response, but Binding (" + + request.getMethod() + ") is not supported."); + throw new AuthnResponseValidationException(ERROR_PVP_03, new Object[]{ + IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}); - // initialize Attribute extractor - final AssertionAttributeExtractor extractor = - new AssertionAttributeExtractor(processedMsg.getFirst().getResponse()); + } - getAuthDataFromInterfederation(extractor); + // decode PVP response object + msg = (InboundMessage) decoder.decode( + request, response, metadataProvider, IDPSSODescriptor.DEFAULT_ELEMENT_NAME, + comperator); - // set NeedConsent to false, because user gives consont during authentication - pendingReq.setNeedUserConsent(false); + // validate response signature + if (!msg.isVerified()) { + samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine( + metadataProvider)); + msg.setVerified(true); - // store pending-request - requestStoreage.storePendingRequest(pendingReq); + } - //set E-ID process flag to execution context - // final AhAuthProcessDataWrapper session = pendingReq.getSessionData( - // AhAuthProcessDataWrapper.class); - // executionContext.put(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS, session.isEidProcess()); - // executionContext.put(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES, session.isMandateUsed()); + // validate assertion + final Pair processedMsg = + preProcessAuthResponse((PvpSProfileResponse) msg); + //check if SAML2 response contains user-stop decision + if (processedMsg.getSecond()) { + stopProcessFromUserDecision(executionContext, request, response); - log.info("Receive a valid assertion from IDP " + msg.getEntityID()); + } else { + // validate entityId of response + final String msNodeEntityID = authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID); + final String respEntityId = msg.getEntityID(); + if (!msNodeEntityID.equals(respEntityId)) { + log.warn("Response Issuer is not a 'ID Austria node'. Stopping eIDAS authentication ..."); + throw new AuthnResponseValidationException(ERROR_PVP_08, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, + msg.getEntityID()}); } - } catch (final AuthnResponseValidationException e) { - throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e); - - } catch (MessageDecodingException | SecurityException | SamlSigningException e) { - //final String samlRequest = request.getParameter("SAMLRequest"); - //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}", - // samlRequest, null, e); - throw new TaskExecutionException(pendingReq, ERROR_MSG_00, - new AuthnResponseValidationException(ERROR_PVP_11, - new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e)); - - } catch (IOException | MarshallingException | TransformerException e) { - log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); - throw new TaskExecutionException(pendingReq, ERROR_MSG_01, - new AuthnResponseValidationException(ERROR_PVP_12, - new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, - e)); - - } catch (final CredentialsNotAvailableException e) { - log.debug("PVP response decrytion FAILED. No credential found.", e); - throw new TaskExecutionException(pendingReq, ERROR_MSG_02, - new AuthnResponseValidationException(ERROR_PVP_10, - new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e)); - - } catch (final Exception e) { - log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e); - throw new TaskExecutionException(pendingReq, ERROR_MSG_03, - new AuthnResponseValidationException(ERROR_PVP_12, - new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); + // initialize Attribute extractor + final AssertionAttributeExtractor extractor = + new AssertionAttributeExtractor(processedMsg.getFirst().getResponse()); + + String bpkzp = getAuthDataFromInterfederation(extractor); + + MergedRegisterSearchResult result = searchInZmrAndErnp(bpkzp); + if (result.getResultCount() == 0) { + //go to step 16 + executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); + return; + } else if (result.getResultCount() == 1) { + String bpk = + Utils.step7aKittProcess(ernpClient, zmrClient, initialSearchResult, result, eidData, pendingReq); + authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); + //node 110 + } else if (result.getResultCount() > 1) { + throw new ManualFixNecessaryException("bpkzp:" + bpkzp);// node 108 + } - } + // set NeedConsent to false, because user gives consont during authentication + pendingReq.setNeedUserConsent(false); + log.info("Receive a valid assertion from IDP " + msg.getEntityID()); - //TODO extract bPK-ZP from response - String bpkzp = "TODO"; - MergedRegisterSearchResult result = searchInZmrAndErnp(bpkzp); - if (result.getResultCount() == 0) { - //go to step 16 - //TODO set context variable - return; - } else if (result.getResultCount() == 1) { - String bpk = Utils.step7aKittProcess(ernpClient, zmrClient, initialSearchResult, result, eidData, pendingReq); - authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); - //node 110 - //TODO bpk vs bpkzp???? same? - } else if (result.getResultCount() > 1) { - throw new ManualFixNecessaryException("bpkzp:" + bpkzp);// node 108 } + } catch (final AuthnResponseValidationException e) { + throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e); + + } catch (MessageDecodingException | SecurityException | SamlSigningException e) { + //final String samlRequest = request.getParameter("SAMLRequest"); + //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}", + // samlRequest, null, e); + throw new TaskExecutionException(pendingReq, ERROR_MSG_00, + new AuthnResponseValidationException(ERROR_PVP_11, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e)); + + } catch (IOException | MarshallingException | TransformerException e) { + log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); + throw new TaskExecutionException(pendingReq, ERROR_MSG_01, + new AuthnResponseValidationException(ERROR_PVP_12, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, + e)); + + } catch (final CredentialsNotAvailableException e) { + log.debug("PVP response decrytion FAILED. No credential found.", e); + throw new TaskExecutionException(pendingReq, ERROR_MSG_02, + new AuthnResponseValidationException(ERROR_PVP_10, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e)); + } catch (final Exception e) { - log.error("Initial search FAILED.", e); - throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); + log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e); + throw new TaskExecutionException(pendingReq, ERROR_MSG_03, + new AuthnResponseValidationException(ERROR_PVP_12, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); } + } private Pair preProcessAuthResponse(PvpSProfileResponse msg) @@ -325,44 +305,47 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends return null; } - private void getAuthDataFromInterfederation(AssertionAttributeExtractor extractor) - throws EaafBuilderException, ConfigurationException { + private String getAuthDataFromInterfederation(AssertionAttributeExtractor extractor) + throws EaafBuilderException { List requiredEidasNodeAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES; - + String bpk = null; try { // check if all attributes are include if (!extractor.containsAllRequiredAttributes() || !extractor.containsAllRequiredAttributes( requiredEidasNodeAttributes)) { - log.warn("PVP Response from 'ms-specific eIDAS node' contains not all requested attributes."); + log.warn("PVP Response from 'ID Austria node' contains not all requested attributes."); throw new AssertionValidationExeption(ERROR_PVP_06, new Object[]{ IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}); } - // copy attributes into MOASession - // final AhAuthProcessDataWrapper session = pendingReq.getSessionData( - // AhAuthProcessDataWrapper.class); - // final Set includedAttrNames = extractor.getAllIncludeAttributeNames(); - // for (final String attrName : includedAttrNames) { - // injectAuthInfosIntoSession(session, attrName, - // extractor.getSingleAttributeValue(attrName)); - // - // } - - //set piiTransactionId from eIDAS Connector - String piiTransactionId = extractor.getSingleAttributeValue( - ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME); - if (StringUtils.isNotEmpty(piiTransactionId) && pendingReq instanceof RequestImpl) { - log.info("Receive piiTransactionId from Austrian eIDAS Connector. Use this for further processing"); - ((RequestImpl) pendingReq).setUniquePiiTransactionIdentifier(piiTransactionId); + HashMap map = new HashMap<>(); + final Set includedAttrNames = extractor.getAllIncludeAttributeNames(); + for (final String attrName : includedAttrNames) { + map.put(attrName, extractor.getSingleAttributeValue(attrName)); - } else { - log.debug("Receive no piiTransactionId from Austrian eIDAS Connector."); + if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) { + bpk = extractor.getSingleAttributeValue(attrName); + } + //injectAuthInfosIntoSession(session, attrName, + // extractor.getSingleAttributeValue(attrName)); } + //set piiTransactionId from eIDAS Connector + // String piiTransactionId = extractor.getSingleAttributeValue( + // ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME); + // if (StringUtils.isNotEmpty(piiTransactionId) && pendingReq instanceof RequestImpl) { + // log.info("Receive piiTransactionId from Austrian eIDAS Connector. Use this for further processing"); + // ((RequestImpl) pendingReq).setUniquePiiTransactionIdentifier(piiTransactionId); + // + // } else { + // log.debug("Receive no piiTransactionId from Austrian eIDAS Connector."); + // + // } + // set foreigner flag // session.setForeigner(true); @@ -383,6 +366,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e); } + return bpk; } // private void injectAuthInfosIntoSession(AhAuthProcessDataWrapper session, String attrName, String attrValue) @@ -404,7 +388,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends // } else if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) { // session.setQaaLevel(attrValue); // - // // } else if (ExtendedPvpAttributeDefinitions.EID_MIS_MANDATE_NAME.equals(attrName) + // // } else if (ExtendedPvpAttributeDefinitions.EID_MIS_MANDATE_NAME.equals(attrName) // // && authConfig.getBasicConfigurationBoolean( // // IdAustriaClientAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) { // // session.setMandateDate(new SignedMandateDao(attrValue)); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index 992ad766..6b67379c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -49,13 +49,14 @@ to="receiveGuiResponseTask" /> + conditionExpression="ctx['TASK_GenerateMobilePhoneSignatureRequestTask']"/> + to="generateGuiQueryAustrianResidenceTask" + conditionExpression="ctx['Task_GenerateGuiQueryAustrianResidenceTask']"/> @@ -65,7 +66,8 @@ conditionExpression="ctx['TASK_TODO']"/> + to="createNewErnpEntryTask" + conditionExpression="ctx['TASK_TODO']"/> - - + + + + - \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java new file mode 100644 index 00000000..c99c6e6a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java @@ -0,0 +1,169 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.List; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController; +import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.UnmarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.metadata.resolver.filter.FilterException; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml.saml2.metadata.SPSSODescriptor; +import org.opensaml.security.x509.BasicX509Credential; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; +import net.shibboleth.utilities.java.support.xml.XMLParserException; + + +@RunWith(SpringJUnit4ClassRunner.class) +//@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties"}) +@TestPropertySource(locations = { "classpath:/config/junit_config_1_springboot.properties" }) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml" +}) +@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS) +@Ignore +public class IdAustriaClientAuthMetadataControllerTest { + + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + + @Autowired private IdAustriaClientAuthMetadataController controller; + @Autowired private IdAustriaClientAuthCredentialProvider credProvider; + @Autowired private DummyAuthConfigMap config; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void initialize() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + + } + + /** + * Single jUnit-test set-up. + */ + @Before + public void testSetup() { + httpReq = new MockHttpServletRequest("GET", "http://localhost/authhandler"); + httpReq.setContextPath("/authhandler"); + httpResp = new MockHttpServletResponse(); + + config.removeConfigValue("core.legacy.allowLegacyMode"); + config.removeConfigValue("modules.eidascentralauth.semper.mandates.active"); + config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.1"); + config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.2"); + config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.3"); + config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.4"); + config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.5"); + config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.6"); + + } + + @Test + public void buildMetadataValidInEidMode() throws IOException, EaafException, + XMLParserException, UnmarshallingException, FilterException { + config.putConfigValue("core.legacy.allowLegacyMode", "false"); + config.putConfigValue("modules.eidascentralauth.semper.mandates.active", "false"); + + //build metdata + controller.getSpMetadata(httpReq, httpResp); + + //check result + validateResponse(6); + + } + + private void validateResponse(int numberOfRequestedAttributes) throws UnsupportedEncodingException, + XMLParserException, UnmarshallingException, FilterException, CredentialsNotAvailableException { + Assert.assertEquals("HTTP Statuscode", 200, httpResp.getStatus()); + Assert.assertEquals("ContentType", "text/xml; charset=utf-8", httpResp.getContentType()); + Assert.assertEquals("ContentEncoding", "UTF-8", httpResp.getCharacterEncoding()); + + final String metadataXml = httpResp.getContentAsString(); + Assert.assertNotNull("XML Metadata", metadataXml); + + final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), new ByteArrayInputStream(metadataXml.getBytes("UTF-8"))); + + Assert.assertEquals("EntityId", + "http://localhost/authhandler" + IdAustriaClientAuthConstants.ENDPOINT_METADATA, + metadata.getEntityID()); + + //check XML scheme + final SchemaValidationFilter schemaFilter = new SchemaValidationFilter(); + schemaFilter.filter(metadata); + + //check signature + final SimpleMetadataSignatureVerificationFilter sigFilter = + new SimpleMetadataSignatureVerificationFilter(credProvider.getKeyStore().getFirst(), + metadata.getEntityID()); + sigFilter.filter(metadata); + + //check content + final SPSSODescriptor spSsoDesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); + Assert.assertNotNull("SPSSODescr.", spSsoDesc); + + Assert.assertFalse("AssertionConsumerServices", + spSsoDesc.getAssertionConsumerServices().isEmpty()); + Assert.assertFalse("ContactPersons", + metadata.getContactPersons().isEmpty()); + Assert.assertNotNull("ContactPersons", + metadata.getOrganization()); + + Assert.assertFalse("KeyDescriptors", + spSsoDesc.getKeyDescriptors().isEmpty()); + Assert.assertEquals("#KeyDescriptors", 2, spSsoDesc.getKeyDescriptors().size()); + + Assert.assertFalse("NameIDFormats", + spSsoDesc.getNameIDFormats().isEmpty()); + Assert.assertEquals("wrong NameIDFormats", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + spSsoDesc.getNameIDFormats().get(0).getFormat()); + + Assert.assertFalse("AttributeConsumingServices", + spSsoDesc.getAttributeConsumingServices().isEmpty()); + Assert.assertEquals("#RequestAttributes", numberOfRequestedAttributes, + spSsoDesc.getAttributeConsumingServices().get(0).getRequestAttributes().size()); + + } + + private List convertX509Certs(List certs) { + final List result = new ArrayList<>(); + for (final X509Certificate cert : certs) { + result.add(new BasicX509Credential(cert)); + + } + return result; + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java index ac188cda..95986c49 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java @@ -46,7 +46,6 @@ import org.apache.commons.lang3.RandomStringUtils; import org.jetbrains.annotations.NotNull; import org.junit.Assert; import org.junit.Before; -import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; @@ -62,7 +61,6 @@ import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import javax.xml.namespace.QName; -import java.io.IOException; import java.net.URI; import java.net.URISyntaxException; import java.util.ArrayList; @@ -97,7 +95,7 @@ public class InitialSearchTaskTest { private final String randomGivenName = RandomStringUtils.randomAlphabetic(10); private final String randomPlaceOfBirth = RandomStringUtils.randomAlphabetic(10); private final String randomBirthName = RandomStringUtils.randomAlphabetic(10); - private final String randomDate = "2011-01-" + (10 + new Random().nextInt(18)); + private final String randomBirthDate = "2011-01-" + (10 + new Random().nextInt(18)); // /** // * jUnit class initializer. @@ -138,7 +136,7 @@ public class InitialSearchTaskTest { public void testNode100_UserIdentifiedUpdateNecessary_a() throws Exception { String newFirstName = RandomStringUtils.randomAlphabetic(10); Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList( - new RegisterResult(randomBpk, randomIdentifier, newFirstName, randomFamilyName, randomDate))); + new RegisterResult(randomBpk, randomIdentifier, newFirstName, randomFamilyName, randomBirthDate))); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); task.execute(pendingReq, executionContext); @@ -158,7 +156,7 @@ public class InitialSearchTaskTest { Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); String newRandomGivenName = RandomStringUtils.randomAlphabetic(10); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList( - new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomDate))); + new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomBirthDate))); task.execute(pendingReq, executionContext); String bPk = (String) @@ -175,9 +173,9 @@ public class InitialSearchTaskTest { @DirtiesContext public void testNode101_ManualFixNecessary_a() { ArrayList zmrResult = new ArrayList<>(); - zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate)); + zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate)); String newRandomGivenName = randomGivenName + RandomStringUtils.randomAlphabetic(2); - zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomDate)); + zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomBirthDate)); Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); @@ -197,10 +195,10 @@ public class InitialSearchTaskTest { public void testNode101_ManualFixNecessary_b() { Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); ArrayList ernpResult = new ArrayList<>(); - ernpResult.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName, randomFamilyName, randomDate)); + ernpResult.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName, randomFamilyName, randomBirthDate)); String newRandomGivenName = randomGivenName + RandomStringUtils.randomAlphabetic(2); ernpResult.add( - new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomDate)); + new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomBirthDate)); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); TaskExecutionException exception = assertThrows(TaskExecutionException.class, @@ -218,7 +216,7 @@ public class InitialSearchTaskTest { public void testNode102_UserIdentified_a() throws Exception { Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList( - new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate))); + new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate))); task.execute(pendingReq, executionContext); String bPk = (String) @@ -234,7 +232,7 @@ public class InitialSearchTaskTest { @DirtiesContext public void testNode102_UserIdentified_b() throws Exception { Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList( - new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate))); + new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate))); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); task.execute(pendingReq, executionContext); @@ -260,7 +258,7 @@ public class InitialSearchTaskTest { String newRandomIdentifier = randomIdentifier + RandomStringUtils.randomNumeric(2); Mockito.when(zmrClient.searchItSpecific(taxNumber)).thenReturn(Collections.singletonList( new RegisterResult(randomBpk, newRandomIdentifier, randomGivenName, randomFamilyName, - randomDate, null, null, taxNumber, null))); + randomBirthDate, null, null, taxNumber, null))); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); task = new InitialSearchTask( Collections.singletonList(new ItSpecificDetailSearchProcessor(ernpClient, zmrClient)), @@ -282,15 +280,15 @@ public class InitialSearchTaskTest { public void testNode103_UserIdentified_DE() throws Exception { final AuthenticationResponse response = buildDummyAuthResponseDE(randomGivenName, randomFamilyName, randomPseudonym, - randomDate, randomPlaceOfBirth, randomBirthName); + randomBirthDate, randomPlaceOfBirth, randomBirthName); TestRequestImpl pendingReq1 = new TestRequestImpl(); pendingReq1.getSessionData(AuthProcessDataWrapper.class) .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomDate, randomPlaceOfBirth, + Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomBirthDate, randomPlaceOfBirth, randomBirthName)) .thenReturn(Collections.singletonList(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, - randomFamilyName, randomDate, randomPlaceOfBirth, randomBirthName, null, null))); + randomFamilyName, randomBirthDate, randomPlaceOfBirth, randomBirthName, null, null))); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); task = new InitialSearchTask( Collections.singletonList(new DeSpecificDetailSearchProcessor(ernpClient, zmrClient)), @@ -314,18 +312,18 @@ public class InitialSearchTaskTest { String newRandomBpk = randomBpk + RandomStringUtils.randomNumeric(6); final AuthenticationResponse response = buildDummyAuthResponseDE(randomGivenName, randomFamilyName, randomPseudonym, - randomDate, randomPlaceOfBirth, randomBirthName); + randomBirthDate, randomPlaceOfBirth, randomBirthName); TestRequestImpl pendingReq1 = new TestRequestImpl(); pendingReq1.getSessionData(AuthProcessDataWrapper.class) .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); ArrayList zmrResultSpecific = new ArrayList<>(); zmrResultSpecific.add( - new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate, + new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate, randomPlaceOfBirth, randomBirthName, null, null)); - zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName, randomFamilyName, randomDate, + zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName, randomFamilyName, randomBirthDate, randomPlaceOfBirth, randomBirthName, null, null)); - Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomDate, randomPlaceOfBirth, + Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomBirthDate, randomPlaceOfBirth, randomBirthName)).thenReturn(zmrResultSpecific); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); task = new InitialSearchTask( @@ -354,11 +352,11 @@ public class InitialSearchTaskTest { ArrayList zmrResultSpecific = new ArrayList<>(); String randomPseudonym = IT_ST + randomIdentifier + "4"; zmrResultSpecific.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName, - randomFamilyName, randomDate, null, null, randomTaxNumber, null)); + randomFamilyName, randomBirthDate, null, null, randomTaxNumber, null)); String newRandomPseudonym = IT_ST + randomIdentifier + "5"; String newRandomBpk = RandomStringUtils.randomNumeric(6); zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName, - randomFamilyName, randomDate, null, null, randomTaxNumber, null)); + randomFamilyName, randomBirthDate, null, null, randomTaxNumber, null)); Mockito.when(zmrClient.searchItSpecific(randomTaxNumber)).thenReturn(zmrResultSpecific); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); task = new InitialSearchTask( @@ -373,11 +371,11 @@ public class InitialSearchTaskTest { } /** - * NO match found in ZMR and ErnP with Initial search + * NO match found in ZMR and ErnP with Initial and MDS search */ @Test @DirtiesContext - public void testNode105_TemporaryEnd() throws TaskExecutionException { + public void testNode505_TransitionToErnbTask() throws TaskExecutionException { Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); @@ -386,18 +384,99 @@ public class InitialSearchTaskTest { String bPk = (String) pendingReq.getSessionData(AuthProcessDataWrapper.class) .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); - Assert.assertEquals("Wrong bpk", "TODO-Temporary-Endnode-105", bPk); + Assert.assertEquals("Wrong bpk", null, bPk); + + Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK); + Assert.assertEquals("Wrong transition", null, transitionGUI); + Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK); + Assert.assertEquals("Wrong transition", true, transitionErnb); + } + + /** + * NO match found in ZMR and ErnP with Initial search, one match with MDS search in Ernb + */ + @Test + @DirtiesContext + public void testNode505_TransitionToGUI_Ernb() throws TaskExecutionException { + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); + + Mockito.when(ernpClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn( + Collections.singletonList( + new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate))); + + task.execute(pendingReq, executionContext); + + String bPk = (String) + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + Assert.assertEquals("Wrong bpk", null, bPk); + Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK); + Assert.assertEquals("Wrong transition", true, transitionGUI); + Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK); + Assert.assertEquals("Wrong transition", null, transitionErnb); + } + + /** + * NO match found in ZMR and ErnP with Initial search, one match with MDS search in ZMR + */ + @Test + @DirtiesContext + public void testNode505_TransitionToGUI_Zmr() throws TaskExecutionException { + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); + + Mockito.when(zmrClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn( + Collections.singletonList( + new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate))); + + task.execute(pendingReq, executionContext); + + String bPk = (String) + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + Assert.assertEquals("Wrong bpk", null, bPk); + Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK); + Assert.assertEquals("Wrong transition", true, transitionGUI); + Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK); + Assert.assertEquals("Wrong transition", null, transitionErnb); } + /** + * NO match found in ZMR and ErnP with Initial search, multiple matches found with MDS search + */ + @Test + @DirtiesContext + public void testNode505_TransitionToGUI_Ernb_multi() throws TaskExecutionException { + Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); + ArrayList ernbResult = new ArrayList<>(); + ernbResult.add(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, + randomBirthDate)); + ernbResult.add(new RegisterResult(randomBpk+"1", randomIdentifier, randomGivenName, randomFamilyName, + randomBirthDate)); + Mockito.when(ernpClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn(ernbResult); + + task.execute(pendingReq, executionContext); + + String bPk = (String) + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + Assert.assertEquals("Wrong bpk", null, bPk); + Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK); + Assert.assertEquals("Wrong transition", true, transitionGUI); + Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK); + Assert.assertEquals("Wrong transition", null, transitionErnb); + } @NotNull private AuthenticationResponse buildDummyAuthResponseRandomPerson() throws URISyntaxException { - return buildDummyAuthResponse(randomGivenName, randomFamilyName, DE_ST + randomIdentifier, randomDate); + return buildDummyAuthResponse(randomGivenName, randomFamilyName, DE_ST + randomIdentifier, randomBirthDate); } private AuthenticationResponse buildDummyAuthResponseRandomPersonIT_Tax(String taxNumber) throws URISyntaxException { - return buildDummyAuthResponse(randomGivenName, randomFamilyName, IT_ST + randomIdentifier, randomDate, + return buildDummyAuthResponse(randomGivenName, randomFamilyName, IT_ST + randomIdentifier, randomBirthDate, taxNumber, null, null); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java index d0ab50f4..35f1a91b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java @@ -54,8 +54,11 @@ import eu.eidas.auth.commons.light.impl.LightRequest.Builder; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(locations = { "/SpringTest-context_tasks_test.xml", - "/SpringTest-context_basic_realConfig.xml"}) -@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties"}) + "/SpringTest-context_basic_realConfig.xml", + //"/SpringTest-context_basic_mapConfig.xml" + }) +@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties", "classpath:/config" + + "/junit_config_1_springboot.properties"}) @DirtiesContext(classMode = ClassMode.AFTER_CLASS) public class EidasRequestPreProcessingFirstTest { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml index 5a7f4161..ed636eed 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml @@ -102,4 +102,31 @@ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask" scope="prototype" /> + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties index a662379c..df64b494 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties @@ -114,4 +114,36 @@ eidas.ms.configuration.sp.disableRegistrationRequirement= eidas.ms.configuration.restrictions.baseID.spTransmission= eidas.ms.configuration.auth.default.countrycode= eidas.ms.configuration.pvp.scheme.validation= -eidas.ms.configuration.pvp.enable.entitycategories= \ No newline at end of file +eidas.ms.configuration.pvp.enable.entitycategories= + + + + +## PVP2 S-Profile ID Austria client configuration + +eidas.ms.modules.idaustriaclient.keystore.path=../keystore/junit_test.jks +eidas.ms.modules.idaustriaclient.keystore.password=password +eidas.ms.modules.idaustriaclient.keystore.type=jks + +eidas.ms.modules.idaustriaclient.metadata.sign.alias=meta +eidas.ms.modules.idaustriaclient.metadata.sign.password=password +eidas.ms.modules.idaustriaclient.request.sign.alias=sig +eidas.ms.modules.idaustriaclient.request.sign.password=password +eidas.ms.modules.idaustriaclient.response.encryption.alias=enc +eidas.ms.modules.idaustriaclient.response.encryption.password=password + +eidas.ms.modules.idaustriaclient.truststore.path=../keystore/junit_test.jks +eidas.ms.modules.idaustriaclient.truststore.password=password +eidas.ms.modules.idaustriaclient.truststore.type=jks + +eidas.ms.modules.idaustriaclient.node.entityId= +eidas.ms.modules.idaustriaclient.sp.entityId= +eidas.ms.modules.idaustriaclient.node.metadataUrl= + +eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit +eidas.ms.modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.modules.idaustriaclient.metadata.organisation.url=http://junit.test +eidas.ms.modules.idaustriaclient.metadata.contact.givenname=Max +eidas.ms.modules.idaustriaclient.metadata.contact.surname=Mustermann +eidas.ms.modules.idaustriaclient.metadata.contact.email=max@junit.test + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties new file mode 100644 index 00000000..fc0c7241 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties @@ -0,0 +1,119 @@ +## embbeded Tomcat +tomcat.workingdir=./target/work +tomcat.ajp.enabled=true +tomcat.ajp.port=8009 +tomcat.ajp.networkAddress=127.0.0.1 +tomcat.ajp.additionalAttributes.secretrequired=true +tomcat.ajp.additionalAttributes.secret=junit + +## Basic service configuration +eidas.ms.context.url.prefix=http://localhost +eidas.ms.core.configRootDir=file:./src/test/resources/config/ + +eidas.ms.context.use.clustermode=true + +##Monitoring +eidas.ms.monitoring.eIDASNode.metadata.url=http://localhost:40900/mockup + +## extended validation of pending-request Id's +eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret + +## eIDAS Ref. Implementation connector ### +eidas.ms.auth.eIDAS.node_v2.forward.endpoint=http://eidas.node/junit + +eidas.ms.auth.eIDAS.szrclient.useTestService=true +eidas.ms.auth.eIDAS.szrclient.endpoint.prod= +eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/junit.jks +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password=password +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password= + +#tech. AuthBlock signing for E-ID process +eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s +eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair +eidas.ms.auth.eIDAS.authblock.keystore.path=keys/teststore.jks +eidas.ms.auth.eIDAS.authblock.keystore.type=jks +eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair +eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s + + +#Raw eIDAS Id data storage +eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true +eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false + + + +## PVP2 S-Profile end-point configuration +eidas.ms.pvp2.keystore.type=jks +eidas.ms.pvp2.keystore.path=keys/junit.jks +eidas.ms.pvp2.keystore.password=password +eidas.ms.pvp2.key.metadata.alias=meta +eidas.ms.pvp2.key.metadata.password=password +eidas.ms.pvp2.key.signing.alias=sig +eidas.ms.pvp2.key.signing.password=password +eidas.ms.pvp2.metadata.validity=24 + +eidas.ms.pvp2.metadata.organisation.name=JUnit +eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.pvp2.metadata.organisation.url=http://junit.test +eidas.ms.pvp2.metadata.contact.givenname=Max +eidas.ms.pvp2.metadata.contact.surname=Mustermann +eidas.ms.pvp2.metadata.contact.email=max@junit.test + +## Service Provider configuration +eidas.ms.sp.0.uniqueID=https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata +eidas.ms.sp.0.pvp2.metadata.truststore=keys/junit.jks +eidas.ms.sp.0.pvp2.metadata.truststore.password=password +eidas.ms.sp.0.friendlyName=jUnit test +eidas.ms.sp.0.newEidMode=true + +#eidas.ms.sp.0.pvp2.metadata.url= +#eidas.ms.sp.0.policy.allowed.requested.targets=.* +#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false + +## Service Provider configuration +eidas.ms.sp.1.uniqueID=https://demo.egiz.gv.at/junit_test +eidas.ms.sp.1.pvp2.metadata.truststore=keys/junit.jks +eidas.ms.sp.1.pvp2.metadata.truststore.password=password +eidas.ms.sp.1.friendlyName=jUnit test +eidas.ms.sp.1.pvp2.metadata.url=http://junit.test/metadata +eidas.ms.sp.1.policy.allowed.requested.targets=test +eidas.ms.sp.1.policy.hasBaseIdTransferRestriction=true + +## PVP2 S-Profile client configuration +#eidas.ms.modules.idaustriaclient.keystore.type=jks +#eidas.ms.modules.idaustriaclient.keystore.path=keys/junit.jks1 +#eidas.ms.modules.idaustriaclient.keystore.password=password +#eidas.ms.modules.idaustriaclient.key.metadata.alias=meta +#eidas.ms.modules.idaustriaclient.key.metadata.password=password +#eidas.ms.modules.idaustriaclient.key.signing.alias=sig +#eidas.ms.modules.idaustriaclient.key.signing.password=password +#eidas.ms.modules.idaustriaclient.metadata.validity=24 + +eidas.ms.modules.idaustriaclient.keystore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaclient.keystore.password=password +eidas.ms.modules.idaustriaclient.keystore.type=jks + +eidas.ms.modules.idaustriaclient.metadata.sign.alias=meta +eidas.ms.modules.idaustriaclient.metadata.sign.password=password +eidas.ms.modules.idaustriaclient.request.sign.alias=sig +eidas.ms.modules.idaustriaclient.request.sign.password=password +eidas.ms.modules.idaustriaclient.response.encryption.alias=enc +eidas.ms.modules.idaustriaclient.response.encryption.password=password + +eidas.ms.modules.idaustriaclient.truststore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaclient.truststore.password=password +eidas.ms.modules.idaustriaclient.truststore.type=jks + +eidas.ms.modules.idaustriaclient.node.entityId= +eidas.ms.modules.idaustriaclient.sp.entityId= +eidas.ms.modules.idaustriaclient.node.metadataUrl= + +eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit +eidas.ms.modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.modules.idaustriaclient.metadata.organisation.url=http://junit.test +eidas.ms.modules.idaustriaclient.metadata.contact.givenname=Max +eidas.ms.modules.idaustriaclient.metadata.contact.surname=Mustermann +eidas.ms.modules.idaustriaclient.metadata.contact.email=max@junit.test + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/junit_test.jks b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/junit_test.jks new file mode 100644 index 00000000..ee6254a9 Binary files /dev/null and b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/junit_test.jks differ diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/teststore.jks b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/teststore.jks new file mode 100644 index 00000000..fcc6400c Binary files /dev/null and b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/teststore.jks differ diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/junit_test.jks b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/junit_test.jks new file mode 100644 index 00000000..ee6254a9 Binary files /dev/null and b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/junit_test.jks differ diff --git a/pom.xml b/pom.xml index 2f880664..edb31076 100644 --- a/pom.xml +++ b/pom.xml @@ -141,6 +141,16 @@ eaaf_module_pvp2_idp ${eaaf-core.version} + + at.gv.egiz.eaaf + eaaf_module_pvp2_core + ${eaaf-core.version} + + + at.gv.egiz.eaaf + eaaf_module_pvp2_sp + ${eaaf-core.version} + at.asitplus.eidas.ms_specific ms_specific_connector @@ -344,12 +354,6 @@ test test-jar - - at.gv.egiz.eaaf - eaaf_module_pvp2_sp - ${eaaf-core.version} - test - at.asitplus.eidas.ms_specific connector_lib -- cgit v1.2.3 From 6e16e4bbddf6dcddf2ed7b25fd55b41adfa4a08c Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Fri, 5 Feb 2021 11:58:12 +0100 Subject: added test for ReceiveLoginMethodGuiResponse --- .../specific/modules/auth/eidas/v2/Constants.java | 2 + .../IdAustriaClientAuthMetadataController.java | 6 +- .../auth/eidas/v2/tasks/GenerateGuiTask.java | 76 ----------- .../eidas/v2/tasks/GenerateLoginMethodGuiTask.java | 76 +++++++++++ .../eidas/v2/tasks/ReceiveGuiResponseTask.java | 88 ------------- .../tasks/ReceiveLoginMethodGuiResponseTask.java | 95 ++++++++++++++ .../src/main/resources/eidas_v2_auth.beans.xml | 4 +- .../ReceiveLoginMethodGuiResponseTaskTest.java | 139 +++++++++++++++++++++ .../resources/SpringTest-context_tasks_test.xml | 4 +- 9 files changed, 319 insertions(+), 171 deletions(-) delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateGuiTask.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateLoginMethodGuiTask.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveLoginMethodGuiResponseTask.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveLoginMethodGuiResponseTaskTest.java (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index ba57b28e..b603774b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -188,4 +188,6 @@ public class Constants { public static final String TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK = "TASK_GenerateMobilePhoneSignatureRequestTask"; public static final String TRANSITION_TO_GENERATE_EIDAS_LOGIN = "TASK_TODO"; + + public static final String REQ_SELECTED_LOGIN_METHOD_PARAMETER = "loginSelection"; } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java index a2966c7e..0f3c1281 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java @@ -79,7 +79,7 @@ public class IdAustriaClientAuthMetadataController extends AbstractController { // initialize metadata builder configuration final IdAustriaClientAuthMetadataConfiguration metadataConfig = new IdAustriaClientAuthMetadataConfiguration(authUrl, credentialProvider, pvpConfiguration); - metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes()); + metadataConfig.setAdditionalRequiredAttributes(getAdditionalRequiredAttributes()); // build metadata final String xmlMetadata = metadatabuilder.buildPvpMetadata(metadataConfig); @@ -111,7 +111,7 @@ public class IdAustriaClientAuthMetadataController extends AbstractController { throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString }, e); } - + //TODO remove final String idpAuthUrl = authConfig.validateIdpUrl(authReqUrl); if (idpAuthUrl == null) { log.warn("Requested URL: {} is NOT found in configuration.", authReqUrl); @@ -122,7 +122,7 @@ public class IdAustriaClientAuthMetadataController extends AbstractController { return idpAuthUrl; } - private List> getAdditonalRequiredAttributes() { + private List> getAdditionalRequiredAttributes() { final List> result = new ArrayList<>(); // load attributes from configuration diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateGuiTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateGuiTask.java deleted file mode 100644 index 3d77f994..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateGuiTask.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright 2021 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; - -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.asitplus.eidas.specific.connector.gui.StaticGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import lombok.extern.slf4j.Slf4j; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -/** - * Task that searches ErnB and ZMR before adding person to SZR. - * - * @author amarsalek - */ -@Slf4j -@Component("GenerateGuiTask") -public class GenerateGuiTask extends AbstractAuthServletTask { - - @Autowired - ISpringMvcGuiFormBuilder guiBuilder; - @Autowired - IConfiguration basicConfig; - - @Override - public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - try { - final IGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( - basicConfig, - pendingReq, - basicConfig.getBasicConfiguration( - MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_TEMPLATES_OTHER_LOGIN_METHOD_SELECTION, - MsEidasNodeConstants.TEMPLATE_HTML_OTHERLOGINMETHODS), - MsEidasNodeConstants.ENDPOINT_OTHERLOGINMETHODSELECTION, - resourceLoader); - - guiBuilder.build(request, response, config, "Other login methods selection form"); - - } catch (final Exception e) { - log.error("Initial search FAILED.", e); - throw new TaskExecutionException(pendingReq, "Gui creation FAILED.", e); - } - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateLoginMethodGuiTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateLoginMethodGuiTask.java new file mode 100644 index 00000000..9c94b036 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateLoginMethodGuiTask.java @@ -0,0 +1,76 @@ +/* + * Copyright 2021 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.connector.gui.StaticGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * Task that searches ErnB and ZMR before adding person to SZR. + * + * @author amarsalek + */ +@Slf4j +@Component("GenerateGuiTask") +public class GenerateLoginMethodGuiTask extends AbstractAuthServletTask { + + @Autowired + ISpringMvcGuiFormBuilder guiBuilder; + @Autowired + IConfiguration basicConfig; + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + final IGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( + basicConfig, + pendingReq, + basicConfig.getBasicConfiguration( + MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_TEMPLATES_OTHER_LOGIN_METHOD_SELECTION, + MsEidasNodeConstants.TEMPLATE_HTML_OTHERLOGINMETHODS), + MsEidasNodeConstants.ENDPOINT_OTHERLOGINMETHODSELECTION, + resourceLoader); + + guiBuilder.build(request, response, config, "Other login methods selection form"); + + } catch (final Exception e) { + log.error("Initial search FAILED.", e); + throw new TaskExecutionException(pendingReq, "Gui creation FAILED.", e); + } + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java deleted file mode 100644 index f8f22ce2..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright 2021 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import lombok.extern.slf4j.Slf4j; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.commons.lang3.StringUtils; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.util.Enumeration; - -/** - * Task that searches ErnB and ZMR before adding person to SZR. - * - * @author amarsalek - */ -@Slf4j -@Component("ReceiveGuiResponseTask") -public class ReceiveGuiResponseTask extends AbstractAuthServletTask { - - final String loginMethod = "loginSelection"; - - @Override - public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - try { - // set parameter execution context - final Enumeration reqParamNames = request.getParameterNames(); - while (reqParamNames.hasMoreElements()) { - final String paramName = reqParamNames.nextElement(); - if (StringUtils.isNotEmpty(paramName) - && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) - && loginMethod.equalsIgnoreCase(paramName)) { - String value = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); - SelectedLoginMethod selection = SelectedLoginMethod.valueOf(value); - executionContext.put(loginMethod, selection); - switch (selection) { - case EIDAS_LOGIN: - executionContext.put(Constants.TRANSITION_TO_GENERATE_EIDAS_LOGIN, true); - break; - case MOBILE_PHONE_SIGNATURE_LOGIN: - executionContext.put(Constants.TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK, true); - break; - case NO_OTHER_LOGIN: - executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); - break; - default: - throw new InvalidUserInputException(); - } - } - } - } catch (final Exception e) { - log.error("Parsing selected login method FAILED.", e); - throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.", e); - } - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveLoginMethodGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveLoginMethodGuiResponseTask.java new file mode 100644 index 00000000..266198e5 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveLoginMethodGuiResponseTask.java @@ -0,0 +1,95 @@ +/* + * Copyright 2021 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang3.StringUtils; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.Enumeration; + +/** + * Task that searches ErnB and ZMR before adding person to SZR. + * + * @author amarsalek + */ +@Slf4j +@Component("ReceiveGuiResponseTask") +public class ReceiveLoginMethodGuiResponseTask extends AbstractAuthServletTask { + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + int found = 0; + try { + // set parameter execution context + final Enumeration reqParamNames = request.getParameterNames(); + while (reqParamNames.hasMoreElements()) { + final String paramName = reqParamNames.nextElement(); + if (StringUtils.isNotEmpty(paramName) + && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) + && Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER.equalsIgnoreCase(paramName)) { + String value = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); + SelectedLoginMethod selection = SelectedLoginMethod.valueOf(value); + executionContext.put(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, selection); + switch (selection) { + case EIDAS_LOGIN: + executionContext.put(Constants.TRANSITION_TO_GENERATE_EIDAS_LOGIN, true); + found++; + break; + case MOBILE_PHONE_SIGNATURE_LOGIN: + executionContext.put(Constants.TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK, true); + found++; + break; + case NO_OTHER_LOGIN: + executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); + found++; + break; + default: + throw new InvalidUserInputException(); + } + } + } + } catch (final Exception e) { + log.error("Parsing selected login method FAILED.", e); + throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.", e); + } + if (found != 1) { + log.error("Parsing selected login method FAILED."); + throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.", + new InvalidUserInputException()); + } + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 5897fc78..b5001d77 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -111,7 +111,7 @@ scope="prototype" /> Date: Fri, 12 Feb 2021 14:31:04 +0100 Subject: tests working, added IdAustriaClientAuthSignalController --- .../checks/spotbugs-exclude.xml | 6 + .../eidas/v2/dao/SimpleMobileSignatureData.java | 29 ++-- .../idaustriaclient/EidasAuthEventConstants.java | 10 -- .../IdAustriaClientAuthEventConstants.java | 7 + .../IdAustriaClientAuthSignalController.java | 95 ++++++++++++++ ...eSignatureResponseAndSearchInRegistersTask.java | 13 +- .../src/main/resources/eidas_v2_auth.beans.xml | 3 + ...natureResponseAndSearchInRegistersTaskTest.java | 5 +- .../resources/SpringTest-context_tasks_test.xml | 2 + .../Response_with_wrong_destination_endpoint.xml | 8 +- .../data/idp_metadata_classpath_entity1.xml | 146 +++++++++++++++++++++ 11 files changed, 284 insertions(+), 40 deletions(-) delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthEventConstants.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_classpath_entity1.xml (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/eidas_modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml b/eidas_modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml index 375f73f4..7d7467aa 100644 --- a/eidas_modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml +++ b/eidas_modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml @@ -10,6 +10,12 @@ + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java index 254b8c70..2a7beb3b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java @@ -23,8 +23,6 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; -import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; import lombok.Data; @Data @@ -37,30 +35,21 @@ public class SimpleMobileSignatureData { private String familyName; private String dateOfBirth; - - public boolean equalsSimpleEidasData(SimpleEidasData result) { - if (!result.getGivenName().equals(givenName)) { + /** + * Compares the received authentication data from the mobile phone signature with the eid data received via eIDAS. + * @param simpleEidasData The extracted eIDAS data + * @return Returns true, if the eIDAS data matches the mobile phone signature data and false otherwise. + */ + public boolean equalsSimpleEidasData(SimpleEidasData simpleEidasData) { + if (!simpleEidasData.getGivenName().equals(givenName)) { return false; } - if (!result.getFamilyName().equals(familyName)) { + if (!simpleEidasData.getFamilyName().equals(familyName)) { return false; } - if (!result.getDateOfBirth().equals(dateOfBirth)) { + if (!simpleEidasData.getDateOfBirth().equals(dateOfBirth)) { return false; } return true; } - - private boolean equals(String a, String b) { - if (a == null && b == null) { - return true; - } - if (a == null) { - return false; - } - if (b == null) { - return false; - } - return a.equals(b); - } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java deleted file mode 100644 index bca04369..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java +++ /dev/null @@ -1,10 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; - -public class EidasAuthEventConstants { - - public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_SELECTED = 6200; - public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_REQUESTED = 6201; - public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED = 6202; - public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR = 6203; - public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID = 6204; -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthEventConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthEventConstants.java new file mode 100644 index 00000000..03e570fc --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthEventConstants.java @@ -0,0 +1,7 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +public class IdAustriaClientAuthEventConstants { + + public static final int AUTHPROCESS_ID_AUSTRIA_RESPONSE_RECEIVED = 6202; + public static final int AUTHPROCESS_ID_AUSTRIA_RESPONSE_RECEIVED_ERROR = 6203; +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java new file mode 100644 index 00000000..5906c7b9 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java @@ -0,0 +1,95 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.apache.commons.text.StringEscapeUtils; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import lombok.extern.slf4j.Slf4j; + +/** + * IdAustria client controller that receives the response from national + * IdAustria node. + * + * @author tlenz + * + */ +@Slf4j +@Controller +public class IdAustriaClientAuthSignalController extends AbstractProcessEngineSignalController { + + public static final String HTTP_PARAM_RELAYSTATE = "RelayState"; + + /** + * Default constructor with logging. + * + */ + public IdAustriaClientAuthSignalController() { + super(); + log.debug("Registering servlet " + getClass().getName() + + " with mappings '" + IdAustriaClientAuthConstants.ENDPOINT_POST + + "' and '" + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT + "'."); + + } + + /** + * HTTP end-point for incoming SAML2 Response from ID Austria node. + * + * @param req HTTP request + * @param resp HTTP response + * @throws IOException In case of a HTTP communication error + * @throws EaafException In case of a state-validation problem + */ + @RequestMapping(value = { IdAustriaClientAuthConstants.ENDPOINT_POST, + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT }, + method = { RequestMethod.POST, RequestMethod.GET }) + public void performAuthentication(HttpServletRequest req, HttpServletResponse resp) + throws IOException, EaafException { + signalProcessManagement(req, resp); + + } + + /** + * Read the PendingRequestId from SAML2 RelayState parameter. + */ + @Override + public String getPendingRequestId(HttpServletRequest request) { + String relayState = StringEscapeUtils.escapeHtml4(request.getParameter(HTTP_PARAM_RELAYSTATE)); + if (StringUtils.isNotEmpty(relayState)) { + try { + String pendingReqId = transactionStorage.get(relayState, String.class); + if (StringUtils.isNotEmpty(pendingReqId)) { + + return pendingReqId; + + } else { + log.info("SAML2 RelayState from request is unknown. Can NOT restore session ... "); + + } + + } catch (EaafException e) { + log.error("Can NOT map SAML2 RelayState to pendingRequestId", e); + + } finally { + transactionStorage.remove(relayState); + + } + + } else { + log.info("No SAML2 relaystate. Can NOT restore session ... "); + + } + + return null; + + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java index 101e7c29..1dc8befd 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java @@ -31,13 +31,12 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleMobileSignatur import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.EidasAuthEventConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthEventConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; @@ -195,8 +194,9 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends final AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(processedMsg.getFirst().getResponse()); - SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData); - if(!simpleMobileSignatureData.equalsSimpleEidasData(eidData)) { + SimpleMobileSignatureData simpleMobileSignatureData = + getAuthDataFromInterfederation(extractor, authProcessData); + if (!simpleMobileSignatureData.equalsSimpleEidasData(eidData)) { //User cheated? throw new InvalidUserInputException();//TODO } @@ -273,7 +273,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends msg.setSamlMessage(Saml2Utils.asDomDocument(samlResp).getDocumentElement()); revisionsLogger.logEvent(pendingReq, - EidasAuthEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED, + IdAustriaClientAuthEventConstants.AUTHPROCESS_ID_AUSTRIA_RESPONSE_RECEIVED, samlResp.getID()); return Pair.newInstance(msg, false); @@ -289,7 +289,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends } revisionsLogger.logEvent(pendingReq, - EidasAuthEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR); + IdAustriaClientAuthEventConstants.AUTHPROCESS_ID_AUSTRIA_RESPONSE_RECEIVED_ERROR); throw new AuthnResponseValidationException(ERROR_PVP_05, new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, samlResp.getIssuer().getValue(), @@ -320,7 +320,6 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends List requiredAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES; SimpleMobileSignatureData simpleMobileSignatureData = new SimpleMobileSignatureData(); - String bpk = null; try { // check if all attributes are include if (!extractor.containsAllRequiredAttributes(requiredAttributes)) { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index b5001d77..019cb03c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -143,6 +143,9 @@ + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java index fbf011b1..550c2f13 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java @@ -68,6 +68,7 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException; public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml"; + private static final String METADATA_PATH1 = "classpath:/data/idp_metadata_classpath_entity1.xml"; private static final String TEST_SIGNED_AUTHBLOCK = "MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQG" + "EwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMw" + "MDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0" @@ -328,9 +329,11 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( METADATA_PATH, null, "jUnit IDP", null)); + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH1, null, "jUnit IDP", null)); final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml1", + "classpath:/data/idp_metadata_classpath_entity1.xml", "/data/Response_without_sig_classpath_entityid.xml", credentialProvider.getMessageSigningCredential(), true); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml index df7ce85f..da64d25d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml @@ -128,5 +128,7 @@ + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_wrong_destination_endpoint.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_wrong_destination_endpoint.xml index cac4c867..c21381d9 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_wrong_destination_endpoint.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_wrong_destination_endpoint.xml @@ -1,5 +1,7 @@ - + classpath:/data/idp_metadata_classpath_entity.xml @@ -9,7 +11,9 @@ QVGm48cqcM4UcyhDTNGYmVdrIoY= - + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_classpath_entity1.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_classpath_entity1.xml new file mode 100644 index 00000000..cde66c78 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_classpath_entity1.xml @@ -0,0 +1,146 @@ + + + + + + + MIIDMzCCAhsCBFtIcPowDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH + SVoxJDAiBgNVBAsMG2NlbnRyYWwgbmF0aW9uYWwgZUlEQVMgbm9kZTEaMBgGA1UEAwwRQXNzZXJ0 + aW9uIHNpZ25pbmcwHhcNMTgwNzEzMDkyOTMwWhcNMjEwNDA3MDkyOTMwWjBeMQswCQYDVQQGEwJB + VDENMAsGA1UECgwERUdJWjEkMCIGA1UECwwbY2VudHJhbCBuYXRpb25hbCBlSURBUyBub2RlMRow + GAYDVQQDDBFBc3NlcnRpb24gc2lnbmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB + AJ5zDYxMPRcz6AHaev1tS46Tq8sdgbGFM56uxk6c7LmMDC+HTzNX/3Q5S/YwSzgL3ue5TSw1ltOf + yMXMZ6D0+buWWcsxGEkQ8M3adKRFdQrEwafzwTA7pguq5WiHOkr4qwR7dLMome9z5cc3LRcwdOPP + gq7ahb5jM3hRqc5xkMWIuvql0NFXPzlHrjDLwy5nIWPOhL5abhVt4YsXbpbjXxFSGkDEAZ32K3EU + LNBr9FSUmJfbrVX9AU2T+BKIwiqXP8e/3UJHgPHQ0l5ljWp5P6u5+tvM21o8sUM4eArRa8BkdRsP + C92GVuASSUz2ZJ3JhAK1cSM8bnvaZVLQtTvPMAcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAp7z + TubWXW6YMpyLSvWBdZiiQ3X66XpSZLZJDIAkoPzEY0DSBp8I5YASIx4JTR5XJt+6MI9acgNIAYW8 + DhtRwUMVaRWEtuCrfKhGLWm5KSxnhPcD3lzRZhY4ZcA7dUlirjf6hnqo2TFEmJ9fkM+rxwy1GkDD + 7j2YDSOFmSq9/Ud9/IbIfSnRu/lO0dh7iRrmg3y0Y/+plPxYmp4AHqehP11OchTz2FGGHVsSC2Vs + IVBQI6ANZYyOlicgfEEFHA06jP9OnA0EwEFr2P+di9caZg8vfibyzxMGeuf6CY0c0eLHokBCn2W8 + vkzvWiER3pozRvCmXFjCVZfRjUunaJf2ow== + + + + MIIC+DCCAeCgAwIBAgIEXh7TbTANBgkqhkiG9w0BAQsFADA+MQswCQYDVQQGEwJB + VDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxEDAOBgNVBAMMB3NpZ25p + bmcwHhcNMjAwMTE1MDg1NTA5WhcNMjkwMTE0MDg1NTA5WjA+MQswCQYDVQQGEwJB + VDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxEDAOBgNVBAMMB3NpZ25p + bmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUSiRjnDvPafZfhJ+L + 1wM86FKJX3VIAV/8TD9qJ6HOBkn5WwYfpheyCfRb6XVDyIGpO8qnMWAgC17Ngbmh + zj8d8HXNQ2l3uppMv24oUTfXyYhQfZWAghx0sTlRIx/ZmlnduJilx2S53Sa7ruJw + lQcBFXj9h9B8dtyegc86Sx6D9BumP1xU7+mEBk8Gv9rR5Khg0Y7qGfZWB0t4aikg + aupWveVwiGifOOSfR8czqIg9qUpMYfZiTEBTSRmN6sPiNWhd4J0GyAI9Rn5C9jz/ + sSlQrxpN+4DXzsqSU5F6gzq3yRux6wyOzDlt2birf21VPQ9HIy4YCjZXwgDWG7AO + 821pAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADnwdaxUtQU6SIpYwIb2c0ljTmQi + 7ryUcUpNHtK0M0E5Mw5Ex8zwrWbNQZ2sUyc4r07M66iOIqHsYZUQlRYvVKHifDpA + r8TCgD7iGGdB3By8Ou0RaNW+03w1fwmi98CufbHCGvpv0o2KxlejoHZminNdQ79i + bN+01nhocezJQATEQlnwHLiQSjilXpZeLYDk8HbrcUXNRxezN4ChdH+uU54vf+Ux + qcj9QHcmBe1+BM8EXfqS1DbTwZl+NTCnh5OYl8fvIFSOHMBxwFrI4pyY0faxg9Uc + rCogn/oQ+mV1gnVUDaDhvvEnVGZQtrlt7heVId2BeNellVgsrcmdW8j4U9U= + + + + MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDEN + MAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRh + MB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQx + DTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0 + YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SY + O4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYI + KoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImn + AiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA== + + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + + + + + + + + + + + + + + + + + + + + -- cgit v1.2.3 From 6017e30de786ab9defab7eaef53ec8da5f606ee9 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Fri, 19 Feb 2021 16:14:31 +0100 Subject: refactoring of ID Austria connection client and add/update of jUnit tests --- .../checks/spotbugs-exclude.xml | 2 +- eidas_modules/authmodule-eIDAS-v2/pom.xml | 41 +- .../specific/modules/auth/eidas/v2/Constants.java | 2 + .../EidasAuthenticationSpringResourceProvider.java | 6 +- .../v2/config/EidasConnectorMessageSource.java | 21 + .../IdAustriaAuthPvpConfiguration.java | 121 ----- .../IdAustriaClientAuthConstants.java | 55 +- .../IdAustriaClientAuthCredentialProvider.java | 130 ----- .../IdAustriaClientAuthMetadataConfiguration.java | 18 +- .../IdAustriaClientAuthMetadataController.java | 118 ----- .../IdAustriaClientAuthMetadataProvider.java | 169 ------ .../IdAustriaClientAuthSignalController.java | 96 ---- .../IdAustriaClientAuthMetadataController.java | 122 +++++ .../IdAustriaClientAuthSignalController.java | 95 ++++ .../IdAustriaClientAuthCredentialProvider.java | 132 +++++ .../provider/IdAustriaClientAuthHealthCheck.java | 56 ++ .../IdAustriaClientAuthMetadataProvider.java | 169 ++++++ .../GenerateMobilePhoneSignatureRequestTask.java | 91 +--- ...eSignatureResponseAndSearchInRegistersTask.java | 154 +++--- .../src/main/resources/eidas_v2_auth.beans.xml | 60 +-- .../eidas_v2_auth_ref_impl_config.beans.xml | 39 ++ .../messages/eidas_connector_message.properties | 15 + .../config/EidasConnectorMessageSourceTest.java | 43 ++ .../IdAustriaAuthSignalControllerTest.java | 197 +++++++ .../IdAustriaClientAuthHealthCheckTest.java | 128 +++++ .../IdAustriaClientAuthMetadataControllerTest.java | 44 +- ...AustriaClientAuthMetadataProviderFirstTest.java | 238 +++++++++ ...ustriaClientAuthMetadataProviderSecondTest.java | 66 +++ .../IdAustriaClientCredentialProviderTest.java | 414 +++++++++++++++ ...enerateMobilePhoneSignatureRequestTaskTest.java | 245 ++++----- ...natureResponseAndSearchInRegistersTaskTest.java | 564 ++++++--------------- .../resources/SpringTest-context_basic_lazy.xml | 24 + .../SpringTest-context_basic_mapConfig1.xml | 24 - .../resources/SpringTest-context_basic_test.xml | 3 + .../resources/SpringTest-context_basic_test1.xml | 63 --- .../resources/SpringTest-context_tasks_test.xml | 104 +--- .../resources/SpringTest-context_tasks_test1.xml | 149 ------ .../resources/config/junit_config_1-.properties | 252 --------- .../resources/config/junit_config_1.properties | 17 +- .../src/test/resources/data/Response_with_EID.xml | 6 +- .../data/Response_with_EID_wrong_data.xml | 46 -- .../test/resources/data/Response_with_legacy.xml | 55 -- .../data/Response_with_legacy_and_EID.xml | 58 --- .../Response_without_sig_classpath_entityid.xml | 6 +- .../data/Response_without_sig_with_error.xml | 6 +- ...sponse_without_sig_with_error_empty_subcode.xml | 6 +- .../Response_without_sig_with_error_userstop.xml | 6 +- ...onse_without_sig_with_error_without_subcode.xml | 6 +- .../data/idp_metadata_classpath_entity1.xml | 146 ------ .../test/resources/data/idp_metadata_no_sig.xml | 46 ++ .../test/resources/data/idp_metadata_no_sig2.xml | 46 ++ .../resources/data/idp_metadata_sig_notvalid.xml | 84 +++ .../data/idp_metadata_sig_valid_wrong_alg.xml | 74 +++ .../src/test/resources/data/sp_metadata_junit.xml | 2 +- .../src/test/resources/keystore/pvp.p12 | Bin 0 -> 5494 bytes pom.xml | 14 + 56 files changed, 2484 insertions(+), 2410 deletions(-) create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/config/EidasConnectorMessageSource.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataProvider.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/controller/IdAustriaClientAuthMetadataController.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/controller/IdAustriaClientAuthSignalController.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthCredentialProvider.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthHealthCheck.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthMetadataProvider.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/config/EidasConnectorMessageSourceTest.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaAuthSignalControllerTest.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthHealthCheckTest.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderFirstTest.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderSecondTest.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientCredentialProviderTest.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_lazy.xml delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_mapConfig1.xml delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test1.xml delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test1.xml delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1-.properties delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID_wrong_data.xml delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy.xml delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy_and_EID.xml delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_classpath_entity1.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_no_sig.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_no_sig2.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_sig_notvalid.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_sig_valid_wrong_alg.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/pvp.p12 (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/eidas_modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml b/eidas_modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml index 7d7467aa..82306a57 100644 --- a/eidas_modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml +++ b/eidas_modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml @@ -12,7 +12,7 @@ - + diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml index 6773cc41..1b2681c3 100644 --- a/eidas_modules/authmodule-eIDAS-v2/pom.xml +++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml @@ -100,6 +100,10 @@ + + org.springframework.boot + spring-boot-starter-actuator + org.apache.commons commons-lang3 @@ -133,6 +137,19 @@ jackson-datatype-jsr310 + + com.fasterxml.jackson.core + jackson-databind + 2.11.2 + compile + + + org.bitbucket.b_c + jose4j + 0.7.2 + + + javax.servlet javax.servlet-api @@ -188,17 +205,23 @@ test-jar - com.fasterxml.jackson.core - jackson-databind - 2.11.2 - compile - + at.gv.egiz.eaaf + eaaf_module_pvp2_core + test + test-jar + - org.bitbucket.b_c - jose4j - 0.7.2 + at.gv.egiz.eaaf + eaaf_module_pvp2_idp + test + test-jar + + + com.squareup.okhttp3 + mockwebserver + test - + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index b603774b..e7190ab4 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -27,6 +27,8 @@ import at.gv.egiz.eaaf.core.api.data.EaafConstants; public class Constants { + public static final String ERRORCODE_00 = "module.eidasauth.00"; + public static final String DATA_REQUESTERID = "req_requesterId"; public static final String DATA_PROVIDERNAME = "req_providerName"; public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationSpringResourceProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationSpringResourceProvider.java index 535e4f97..e5b10185 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationSpringResourceProvider.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationSpringResourceProvider.java @@ -45,8 +45,10 @@ public class EidasAuthenticationSpringResourceProvider implements SpringResource public Resource[] getResourcesToLoad() { final ClassPathResource eidasAuthConfig = new ClassPathResource("/eidas_v2_auth.beans.xml", EidasAuthenticationSpringResourceProvider.class); - - return new Resource[] { eidasAuthConfig }; + final ClassPathResource eidasRefImplConfig = new ClassPathResource("/eidas_v2_auth_ref_impl_config.beans.xml", + EidasAuthenticationSpringResourceProvider.class); + + return new Resource[] { eidasRefImplConfig, eidasAuthConfig }; } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/config/EidasConnectorMessageSource.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/config/EidasConnectorMessageSource.java new file mode 100644 index 00000000..7a9f472a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/config/EidasConnectorMessageSource.java @@ -0,0 +1,21 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.config; + +import java.util.Arrays; +import java.util.List; + +import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; + +/** + * Inject eIDAS Connector specific messages into Spring based message-source. + * + * @author tlenz + * + */ +public class EidasConnectorMessageSource implements IMessageSourceLocation { + + @Override + public List getMessageSourceLocation() { + return Arrays.asList("classpath:/messages/eidas_connector_message"); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java deleted file mode 100644 index 30c8b65f..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java +++ /dev/null @@ -1,121 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; - -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; -import org.apache.commons.lang3.StringUtils; -import org.opensaml.saml.saml2.metadata.ContactPerson; -import org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration; -import org.opensaml.saml.saml2.metadata.EmailAddress; -import org.opensaml.saml.saml2.metadata.GivenName; -import org.opensaml.saml.saml2.metadata.Organization; -import org.opensaml.saml.saml2.metadata.OrganizationDisplayName; -import org.opensaml.saml.saml2.metadata.OrganizationName; -import org.opensaml.saml.saml2.metadata.OrganizationURL; -import org.opensaml.saml.saml2.metadata.SurName; -import org.springframework.beans.factory.annotation.Autowired; - -import java.util.Arrays; -import java.util.List; - -public class IdAustriaAuthPvpConfiguration implements IPvp2BasicConfiguration { - - private static final String DEFAULT_XML_LANG = "en"; - - @Autowired - private IConfiguration basicConfig; - - @Override - public String getIdpEntityId(String authUrl) throws EaafException { - return authUrl + IdAustriaClientAuthConstants.ENDPOINT_METADATA; - - } - - @Override - public String getIdpSsoPostService(String authUrl) throws EaafException { - return null; - - } - - @Override - public String getIdpSsoRedirectService(String authUrl) throws EaafException { - return null; - - } - - @Override - public String getIdpSsoSoapService(String extractAuthUrlFromRequest) throws EaafException { - return null; - - } - - @Override - public List getIdpContacts() throws EaafException { - final ContactPerson contactPerson = Saml2Utils.createSamlObject(ContactPerson.class); - final GivenName givenName = Saml2Utils.createSamlObject(GivenName.class); - final SurName surname = Saml2Utils.createSamlObject(SurName.class); - final EmailAddress emailAddress = Saml2Utils.createSamlObject(EmailAddress.class); - - givenName.setName(getAndVerifyFromConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_GIVENNAME)); - surname.setName(getAndVerifyFromConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_SURNAME)); - emailAddress.setAddress(getAndVerifyFromConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_EMAIL)); - - contactPerson.setType(ContactPersonTypeEnumeration.TECHNICAL); - contactPerson.setGivenName(givenName); - contactPerson.setSurName(surname); - contactPerson.getEmailAddresses().add(emailAddress); - - return Arrays.asList(contactPerson); - - } - - @Override - public Organization getIdpOrganisation() throws EaafException { - final Organization organisation = Saml2Utils.createSamlObject(Organization.class); - final OrganizationName orgName = Saml2Utils.createSamlObject(OrganizationName.class); - final OrganizationDisplayName orgDisplayName = Saml2Utils.createSamlObject(OrganizationDisplayName.class); - final OrganizationURL orgUrl = Saml2Utils.createSamlObject(OrganizationURL.class); - - orgName.setXMLLang(DEFAULT_XML_LANG); - orgName.setValue(getAndVerifyFromConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_NAME)); - - orgDisplayName.setXMLLang(DEFAULT_XML_LANG); - orgDisplayName.setValue(getAndVerifyFromConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME)); - - orgUrl.setXMLLang(DEFAULT_XML_LANG); - orgUrl.setValue(getAndVerifyFromConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_URL)); - - - organisation.getOrganizationNames().add(orgName); - organisation.getDisplayNames().add(orgDisplayName); - organisation.getURLs().add(orgUrl); - - return organisation; - } - - - @Override - public IConfiguration getBasicConfiguration() { - return basicConfig; - - } - - private String getAndVerifyFromConfiguration(String configKey) throws EaafConfigurationException { - final String value = basicConfig.getBasicConfiguration(configKey); - if (StringUtils.isEmpty(value)) { - throw new EaafConfigurationException("module.eidasauth.00", - new Object[]{configKey}); - - } - - return value; - } -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java index 8cbfb5f8..46d0e77d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java @@ -1,21 +1,24 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.impl.data.Triple; - import java.util.ArrayList; import java.util.Collections; import java.util.List; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.impl.data.Triple; + public class IdAustriaClientAuthConstants { private IdAustriaClientAuthConstants() { } - + + public static final String ERRORCODE_02 = "module.eidasauth.idaustria.02"; + public static final String ERRORCODE_05 = "module.eidasauth.idaustria.05"; + public static final String SAML2_STATUSCODE_USERSTOP = "1005"; public static final String MODULE_NAME_FOR_LOGGING = "ID Austria Client"; @@ -25,16 +28,15 @@ public class IdAustriaClientAuthConstants { // public static final String HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION = // AuthHandlerConstants.HTTP_PARAM_EIDAS_PROCESS; - public static final String ENDPOINT_POST = "/idAustriaSp/post"; - public static final String ENDPOINT_REDIRECT = "/idAustriaSp/redirect"; - public static final String ENDPOINT_METADATA = "/idAustriaSp/metadata"; + public static final String ENDPOINT_POST = "/sp/idaustria/post"; + public static final String ENDPOINT_REDIRECT = "/sp/idaustria/redirect"; + public static final String ENDPOINT_METADATA = "/sp/idaustria/metadata"; public static final String CONFIG_PROPS_PREFIX = "modules.idaustriaclient."; public static final String CONFIG_PROPS_KEYSTORE_TYPE = CONFIG_PROPS_PREFIX + "keystore.type"; public static final String CONFIG_PROPS_KEYSTORE_NAME = CONFIG_PROPS_PREFIX + "keystore.name"; public static final String CONFIG_PROPS_KEYSTORE_PATH = CONFIG_PROPS_PREFIX + "keystore.path"; public static final String CONFIG_PROPS_KEYSTORE_PASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; - public static final String CONFIG_PROPS_AUTH_URL = CONFIG_PROPS_PREFIX + "authurl"; public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.password"; public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS = CONFIG_PROPS_PREFIX @@ -57,28 +59,9 @@ public class IdAustriaClientAuthConstants { + "required.additional.attributes"; public static final String CONFIG_PROPS_REQUIRED_LOA = CONFIG_PROPS_PREFIX + "required.loa"; - public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "node.entityId"; - public static final String CONFIG_PROPS_SP_ENTITYID = CONFIG_PROPS_PREFIX + "sp.entityId"; - public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "node.metadataUrl"; - public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID"; - - - public static final String CONFIG_PROPS_METADATA_CONTACT_GIVENNAME = - CONFIG_PROPS_PREFIX + "metadata.contact.givenname"; - public static final String CONFIG_PROPS_METADATA_CONTACT_SURNAME = - CONFIG_PROPS_PREFIX + "metadata.contact.surname"; - public static final String CONFIG_PROPS_METADATA_CONTACT_EMAIL = - CONFIG_PROPS_PREFIX + "metadata.contact.email"; - public static final String CONFIG_PROPS_METADATA_ORGANISATION_NAME = - CONFIG_PROPS_PREFIX + "metadata.organisation.name"; - public static final String CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME = - CONFIG_PROPS_PREFIX + "metadata.organisation.friendyname"; - public static final String CONFIG_PROPS_METADATA_ORGANISATION_URL = - CONFIG_PROPS_PREFIX + "metadata.organisation.url"; - - public static final String CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL = "auth.eidas.node.entityId"; - - + public static final String CONFIG_PROPS_ID_AUSTRIA_ENTITYID = CONFIG_PROPS_PREFIX + "idaustria.idp.entityId"; + public static final String CONFIG_PROPS_ID_AUSTRIA_METADATAURL = CONFIG_PROPS_PREFIX + "idaustria.idp.metadataUrl"; + public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EaafConstants.EIDAS_LOA_HIGH; public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES = @@ -105,16 +88,6 @@ public class IdAustriaClientAuthConstants { add(Triple.newInstance(PvpAttributeDefinitions.BPK_NAME, PvpAttributeDefinitions.BPK_FRIENDLY_NAME, true)); - // entity eID information - // add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME, - // ExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, true)); - // add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME, - // ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, true)); - - //request pII transactionId from MS-Connector - // add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, - // ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_FRIENDLY_NAME, false)); - } }); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java deleted file mode 100644 index 2608cad1..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java +++ /dev/null @@ -1,130 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; - -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; - -import org.springframework.beans.factory.annotation.Autowired; - -/** - * Credential provider for eIDAS PVP S-Profile client. - * - * @author tlenz - * - */ -public class IdAustriaClientAuthCredentialProvider extends AbstractCredentialProvider { - - @Autowired - IConfiguration authConfig; - - private static final String FRIENDLYNAME = "ID Austria authentication"; - - @Override - public KeyStoreConfiguration getBasicKeyStoreConfig() throws EaafConfigurationException { - final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); - keyStoreConfig.setFriendlyName(FRIENDLYNAME); - keyStoreConfig.setKeyStoreType( - authConfig.getBasicConfiguration(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_TYPE, - KeyStoreType.PKCS12.getKeyStoreType())); - keyStoreConfig.setKeyStoreName( - authConfig.getBasicConfiguration(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_NAME)); - keyStoreConfig.setSoftKeyStoreFilePath(getKeyStoreFilePath()); - keyStoreConfig.setSoftKeyStorePassword( - authConfig.getBasicConfiguration(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PASSWORD)); - - return keyStoreConfig; - - } - - private String getKeyStoreFilePath() throws EaafConfigurationException { - final String path = authConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH); - if (path == null) { - throw new EaafConfigurationException("module.eidasauth.00", - new Object[] { IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH }); - - } - return path; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getMetadataKeyAlias() - */ - @Override - public String getMetadataKeyAlias() { - return authConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getMetadataKeyPassword() - */ - @Override - public String getMetadataKeyPassword() { - return authConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getSignatureKeyAlias() - */ - @Override - public String getSignatureKeyAlias() { - return authConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getSignatureKeyPassword() - */ - @Override - public String getSignatureKeyPassword() { - return authConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getEncryptionKeyAlias() - */ - @Override - public String getEncryptionKeyAlias() { - return authConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# - * getEncryptionKeyPassword() - */ - @Override - public String getEncryptionKeyPassword() { - return authConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD); - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java index 4e7f86f1..4527ced4 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java @@ -8,6 +8,14 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import org.opensaml.saml.saml2.core.Attribute; +import org.opensaml.saml.saml2.core.NameIDType; +import org.opensaml.saml.saml2.metadata.ContactPerson; +import org.opensaml.saml.saml2.metadata.Organization; +import org.opensaml.saml.saml2.metadata.RequestedAttribute; +import org.opensaml.security.credential.Credential; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.data.Triple; @@ -16,14 +24,6 @@ import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; - -import org.opensaml.saml.saml2.core.Attribute; -import org.opensaml.saml.saml2.core.NameIDType; -import org.opensaml.saml.saml2.metadata.ContactPerson; -import org.opensaml.saml.saml2.metadata.Organization; -import org.opensaml.saml.saml2.metadata.RequestedAttribute; -import org.opensaml.security.credential.Credential; - import lombok.extern.slf4j.Slf4j; /** @@ -357,7 +357,7 @@ public class IdAustriaClientAuthMetadataConfiguration implements IPvpMetadataBui final Map requestedAttributes = new HashMap<>(); - log.trace("Build required attributes for E-ID operaton ... "); + log.trace("Build required attributes for ID Austria operaton ... "); injectDefinedAttributes(requestedAttributes, IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java deleted file mode 100644 index 00b742dd..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java +++ /dev/null @@ -1,118 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; - - -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; -import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder; -import com.google.common.net.MediaType; -import lombok.extern.slf4j.Slf4j; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; - -/** - * Controller that generates SAML2 metadata for eIDAS authentication client. - * - * @author tlenz - * - */ -@Slf4j -@Controller -public class IdAustriaClientAuthMetadataController extends AbstractController { - - //private static final String ERROR_CODE_INTERNAL_00 = "eaaf.core.00"; - - @Autowired - PvpMetadataBuilder metadatabuilder; - @Autowired - IdAustriaClientAuthCredentialProvider credentialProvider; - @Autowired - IPvp2BasicConfiguration pvpConfiguration; - @Autowired - private IConfiguration basicConfig; - - /** - * Default construction with logging. - * - */ - public IdAustriaClientAuthMetadataController() { - super(); - log.debug("Registering servlet " + getClass().getName() - + " with mappings '" + IdAustriaClientAuthConstants.ENDPOINT_METADATA - + "'."); - - } - - /** - * End-point that produce PVP2 metadata for eIDAS authentication client. - * - * @param req http Request - * @param resp http Response - * @throws IOException In case of an I/O error - * @throws EaafException In case of a metadata generation error - */ - @RequestMapping(value = IdAustriaClientAuthConstants.ENDPOINT_METADATA, - method = { RequestMethod.GET }) - public void getSpMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException, - EaafException { - // check PublicURL prefix - try { - final String authUrl = basicConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_AUTH_URL); - - // initialize metadata builder configuration - final IdAustriaClientAuthMetadataConfiguration metadataConfig = - new IdAustriaClientAuthMetadataConfiguration(authUrl, credentialProvider, pvpConfiguration); - // metadataConfig.setAdditionalRequiredAttributes(getAdditionalRequiredAttributes()); - - // build metadata - final String xmlMetadata = metadatabuilder.buildPvpMetadata(metadataConfig); - - // write response - final byte[] content = xmlMetadata.getBytes("UTF-8"); - resp.setStatus(HttpServletResponse.SC_OK); - resp.setContentLength(content.length); - resp.setContentType(MediaType.XML_UTF_8.toString()); - resp.getOutputStream().write(content); - - } catch (final Exception e) { - log.warn("Build federated-authentication PVP metadata FAILED.", e); - protAuthService.handleErrorNoRedirect(e, req, resp, false); - - } - - } - - - // private List> getAdditionalRequiredAttributes() { - // final List> result = new ArrayList<>(); - // - // // load attributes from configuration - // final Map addReqAttributes = authConfig.getBasicConfigurationWithPrefix( - // IdAustriaClientAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST); - // for (final String el : addReqAttributes.values()) { - // if (StringUtils.isNotEmpty(el)) { - // log.trace("Parse additional attr. definition: " + el); - // final List attr = KeyValueUtils.getListOfCsvValues(el.trim()); - // if (attr.size() == 2) { - // result.add(Pair.newInstance(attr.get(0), Boolean.parseBoolean(attr.get(1)))); - // - // } else { - // log.info("IGNORE additional attr. definition: " + el - // + " Reason: Format not valid"); - // } - // } - // } - // - // return result; - // - // } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataProvider.java deleted file mode 100644 index 46278ad8..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataProvider.java +++ /dev/null @@ -1,169 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; - -import java.io.IOException; -import java.security.KeyStore; -import java.security.Provider; -import java.security.cert.CertificateException; -import java.text.MessageFormat; -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; - -import javax.annotation.PostConstruct; - -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; - -import org.apache.commons.lang3.StringUtils; -import org.opensaml.saml.metadata.resolver.MetadataResolver; -import org.opensaml.saml.metadata.resolver.filter.MetadataFilter; -import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain; -import org.springframework.beans.factory.annotation.Autowired; - -import lombok.extern.slf4j.Slf4j; - -/** - * SAML2 metadata-provider implementation for eIDAS client. - * - * @author tlenz - * - */ -@Slf4j -public class IdAustriaClientAuthMetadataProvider extends AbstractChainingMetadataProvider { - - private static final String FRIENDLYNAME_METADATA_TRUSTSTORE = "'eIDAS_client metadata truststore'"; - private static final String PROVIDER_ID_PATTERN = "eIDAS resolver: {0}"; - public static final String PROVIDER_ID = "'eIDAS_client metadata provider'"; - - @Autowired - private IConfiguration basicConfig; - - @Autowired - private PvpMetadataResolverFactory metadataProviderFactory; - @Autowired - private IHttpClientFactory httpClientFactory; - - @Autowired - private EaafKeyStoreFactory keyStoreFactory; - - private Pair metadataSigningTrustStore; - - @Override - protected String getMetadataUrl(String entityId) throws EaafConfigurationException { - log.trace("eIDAS Auth. uses SAML2 well-known location approach. EntityId is Metadata-URL"); - return entityId; - - } - - @Override - protected MetadataResolver createNewMetadataProvider(String entityId) throws EaafConfigurationException, - IOException, CertificateException { - final List filterList = new ArrayList<>(); - filterList.add(new SchemaValidationFilter(true)); - filterList.add(new SimpleMetadataSignatureVerificationFilter( - metadataSigningTrustStore.getFirst(), entityId)); - - final MetadataFilterChain filter = new MetadataFilterChain(); - filter.setFilters(filterList); - - try { - return metadataProviderFactory.createMetadataProvider(getMetadataUrl(entityId), - filter, - MessageFormat.format(PROVIDER_ID_PATTERN, entityId), - httpClientFactory.getHttpClient()); - - } catch (final Pvp2MetadataException e) { - log.info("Can NOT build metadata provider for entityId: {}", entityId); - throw new EaafConfigurationException("module.eidasauth.04", - new Object[] { entityId, e.getMessage() }, e); - - } - } - - @Override - protected List getAllMetadataUrlsFromConfiguration() throws EaafConfigurationException { - return Collections.emptyList(); - - } - - @Override - protected String getMetadataProviderId() { - return PROVIDER_ID; - - } - - @Override - public void runGarbageCollector() { - log.trace("Garbage collection is NOT supported by: {}", getId()); - } - - @Override - public void doDestroy() { - super.fullyDestroy(); - - } - - @PostConstruct - private void initialize() throws EaafException { - // initialize truststore to validate metadata signing certificates - initializeTrustStore(); - - // load metadata with metadataURL, as backup - initializeFileSystemMetadata(); - - } - - private void initializeFileSystemMetadata() { - try { - final String metadataUrl = basicConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_METADATAURL); - if (StringUtils.isNotEmpty(metadataUrl)) { - log.info("Use not recommended metadata-provider initialization!" - + " SAML2 'Well-Known-Location' is the preferred methode."); - log.info("Initialize 'ms-specific eIDAS node' metadata-provider with URL: {}", metadataUrl); - - addMetadataResolverIntoChain(createNewMetadataProvider(metadataUrl)); - } - - } catch (final EaafConfigurationException | CertificateException | IOException e) { - log.warn("Can NOT inject static eIDAS Node metadata-soure.", e); - log.warn("eIDAS Node communication can be FAIL."); - - } - } - - private void initializeTrustStore() throws EaafException { - // set configuration - final KeyStoreConfiguration trustStoreConfig = new KeyStoreConfiguration(); - trustStoreConfig.setFriendlyName(FRIENDLYNAME_METADATA_TRUSTSTORE); - trustStoreConfig.setKeyStoreType(basicConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_TYPE, - KeyStoreType.JKS.getKeyStoreType())); - trustStoreConfig.setKeyStoreName(basicConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_NAME)); - trustStoreConfig.setSoftKeyStoreFilePath(basicConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_PATH)); - trustStoreConfig.setSoftKeyStorePassword(basicConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_PASSWORD)); - - // validate configuration - trustStoreConfig.validate(); - - // open new TrustStore - metadataSigningTrustStore = keyStoreFactory.buildNewKeyStore(trustStoreConfig); - - } - -} - diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java deleted file mode 100644 index 1aceb88e..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java +++ /dev/null @@ -1,96 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; - - -import java.io.IOException; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang3.StringUtils; -import org.apache.commons.text.StringEscapeUtils; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; -import lombok.extern.slf4j.Slf4j; - -/** - * IdAustria client controller that receives the response from national - * IdAustria node. - * - * @author tlenz - * - */ -@Slf4j -@Controller -public class IdAustriaClientAuthSignalController extends AbstractProcessEngineSignalController { - - public static final String HTTP_PARAM_RELAYSTATE = "RelayState"; - public static final String HTTP_PARAM_PENDINGREQUESTID = "pendingid"; - - /** - * Default constructor with logging. - * - */ - public IdAustriaClientAuthSignalController() { - super(); - log.debug("Registering servlet " + getClass().getName() - + " with mappings '" + IdAustriaClientAuthConstants.ENDPOINT_POST - + "' and '" + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT + "'."); - - } - - /** - * HTTP end-point for incoming SAML2 Response from ID Austria node. - * - * @param req HTTP request - * @param resp HTTP response - * @throws IOException In case of a HTTP communication error - * @throws EaafException In case of a state-validation problem - */ - @RequestMapping(value = { IdAustriaClientAuthConstants.ENDPOINT_POST, - IdAustriaClientAuthConstants.ENDPOINT_REDIRECT }, - method = { RequestMethod.POST, RequestMethod.GET }) - public void performAuthentication(HttpServletRequest req, HttpServletResponse resp) - throws IOException, EaafException { - signalProcessManagement(req, resp); - - } - - /** - * Read the PendingRequestId from SAML2 RelayState parameter. - */ - @Override - public String getPendingRequestId(HttpServletRequest request) { - String relayState = StringEscapeUtils.escapeHtml4(request.getParameter(HTTP_PARAM_RELAYSTATE)); - if (StringUtils.isNotEmpty(relayState)) { - try { - String pendingReqId = transactionStorage.get(relayState, String.class); - if (StringUtils.isNotEmpty(pendingReqId)) { - - return pendingReqId; - - } else { - log.info("SAML2 RelayState from request is unknown. Can NOT restore session ... "); - - } - - } catch (EaafException e) { - log.error("Can NOT map SAML2 RelayState to pendingRequestId", e); - - } finally { - transactionStorage.remove(relayState); - - } - - } else { - log.info("No SAML2 relaystate. Can NOT restore session ... "); - - } - - return null; - - } -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/controller/IdAustriaClientAuthMetadataController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/controller/IdAustriaClientAuthMetadataController.java new file mode 100644 index 00000000..1e4b27f7 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/controller/IdAustriaClientAuthMetadataController.java @@ -0,0 +1,122 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.controller; + + +import java.io.IOException; +import java.net.MalformedURLException; +import java.net.URL; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import com.google.common.net.MediaType; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataConfiguration; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider; +import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.http.HttpUtils; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder; +import lombok.extern.slf4j.Slf4j; + +/** + * Controller that generates SAML2 metadata for eIDAS authentication client. + * + * @author tlenz + * + */ +@Slf4j +@Controller +public class IdAustriaClientAuthMetadataController extends AbstractController { + + private static final String ERROR_CODE_INTERNAL_00 = "eaaf.core.00"; + + @Autowired + PvpMetadataBuilder metadatabuilder; + @Autowired + IdAustriaClientAuthCredentialProvider credentialProvider; + @Autowired + IPvp2BasicConfiguration pvpConfiguration; + + /** + * Default construction with logging. + * + */ + public IdAustriaClientAuthMetadataController() { + super(); + log.debug("Registering servlet " + getClass().getName() + + " with mappings '" + IdAustriaClientAuthConstants.ENDPOINT_METADATA + + "'."); + + } + + /** + * End-point that produce PVP2 metadata for eIDAS authentication client. + * + * @param req http Request + * @param resp http Response + * @throws IOException In case of an I/O error + * @throws EaafException In case of a metadata generation error + */ + @RequestMapping(value = IdAustriaClientAuthConstants.ENDPOINT_METADATA, + method = { RequestMethod.GET }) + public void getSpMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException, + EaafException { + // check PublicURL prefix + try { + final String authUrl = getAuthUrlFromHttpContext(req); + + // initialize metadata builder configuration + final IdAustriaClientAuthMetadataConfiguration metadataConfig = + new IdAustriaClientAuthMetadataConfiguration(authUrl, credentialProvider, pvpConfiguration); + // metadataConfig.setAdditionalRequiredAttributes(getAdditionalRequiredAttributes()); + + // build metadata + final String xmlMetadata = metadatabuilder.buildPvpMetadata(metadataConfig); + + // write response + final byte[] content = xmlMetadata.getBytes("UTF-8"); + resp.setStatus(HttpServletResponse.SC_OK); + resp.setContentLength(content.length); + resp.setContentType(MediaType.XML_UTF_8.toString()); + resp.getOutputStream().write(content); + + } catch (final Exception e) { + log.warn("Build federated-authentication PVP metadata FAILED.", e); + protAuthService.handleErrorNoRedirect(e, req, resp, false); + + } + + } + + private String getAuthUrlFromHttpContext(HttpServletRequest req) throws EaafException { + // check if End-Point is valid + final String authUrlString = HttpUtils.extractAuthUrlFromRequest(req); + URL authReqUrl; + try { + authReqUrl = new URL(authUrlString); + + } catch (final MalformedURLException e) { + log.warn("Requested URL: {} is not a valid URL.", authUrlString); + throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString }, e); + + } + + final String idpAuthUrl = authConfig.validateIdpUrl(authReqUrl); + if (idpAuthUrl == null) { + log.warn("Requested URL: {} is NOT found in configuration.", authReqUrl); + throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString }); + + } + + return idpAuthUrl; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/controller/IdAustriaClientAuthSignalController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/controller/IdAustriaClientAuthSignalController.java new file mode 100644 index 00000000..eca21683 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/controller/IdAustriaClientAuthSignalController.java @@ -0,0 +1,95 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.controller; + + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.apache.commons.text.StringEscapeUtils; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import lombok.extern.slf4j.Slf4j; + +/** + * IdAustria client controller that receives the response from ID Austria system. + * + * @author tlenz + * + */ +@Slf4j +@Controller +public class IdAustriaClientAuthSignalController extends AbstractProcessEngineSignalController { + + public static final String HTTP_PARAM_RELAYSTATE = "RelayState"; + + /** + * Default constructor with logging. + * + */ + public IdAustriaClientAuthSignalController() { + super(); + log.debug("Registering servlet " + getClass().getName() + + " with mappings '" + IdAustriaClientAuthConstants.ENDPOINT_POST + + "' and '" + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT + "'."); + + } + + /** + * HTTP end-point for incoming SAML2 Response from ID Austria system. + * + * @param req HTTP request + * @param resp HTTP response + * @throws IOException In case of a HTTP communication error + * @throws EaafException In case of a state-validation problem + */ + @RequestMapping(value = { IdAustriaClientAuthConstants.ENDPOINT_POST, + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT }, + method = { RequestMethod.POST, RequestMethod.GET }) + public void performAuthentication(HttpServletRequest req, HttpServletResponse resp) + throws IOException, EaafException { + signalProcessManagement(req, resp); + + } + + /** + * Read the PendingRequestId from SAML2 RelayState parameter. + */ + @Override + public String getPendingRequestId(HttpServletRequest request) { + String relayState = StringEscapeUtils.escapeHtml4(request.getParameter(HTTP_PARAM_RELAYSTATE)); + if (StringUtils.isNotEmpty(relayState)) { + try { + String pendingReqId = transactionStorage.get(relayState, String.class); + if (StringUtils.isNotEmpty(pendingReqId)) { + + return pendingReqId; + + } else { + log.info("SAML2 RelayState from request is unknown. Can NOT restore session ... "); + + } + + } catch (EaafException e) { + log.error("Can NOT map SAML2 RelayState to pendingRequestId", e); + + } finally { + transactionStorage.remove(relayState); + + } + + } else { + log.info("No SAML2 relaystate. Can NOT restore session ... "); + + } + + return null; + + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthCredentialProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthCredentialProvider.java new file mode 100644 index 00000000..5b6085c1 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthCredentialProvider.java @@ -0,0 +1,132 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider; + +import org.springframework.beans.factory.annotation.Autowired; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; + +/** + * Credential provider for eIDAS PVP S-Profile client. + * + * @author tlenz + * + */ +public class IdAustriaClientAuthCredentialProvider extends AbstractCredentialProvider { + + @Autowired + IConfiguration authConfig; + + private static final String FRIENDLYNAME = "ID Austria authentication"; + + @Override + public KeyStoreConfiguration getBasicKeyStoreConfig() throws EaafConfigurationException { + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setFriendlyName(FRIENDLYNAME); + keyStoreConfig.setKeyStoreType( + authConfig.getBasicConfiguration(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_TYPE, + KeyStoreType.PKCS12.getKeyStoreType())); + keyStoreConfig.setKeyStoreName( + authConfig.getBasicConfiguration(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_NAME)); + keyStoreConfig.setSoftKeyStoreFilePath(getKeyStoreFilePath()); + keyStoreConfig.setSoftKeyStorePassword( + authConfig.getBasicConfiguration(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PASSWORD)); + + return keyStoreConfig; + + } + + private String getKeyStoreFilePath() throws EaafConfigurationException { + final String path = authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH); + if (path == null) { + throw new EaafConfigurationException(Constants.ERRORCODE_00, + new Object[] { IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH }); + + } + return path; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getMetadataKeyAlias() + */ + @Override + public String getMetadataKeyAlias() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getMetadataKeyPassword() + */ + @Override + public String getMetadataKeyPassword() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getSignatureKeyAlias() + */ + @Override + public String getSignatureKeyAlias() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getSignatureKeyPassword() + */ + @Override + public String getSignatureKeyPassword() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getEncryptionKeyAlias() + */ + @Override + public String getEncryptionKeyAlias() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider# + * getEncryptionKeyPassword() + */ + @Override + public String getEncryptionKeyPassword() { + return authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthHealthCheck.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthHealthCheck.java new file mode 100644 index 00000000..b54b501d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthHealthCheck.java @@ -0,0 +1,56 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.actuate.health.Health; +import org.springframework.boot.actuate.health.HealthIndicator; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import lombok.extern.slf4j.Slf4j; +import net.shibboleth.utilities.java.support.resolver.ResolverException; + +/** + * Spring Actuator HealthCheck for ID Austria client that evaluates the current status of + * ID Austria SAML2 metadata that are loaded into MS-Connector. + * + * @author tlenz + * + */ +@Slf4j +public class IdAustriaClientAuthHealthCheck implements HealthIndicator { + + @Autowired IConfiguration authConfig; + @Autowired IdAustriaClientAuthMetadataProvider metadataService; + + @Override + public Health health() { + String msNodeEntityID = authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID); + + if (StringUtils.isEmpty(msNodeEntityID)) { + log.trace("No ID Austria EntityId in configuration. Skipping tests ... "); + return Health.unknown().build(); + + } + + try { + EntityDescriptor connectorMetadata = + metadataService.getEntityDescriptor(msNodeEntityID); + if (connectorMetadata != null) { + return Health.up().build(); + + } else { + return Health.outOfService().withDetail("Reason", "No SAML2 metadata").build(); + + } + + } catch (ResolverException e) { + return Health.down(e).build(); + + } + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthMetadataProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthMetadataProvider.java new file mode 100644 index 00000000..7c87548f --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthMetadataProvider.java @@ -0,0 +1,169 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider; + +import java.io.IOException; +import java.security.KeyStore; +import java.security.Provider; +import java.security.cert.CertificateException; +import java.text.MessageFormat; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml.metadata.resolver.MetadataResolver; +import org.opensaml.saml.metadata.resolver.filter.MetadataFilter; +import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain; +import org.springframework.beans.factory.annotation.Autowired; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; +import lombok.extern.slf4j.Slf4j; + +/** + * SAML2 metadata-provider implementation for ID Austria client. + * + * @author tlenz + * + */ +@Slf4j +public class IdAustriaClientAuthMetadataProvider extends AbstractChainingMetadataProvider { + + private static final String FRIENDLYNAME_METADATA_TRUSTSTORE = "'ID Austria client metadata truststore'"; + private static final String PROVIDER_ID_PATTERN = "eIDAS resolver: {0}"; + public static final String PROVIDER_ID = "'ID Austria client metadata-provider'"; + + @Autowired + private IConfiguration basicConfig; + + @Autowired + private PvpMetadataResolverFactory metadataProviderFactory; + @Autowired + private IHttpClientFactory httpClientFactory; + + @Autowired + private EaafKeyStoreFactory keyStoreFactory; + + private Pair metadataSigningTrustStore; + + @Override + protected String getMetadataUrl(String entityId) throws EaafConfigurationException { + log.trace("ID Austria. uses SAML2 well-known location approach. EntityId is Metadata-URL"); + return entityId; + + } + + @Override + protected MetadataResolver createNewMetadataProvider(String entityId) throws EaafConfigurationException, + IOException, CertificateException { + final List filterList = new ArrayList<>(); + filterList.add(new SchemaValidationFilter(true)); + filterList.add(new SimpleMetadataSignatureVerificationFilter( + metadataSigningTrustStore.getFirst(), entityId)); + + final MetadataFilterChain filter = new MetadataFilterChain(); + filter.setFilters(filterList); + + try { + return metadataProviderFactory.createMetadataProvider(getMetadataUrl(entityId), + filter, + MessageFormat.format(PROVIDER_ID_PATTERN, entityId), + httpClientFactory.getHttpClient()); + + } catch (final Pvp2MetadataException e) { + log.info("Can NOT build metadata provider for entityId: {}", entityId); + throw new EaafConfigurationException(IdAustriaClientAuthConstants.ERRORCODE_05, + new Object[] { entityId, e.getMessage() }, e); + + } + } + + @Override + protected List getAllMetadataUrlsFromConfiguration() throws EaafConfigurationException { + return Collections.emptyList(); + + } + + @Override + protected String getMetadataProviderId() { + return PROVIDER_ID; + + } + + @Override + public void runGarbageCollector() { + log.trace("Garbage collection is NOT supported by: {}", getId()); + } + + @Override + public void doDestroy() { + super.fullyDestroy(); + + } + + @PostConstruct + private void initialize() throws EaafException { + // initialize truststore to validate metadata signing certificates + initializeTrustStore(); + + // load metadata with metadataURL, as backup + initializeFileSystemMetadata(); + + } + + private void initializeFileSystemMetadata() { + try { + final String metadataUrl = basicConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_METADATAURL); + if (StringUtils.isNotEmpty(metadataUrl)) { + log.info("Use not recommended metadata-provider initialization!" + + " SAML2 'Well-Known-Location' is the preferred methode."); + log.info("Initialize 'ms-specific eIDAS node' metadata-provider with URL: {}", metadataUrl); + + addMetadataResolverIntoChain(createNewMetadataProvider(metadataUrl)); + } + + } catch (final EaafConfigurationException | CertificateException | IOException e) { + log.warn("Can NOT inject static eIDAS Node metadata-soure.", e); + log.warn("eIDAS Node communication can be FAIL."); + + } + } + + private void initializeTrustStore() throws EaafException { + // set configuration + final KeyStoreConfiguration trustStoreConfig = new KeyStoreConfiguration(); + trustStoreConfig.setFriendlyName(FRIENDLYNAME_METADATA_TRUSTSTORE); + trustStoreConfig.setKeyStoreType(basicConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_TYPE, + KeyStoreType.JKS.getKeyStoreType())); + trustStoreConfig.setKeyStoreName(basicConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_NAME)); + trustStoreConfig.setSoftKeyStoreFilePath(basicConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_PATH)); + trustStoreConfig.setSoftKeyStorePassword(basicConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_TRUSTSTORE_PASSWORD)); + + // validate configuration + trustStoreConfig.validate(); + + // open new TrustStore + metadataSigningTrustStore = keyStoreFactory.buildNewKeyStore(trustStoreConfig); + + } + +} + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java index b4fe8bd7..4d305c7d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java @@ -23,13 +23,21 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import java.text.MessageFormat; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthRequestBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; @@ -37,36 +45,19 @@ import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.Random; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; -import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PvpAuthnRequestBuilder; import lombok.extern.slf4j.Slf4j; import net.shibboleth.utilities.java.support.security.SecureRandomIdentifierGenerationStrategy; -import org.apache.commons.lang3.StringUtils; -import org.opensaml.saml.saml2.core.Attribute; -import org.opensaml.saml.saml2.metadata.EntityDescriptor; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.text.MessageFormat; -import java.util.ArrayList; -import java.util.List; /** - * Task that searches ErnB and ZMR before adding person to SZR. + * Generate a SAML2 AuthnRequest to authenticate the user at ID Austria system. * - * @author amarsalek + * @author tlenz */ @Slf4j @Component("GenerateMobilePhoneSignatureRequestTask") public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServletTask { - - private static final String ERROR_CODE_02 = "module.eidasauth.02"; - private static final String ERROR_MSG_1 = "Requested 'ms-specific eIDAS node' {0} has no valid metadata or metadata is not found"; @@ -89,21 +80,20 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet //step 15a // get entityID for ms-specific ID Austria node - //TODO load from config final String msNodeEntityID = basicConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID); - // final String msNodeEntityID = "classpath:/data/idp_metadata_classpath_entity.xml"; + IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID); if (StringUtils.isEmpty(msNodeEntityID)) { - log.info("eIDAS authentication not possible -> NO EntityID for central eIDAS node FOUND!"); - throw new TaskExecutionException(pendingReq, "", null); + log.warn("ID Austria authentication not possible -> NO EntityID for ID Austria System FOUND!"); + throw new EaafConfigurationException(Constants.ERRORCODE_00, + new Object[]{IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID}); } // load IDP SAML2 entitydescriptor final EntityDescriptor entityDesc = metadataService.getEntityDescriptor(msNodeEntityID); if (entityDesc == null) { - throw new EaafConfigurationException(ERROR_CODE_02, + throw new EaafConfigurationException(IdAustriaClientAuthConstants.ERRORCODE_02, new Object[]{MessageFormat.format(ERROR_MSG_1, msNodeEntityID)}); } @@ -117,16 +107,12 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet authnReqConfig.setIdpEntity(entityDesc); authnReqConfig.setPassive(false); authnReqConfig.setSignCred(credential.getMessageSigningCredential()); - authnReqConfig.setSpEntityID(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_METADATA); + authnReqConfig.setSpEntityID( + pendingReq.getAuthUrlWithOutSlash() + IdAustriaClientAuthConstants.ENDPOINT_METADATA); authnReqConfig.setRequestedLoA(authConfig.getBasicConfiguration( IdAustriaClientAuthConstants.CONFIG_PROPS_REQUIRED_LOA, IdAustriaClientAuthConstants.CONFIG_DEFAULT_LOA_EIDAS_LEVEL)); - authnReqConfig.setScopeRequesterId(authConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_SP_ENTITYID)); - authnReqConfig.setProviderName(pendingReq.getServiceProviderConfiguration().getFriendlyName()); - authnReqConfig.setRequestedAttributes(buildRequestedAttributes(pendingReq)); - /*build relayState for session synchronization, because SAML2 only allows RelayState with 80 characters * but encrypted PendingRequestId is much longer. */ @@ -136,37 +122,10 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet // build and transmit AuthnRequest authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig, relayState, response); - - //TODO } catch (final Exception e) { - e.printStackTrace(); - log.error("Initial search FAILED.", e); - throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); + throw new TaskExecutionException(pendingReq, + "Generation of SAML2 AuthnRequest to ID Austria System FAILED", e); + } } - - private List buildRequestedAttributes(IRequest pendingReq) { - final List attributes = new ArrayList<>(); - - //build TransactionId attribute - final Attribute attrTransId = PvpAttributeBuilder.buildEmptyAttribute( - ExtendedPvpAttributeDefinitions.EID_TRANSACTION_ID_NAME); - final EaafRequestedAttribute attrTransIdReqAttr = Saml2Utils.generateReqAuthnAttributeSimple( - attrTransId, - true, - pendingReq.getUniqueTransactionIdentifier()); - attributes.add(attrTransIdReqAttr); - - // build EID sector for identification attribute - final Attribute attr = PvpAttributeBuilder.buildEmptyAttribute( - PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME); - final EaafRequestedAttribute bpkTargetReqAttr = Saml2Utils.generateReqAuthnAttributeSimple( - attr, - true, - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); - attributes.add(bpkTargetReqAttr); - - return attributes; - } - } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java index 1dc8befd..44e13d78 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java @@ -23,6 +23,24 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import java.io.IOException; +import java.util.HashMap; +import java.util.List; +import java.util.Set; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.TransformerException; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.messaging.decoder.MessageDecodingException; +import org.opensaml.saml.saml2.core.Response; +import org.opensaml.saml.saml2.core.StatusCode; +import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; @@ -31,10 +49,10 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleMobileSignatur import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthEventConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthEventConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; @@ -60,27 +78,11 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import lombok.extern.slf4j.Slf4j; -import org.apache.commons.lang3.StringUtils; -import org.opensaml.core.xml.io.MarshallingException; -import org.opensaml.messaging.decoder.MessageDecodingException; -import org.opensaml.saml.saml2.core.Response; -import org.opensaml.saml.saml2.core.StatusCode; -import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.TransformerException; -import java.io.IOException; -import java.util.HashMap; -import java.util.List; -import java.util.Set; /** - * Task that searches ErnB and ZMR before adding person to SZR. + * Task that receives the SAML2 response from ID Austria system. * - * @author amarsalek + * @author tlenz */ @Slf4j @Component("ReceiveMobilePhoneSignatureResponseTask") @@ -102,9 +104,9 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends private static final String ERROR_PVP_12 = "sp.pvp2.12"; private static final String ERROR_MSG_00 = - "Receive INVALID PVP Response from federated IDP"; + "Receive INVALID PVP Response from ID Austria system"; private static final String ERROR_MSG_01 = - "Processing PVP response from 'ms-specific eIDAS node' FAILED."; + "Processing PVP response from 'ID Austria system' FAILED."; private static final String ERROR_MSG_02 = "PVP response decrytion FAILED. No credential found."; private static final String ERROR_MSG_03 = @@ -124,29 +126,21 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends throws TaskExecutionException { try { log.trace("Starting ReceiveMobilePhoneSignatureResponseTask");//Node 15 - final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); - MergedRegisterSearchResult initialSearchResult = - authProcessData.getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT, - MergedRegisterSearchResult.class); - SimpleEidasData eidData = authProcessData.getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, - SimpleEidasData.class); - - InboundMessage msg = null; - IDecoder decoder = null; EaafUriCompare comperator = null; + // select Response Binding if (request.getMethod().equalsIgnoreCase("POST")) { decoder = new PostBinding(); comperator = new EaafUriCompare(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_POST); - log.trace("Receive PVP Response from 'ID Austria node', by using POST-Binding."); + log.trace("Receive PVP Response from 'ID Austria system', by using POST-Binding."); } else if (request.getMethod().equalsIgnoreCase("GET")) { decoder = new RedirectBinding(); comperator = new EaafUriCompare(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT); - log.trace("Receive PVP Response from 'ID Austria node', by using Redirect-Binding."); + log.trace("Receive PVP Response from 'ID Austria system', by using Redirect-Binding."); } else { log.warn("Receive PVP Response, but Binding (" @@ -180,10 +174,10 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends } else { // validate entityId of response final String msNodeEntityID = authConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID); + IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID); final String respEntityId = msg.getEntityID(); if (!msNodeEntityID.equals(respEntityId)) { - log.warn("Response Issuer is not a 'ID Austria node'. Stopping eIDAS authentication ..."); + log.warn("Response Issuer is not from valid 'ID Austria IDP'. Stopping ID Austria authentication ..."); throw new AuthnResponseValidationException(ERROR_PVP_08, new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, msg.getEntityID()}); @@ -194,6 +188,29 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends final AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(processedMsg.getFirst().getResponse()); + + + + /* + * SAML2 response ist bereits vollständig validiert und die Attribute können aus dem + * ausgelesen werden. + * Die AttributeNamen sind entsprechend PVP Spezifikation, z.B. PvpAttributeDefinitions.GIVEN_NAME_NAME + * + * --------------------------------------------------------------------------------------------- + * + * TODO: ab hier müssen wir wohl was anpassen + * + */ + + //load additional search-data from pendingRequest + final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + MergedRegisterSearchResult initialSearchResult = + authProcessData.getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT, + MergedRegisterSearchResult.class); + SimpleEidasData eidData = authProcessData.getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, + SimpleEidasData.class); + + SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData); if (!simpleMobileSignatureData.equalsSimpleEidasData(eidData)) { @@ -278,8 +295,8 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends return Pair.newInstance(msg, false); } else { - log.info("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue() - + " from 'ms-specific eIDAS node'."); + log.info("Receive StatusCode {} from 'ms-specific eIDAS node'.", + samlResp.getStatus().getStatusCode().getValue()); StatusCode subStatusCode = getSubStatusCode(samlResp); if (subStatusCode != null && IdAustriaClientAuthConstants.SAML2_STATUSCODE_USERSTOP.equals(subStatusCode.getValue())) { @@ -311,6 +328,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends && StringUtils.isNotEmpty(samlResp.getStatus().getStatusCode().getStatusCode().getValue())) { return samlResp.getStatus().getStatusCode().getStatusCode(); } + return null; } @@ -352,34 +370,8 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends } - //set piiTransactionId from eIDAS Connector - // String piiTransactionId = extractor.getSingleAttributeValue( - // ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME); - // if (StringUtils.isNotEmpty(piiTransactionId) && pendingReq instanceof RequestImpl) { - // log.info("Receive piiTransactionId from Austrian eIDAS Connector. Use this for further processing"); - // ((RequestImpl) pendingReq).setUniquePiiTransactionIdentifier(piiTransactionId); - // - // } else { - // log.debug("Receive no piiTransactionId from Austrian eIDAS Connector."); - // - // } - - // set foreigner flag - // session.setForeigner(true); - - // set IssuerInstant from Assertion authProcessData.setIssueInstant(extractor.getAssertionIssuingDate()); - // set CCE URL - //if (extractor.getFullAssertion().getIssuer() != null - //&& StringUtils.isNotEmpty(extractor.getFullAssertion().getIssuer().getValue())) { - // session.setVdaUrl(extractor.getFullAssertion().getIssuer().getValue()); - - //} //else { - // session.setVdaUrl("eIDAS_Authentication"); - - //} - } catch (final AssertionValidationExeption e) { throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e); @@ -387,39 +379,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends return simpleMobileSignatureData; } - // private void injectAuthInfosIntoSession(AhAuthProcessDataWrapper session, String attrName, String attrValue) - // throws EaafStorageException, MisException, IOException { - // log.trace("Inject attribute: {} with value: {} into AuthSession", attrName, attrValue); - // log.debug("Inject attribute: {} into AuthSession", attrName); - // - // if (ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME.equals(attrName)) { - // log.debug("Find eidasBind attribute. Switching to E-ID mode ... "); - // session.setEidProcess(true); - // session.setQcBind(attrValue); - // // session.setVsz(extractVszFromEidasBind(attrValue)); - // //T - // - // } else if (ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME.equals(attrName)) { - // session.setSignedAuthBlock(Base64.getDecoder().decode(attrValue)); - // session.setSignedAuthBlockType(AuthHandlerConstants.AuthBlockType.JWS); - // - // } else if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) { - // session.setQaaLevel(attrValue); - // - // // } else if (ExtendedPvpAttributeDefinitions.EID_MIS_MANDATE_NAME.equals(attrName) - // // && authConfig.getBasicConfigurationBoolean( - // // IdAustriaClientAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) { - // // session.setMandateDate(new SignedMandateDao(attrValue)); - // // session.setUseMandates(true); - // // - // } else { - // session.setGenericDataToSession(attrName, attrValue); - // - // } - // - // } - - + private MergedRegisterSearchResult searchInZmrAndErnp(String bpkzp) { List resultsZmr = zmrClient.searchWithBpkZp(bpkzp); List resultsErnp = ernpClient.searchWithBpkZp(bpkzp); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 019cb03c..a720c1f8 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -11,8 +11,8 @@ - + @@ -22,29 +22,7 @@ - - - - - - - - - - - - - - - - - + @@ -88,6 +66,24 @@ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ItSpecificDetailSearchProcessor"> + + + + + + + + + + + + + - - - - - - - - - - \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml new file mode 100644 index 00000000..cde9687e --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml @@ -0,0 +1,39 @@ + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties new file mode 100644 index 00000000..a2437ce6 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties @@ -0,0 +1,15 @@ +module.eidasauth.00=Wrong configuration. Missing property: {0} + +module.eidasauth.idaustria.02=eIDAS module has an error in configuration. Reason: {0} +module.eidasauth.idaustria.05=eIDAS module can not initialize SAML2 metadata provider for entityId: {0}. Reason: {1} + + +module.eidasauth.01=eIDAS module has an error in configuration: {0}. Reason: {1} + +module.eidasauth.03=eIDAS module has a general error during request pre-processing. Reason: {0} +module.eidasauth.04=eIDAS module has a general error during response post-processing. +module.eidasauth.06=eIDAS module was selected, but eIDAS is NOT enabled for SP: {0} + + +module.eidasauth.98=eIDAS module has an internal error. Reason: {0} +module.eidasauth.99=eIDAS module has an generic internal error. diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/config/EidasConnectorMessageSourceTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/config/EidasConnectorMessageSourceTest.java new file mode 100644 index 00000000..1f96b25c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/config/EidasConnectorMessageSourceTest.java @@ -0,0 +1,43 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.config; + +import java.util.List; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml"}) +@DirtiesContext +public class EidasConnectorMessageSourceTest { + + @Autowired + private ResourceLoader loader; + @Autowired(required = false) + private List messageSources; + + @Test + public void checkMessageSources() { + Assert.assertNotNull("No messageSource", messageSources); + + for (final IMessageSourceLocation messageSource : messageSources) { + Assert.assertNotNull("No sourcePath", messageSource.getMessageSourceLocation()); + + for (final String el : messageSource.getMessageSourceLocation()) { + final Resource messages = loader.getResource(el + ".properties"); + Assert.assertTrue("Source not exist", messages.exists()); + + } + } + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaAuthSignalControllerTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaAuthSignalControllerTest.java new file mode 100644 index 00000000..cddcd11c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaAuthSignalControllerTest.java @@ -0,0 +1,197 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.util.SerializationUtils; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.controller.IdAustriaClientAuthSignalController; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.data.ExceptionContainer; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyProtocolAuthService; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.spring.test.DummyTransactionStorage.DummyDbEntry; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml" +}) +public class IdAustriaAuthSignalControllerTest { + + @Autowired(required = true) + private IdAustriaClientAuthSignalController controller; + @Autowired(required = true) + private ITransactionStorage cache; + @Autowired(required = true) + private IPendingRequestIdGenerationStrategy pendingReqGeneration; + @Autowired(required = true) + private IRequestStorage reqStorage; + @Autowired(required = true) + private IConfiguration basicConfig; + @Autowired private ITransactionStorage transactionStorage; + + @Autowired private DummyProtocolAuthService protAuthService; + + @Test + public void noRelayState() throws IOException, EaafException { + final MockHttpServletRequest httpReq = + new MockHttpServletRequest("POST", "https://localhost/authhandler"); + final MockHttpServletResponse httpResp = new MockHttpServletResponse(); + + controller.performAuthentication(httpReq, httpResp); + Assert.assertEquals("httpStausCode", 200, httpResp.getStatus()); + + final String errorId = protAuthService.getErrorKey(); + final Object error = cache.get(errorId); + Assert.assertNotNull("Error is null", error); + org.springframework.util.Assert.isInstanceOf(byte[].class, + ((DummyDbEntry) error).getObj()); + final Object errorObj = SerializationUtils.deserialize((byte[]) ((DummyDbEntry) error).getObj()); + org.springframework.util.Assert.isInstanceOf(ExceptionContainer.class, errorObj); + org.springframework.util.Assert.isInstanceOf(EaafException.class, + ((ExceptionContainer) errorObj).getExceptionThrown()); + + } + + @Test + public void validRelayStateNoPendingReqId() throws EaafException, IOException { + final String pendingReqId = pendingReqGeneration.generateExternalPendingRequestId(); + final MockHttpServletRequest httpReq = + new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpReq.addParameter(IdAustriaClientAuthSignalController.HTTP_PARAM_RELAYSTATE, pendingReqId); + final MockHttpServletResponse httpResp = new MockHttpServletResponse(); + + controller.performAuthentication(httpReq, httpResp); + Assert.assertEquals("httpStausCode", 200, httpResp.getStatus()); + + final String errorId = protAuthService.getErrorKey(); + final Object error = cache.get(errorId); + Assert.assertNotNull("Error is null", error); + org.springframework.util.Assert.isInstanceOf(byte[].class, + ((DummyDbEntry) error).getObj()); + final Object errorObj = SerializationUtils.deserialize((byte[]) ((DummyDbEntry) error).getObj()); + org.springframework.util.Assert.isInstanceOf(ExceptionContainer.class, errorObj); + org.springframework.util.Assert.isInstanceOf(EaafException.class, + ((ExceptionContainer) errorObj).getExceptionThrown()); + //TODO: + Assert.assertEquals("ErrorCode not match", "auth.26", + ((EaafException) ((ExceptionContainer) errorObj).getExceptionThrown()).getErrorId()); + + } + + @Test + public void validRelayStateSuspectPendingReqId() throws EaafException, IOException { + String relayState = RandomStringUtils.randomAlphanumeric(10); + transactionStorage.put(relayState, false, -1); + + final MockHttpServletRequest httpReq = + new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpReq.addParameter(IdAustriaClientAuthSignalController.HTTP_PARAM_RELAYSTATE, relayState); + final MockHttpServletResponse httpResp = new MockHttpServletResponse(); + + controller.performAuthentication(httpReq, httpResp); + Assert.assertEquals("httpStausCode", 200, httpResp.getStatus()); + + final String errorId = protAuthService.getErrorKey(); + final Object error = cache.get(errorId); + Assert.assertNotNull("Error is null", error); + org.springframework.util.Assert.isInstanceOf(byte[].class, + ((DummyDbEntry) error).getObj()); + final Object errorObj = SerializationUtils.deserialize((byte[]) ((DummyDbEntry) error).getObj()); + org.springframework.util.Assert.isInstanceOf(ExceptionContainer.class, errorObj); + org.springframework.util.Assert.isInstanceOf(EaafException.class, + ((ExceptionContainer) errorObj).getExceptionThrown()); + //TODO: + Assert.assertEquals("ErrorCode not match", "auth.26", + ((EaafException) ((ExceptionContainer) errorObj).getExceptionThrown()).getErrorId()); + + Assert.assertNull("RelayState was not removed", transactionStorage.get(relayState)); + + } + + @Test + public void validRelayStateNoPendingReq() throws EaafException, IOException { + final String pendingReqId = pendingReqGeneration.generateExternalPendingRequestId(); + String relayState = RandomStringUtils.randomAlphanumeric(10); + transactionStorage.put(relayState, pendingReqId, -1); + + final MockHttpServletRequest httpReq = + new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpReq.addParameter(IdAustriaClientAuthSignalController.HTTP_PARAM_RELAYSTATE, relayState); + final MockHttpServletResponse httpResp = new MockHttpServletResponse(); + + controller.performAuthentication(httpReq, httpResp); + Assert.assertEquals("httpStausCode", 200, httpResp.getStatus()); + + final String errorId = protAuthService.getErrorKey(); + final Object error = cache.get(errorId); + Assert.assertNotNull("Error is null", error); + org.springframework.util.Assert.isInstanceOf(byte[].class, + ((DummyDbEntry) error).getObj()); + final Object errorObj = SerializationUtils.deserialize((byte[]) ((DummyDbEntry) error).getObj()); + org.springframework.util.Assert.isInstanceOf(ExceptionContainer.class, errorObj); + org.springframework.util.Assert.isInstanceOf(EaafException.class, + ((ExceptionContainer) errorObj).getExceptionThrown()); + Assert.assertEquals("ErrorCode not match", "auth.28", + ((EaafException) ((ExceptionContainer) errorObj).getExceptionThrown()).getErrorId()); + + Assert.assertNull("RelayState was not removed", transactionStorage.get(relayState)); + + } + + @Test + public void validRelayStateWithPendingReq() throws EaafException, IOException { + final String pendingReqId = pendingReqGeneration.generateExternalPendingRequestId(); + + String relayState = RandomStringUtils.randomAlphanumeric(10); + transactionStorage.put(relayState, pendingReqId, -1); + + final TestRequestImpl pendingReq = new TestRequestImpl(); + pendingReq.setPendingReqId(pendingReqId); + pendingReq.setAuthUrl("http://localhost/idp"); + final Map spConfigMap = new HashMap<>(); + spConfigMap.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "http://test.sp"); + final DummySpConfiguration spConfig = new DummySpConfiguration(spConfigMap, basicConfig); + pendingReq.setSpConfig(spConfig); + reqStorage.storePendingRequest(pendingReq); + + final MockHttpServletRequest httpReq = + new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpReq.addParameter(IdAustriaClientAuthSignalController.HTTP_PARAM_RELAYSTATE, relayState); + final MockHttpServletResponse httpResp = new MockHttpServletResponse(); + + controller.performAuthentication(httpReq, httpResp); + + Assert.assertEquals("httpStausCode", 200, httpResp.getStatus()); + + final String errorId = protAuthService.getErrorKey(); + final Object error = cache.get(errorId); + Assert.assertNotNull("Error is null", error); + org.springframework.util.Assert.isInstanceOf(byte[].class, + ((DummyDbEntry) error).getObj()); + final Object errorObj = SerializationUtils.deserialize((byte[]) ((DummyDbEntry) error).getObj()); + org.springframework.util.Assert.isInstanceOf(ExceptionContainer.class, errorObj); + org.springframework.util.Assert.isInstanceOf(EaafException.class, + ((ExceptionContainer) errorObj).getExceptionThrown()); + Assert.assertEquals("ErrorCode not match", + "PendingRequest object is not of type 'RequestImpl.class'", + ((EaafException) ((ExceptionContainer) errorObj).getExceptionThrown()).getErrorId()); + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthHealthCheckTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthHealthCheckTest.java new file mode 100644 index 00000000..a583ab2a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthHealthCheckTest.java @@ -0,0 +1,128 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient; + +import org.joda.time.DateTime; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.core.xml.io.UnmarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.actuate.health.Health; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.w3c.dom.Element; + +import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthHealthCheck; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import net.shibboleth.utilities.java.support.resolver.ResolverException; +import net.shibboleth.utilities.java.support.xml.SerializeSupport; +import net.shibboleth.utilities.java.support.xml.XMLParserException; +import okhttp3.HttpUrl; +import okhttp3.mockwebserver.MockResponse; +import okhttp3.mockwebserver.MockWebServer; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml" +}) +public class IdAustriaClientAuthHealthCheckTest { + + @Autowired private IdAustriaClientAuthHealthCheck toCheck; + @Autowired protected MsConnectorDummyConfigMap config; + @Autowired private IPvp2CredentialProvider credentialProvider; + @Autowired IdAustriaClientAuthMetadataProvider provider; + + private static MockWebServer mockWebServer; + private static HttpUrl mockServerUrl; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void classInitializer() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/metadata"); + + } + + @Test + public void notActive() { + //set-up test + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, + null); + + //perform check + Health status = toCheck.health(); + + //evaluate status + Assert.assertEquals("wrong status", Health.unknown().build().getStatus(), status.getStatus()); + + } + + @Test + public void success() throws SamlSigningException, CredentialsNotAvailableException, + XMLParserException, UnmarshallingException, MarshallingException { + + //set-up test + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, + mockServerUrl.url().toString()); + injectValidHttpMetadata(mockServerUrl.url().toString()); + + //perform check + Health status = toCheck.health(); + + //evaluate status + Assert.assertEquals("wrong status", Health.up().build().getStatus(), status.getStatus()); + + } + + @Test + public void invalid() throws SamlSigningException, CredentialsNotAvailableException, + XMLParserException, UnmarshallingException, MarshallingException, ResolverException { + //set-up test + provider.clear(); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, + "http://localhost:1234/junit/metadata"); + + //perform check + Health status = toCheck.health(); + + //evaluate status + Assert.assertEquals("wrong status", Health.outOfService().build().getStatus(), status.getStatus()); + + } + + private String injectValidHttpMetadata(String dynEntityId) throws XMLParserException, + UnmarshallingException, MarshallingException, SamlSigningException, CredentialsNotAvailableException { + final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + IdAustriaClientAuthHealthCheckTest.class.getResourceAsStream("/data/idp_metadata_no_sig.xml")); + metadata.setValidUntil(DateTime.now().plusDays(1)); + metadata.setSignature(null); + metadata.setEntityID(dynEntityId); + Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true); + final Element metadataElement = XMLObjectSupport.marshall(metadata); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody(SerializeSupport.nodeToString(metadataElement)) + .setHeader("Content-Type", "text/html;charset=utf-8")); + return dynEntityId; + +} + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java index c99c6e6a..4671684f 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java @@ -3,18 +3,10 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.UnsupportedEncodingException; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.List; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController; -import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; import org.junit.Assert; import org.junit.Before; import org.junit.BeforeClass; -import org.junit.Ignore; import org.junit.Test; import org.junit.runner.RunWith; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; @@ -24,16 +16,16 @@ import org.opensaml.saml.common.xml.SAMLConstants; import org.opensaml.saml.metadata.resolver.filter.FilterException; import org.opensaml.saml.saml2.metadata.EntityDescriptor; import org.opensaml.saml.saml2.metadata.SPSSODescriptor; -import org.opensaml.security.x509.BasicX509Credential; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.controller.IdAustriaClientAuthMetadataController; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; @@ -43,14 +35,11 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException; @RunWith(SpringJUnit4ClassRunner.class) -//@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties"}) -@TestPropertySource(locations = { "classpath:/config/junit_config_1_springboot.properties" }) @ContextConfiguration(locations = { "/SpringTest-context_tasks_test.xml", "/SpringTest-context_basic_mapConfig.xml" }) @DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS) -@Ignore public class IdAustriaClientAuthMetadataControllerTest { private MockHttpServletRequest httpReq; @@ -58,7 +47,6 @@ public class IdAustriaClientAuthMetadataControllerTest { @Autowired private IdAustriaClientAuthMetadataController controller; @Autowired private IdAustriaClientAuthCredentialProvider credProvider; - @Autowired private DummyAuthConfigMap config; /** * JUnit class initializer. @@ -80,28 +68,17 @@ public class IdAustriaClientAuthMetadataControllerTest { httpReq.setContextPath("/authhandler"); httpResp = new MockHttpServletResponse(); - config.removeConfigValue("core.legacy.allowLegacyMode"); - config.removeConfigValue("modules.eidascentralauth.semper.mandates.active"); - config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.1"); - config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.2"); - config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.3"); - config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.4"); - config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.5"); - config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.6"); - } @Test public void buildMetadataValidInEidMode() throws IOException, EaafException, XMLParserException, UnmarshallingException, FilterException { - config.putConfigValue("core.legacy.allowLegacyMode", "false"); - config.putConfigValue("modules.eidascentralauth.semper.mandates.active", "false"); //build metdata controller.getSpMetadata(httpReq, httpResp); //check result - validateResponse(6); + validateResponse(7); } @@ -137,10 +114,6 @@ public class IdAustriaClientAuthMetadataControllerTest { Assert.assertFalse("AssertionConsumerServices", spSsoDesc.getAssertionConsumerServices().isEmpty()); - Assert.assertFalse("ContactPersons", - metadata.getContactPersons().isEmpty()); - Assert.assertNotNull("ContactPersons", - metadata.getOrganization()); Assert.assertFalse("KeyDescriptors", spSsoDesc.getKeyDescriptors().isEmpty()); @@ -157,13 +130,4 @@ public class IdAustriaClientAuthMetadataControllerTest { spSsoDesc.getAttributeConsumingServices().get(0).getRequestAttributes().size()); } - - private List convertX509Certs(List certs) { - final List result = new ArrayList<>(); - for (final X509Certificate cert : certs) { - result.add(new BasicX509Credential(cert)); - - } - return result; - } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderFirstTest.java new file mode 100644 index 00000000..da10fc54 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderFirstTest.java @@ -0,0 +1,238 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient; + +import java.io.IOException; + +import org.apache.commons.lang3.RandomStringUtils; +import org.joda.time.DateTime; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.criterion.EntityIdCriterion; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.core.xml.io.UnmarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.w3c.dom.Element; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest; +import net.shibboleth.utilities.java.support.resolver.CriteriaSet; +import net.shibboleth.utilities.java.support.resolver.ResolverException; +import net.shibboleth.utilities.java.support.xml.SerializeSupport; +import net.shibboleth.utilities.java.support.xml.XMLParserException; +import okhttp3.HttpUrl; +import okhttp3.mockwebserver.MockResponse; +import okhttp3.mockwebserver.MockWebServer; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml" +}) +public class IdAustriaClientAuthMetadataProviderFirstTest { + + @Autowired + IPvp2CredentialProvider credentialProvider; + @Autowired + IdAustriaClientAuthMetadataProvider provider; + @Autowired + PvpMetadataResolverFactory resolverFactory; + + private static MockWebServer mockWebServer; + private static HttpUrl mockServerUrl; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void classInitializer() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/metadata"); + + } + + /** + * jUnit test set-up. + * + * @throws ResolverException + * + */ + @Before + public void testSetup() { + provider.fullyDestroy(); + + } + + @Test + public void simpleManuelAddingTest() throws Pvp2MetadataException, ResolverException { + final IPvp2MetadataProvider resolver1 = resolverFactory.createMetadataProvider( + "classpath:/data/idp_metadata_sig_notvalid.xml", + null, "junit", null); + Assert.assertNotNull("Resolver 1 is null", resolver1); + provider.addMetadataResolverIntoChain(resolver1); + + final IPvp2MetadataProvider resolver2 = resolverFactory.createMetadataProvider( + "classpath:/data/idp_metadata_sig_valid_wrong_alg.xml", + null, "junit", null); + Assert.assertNotNull("Resolver 2 is null", resolver2); + provider.addMetadataResolverIntoChain(resolver2); + + final EntityDescriptor entity1 = provider.getEntityDescriptor("https://localEntity"); + Assert.assertNotNull("Entity 1 not found", entity1); + + final EntityDescriptor entity2 = provider.getEntityDescriptor( + "https://vidp.gv.at/ms_connector/pvp/metadata"); + Assert.assertNotNull("Entity 2 not found", entity2); + + final EntityDescriptor entity3 = provider.getEntityDescriptor("https://egiz.gv.at/abababa"); + Assert.assertNull("Entity 3 found", entity3); + + } + + @Test + public void dynamicLoadingNoValidSignature() throws ResolverException { + final EntityDescriptor entity = provider.getEntityDescriptor("classpath:/data/idp_metadata_no_sig2.xml"); + Assert.assertNull("Entity found", entity); + + } + + @Test + public void dynamicLoadingValidSignature() throws XMLParserException, UnmarshallingException, + SamlSigningException, CredentialsNotAvailableException, MarshallingException, ResolverException { + + final String entityId = injectValidHttpMetadata(); + final EntityDescriptor entity = provider.getEntityDescriptor(entityId); + Assert.assertNotNull("Entity not found", entity); + + } + + @Test + public void reloadNotPossible() throws XMLParserException, UnmarshallingException, + SamlSigningException, CredentialsNotAvailableException, MarshallingException, ResolverException { + + final String entityId = injectValidHttpMetadata(); + final EntityDescriptor entity = provider.getEntityDescriptor(entityId); + Assert.assertNotNull("Entity not found", entity); + Assert.assertNotNull("Entity not found", + provider.resolveSingle(generateEntityIdCreteria(entityId))); + + Assert.assertFalse("Refresh should not be possible", + provider.refreshMetadataProvider(entityId)); + + final EntityDescriptor entity2 = provider.getEntityDescriptor(entityId); + Assert.assertNull("Entity not found", entity2); + Assert.assertNull("Entity not found", + provider.resolveSingle(generateEntityIdCreteria(entityId))); + + Assert.assertFalse("Last refresh", provider.wasLastRefreshSuccess()); + + } + + @Test + public void refeshTest() throws Pvp2MetadataException, ResolverException { + Assert.assertFalse("Last refresh", provider.wasLastRefreshSuccess()); + Assert.assertNull("LastRefresh", provider.getLastRefresh()); + Assert.assertNull("LastSuccessfulRefresh", provider.getLastSuccessfulRefresh()); + Assert.assertNull("LastUpdate", provider.getLastUpdate()); + + final IPvp2MetadataProvider resolver1 = resolverFactory.createMetadataProvider( + "classpath:/data/idp_metadata_sig_notvalid.xml", + null, "junit", null); + Assert.assertNotNull("Resolver 1 is null", resolver1); + provider.addMetadataResolverIntoChain(resolver1); + + final IPvp2MetadataProvider resolver2 = resolverFactory.createMetadataProvider( + "classpath:/data/idp_metadata_sig_valid_wrong_alg.xml", + null, "junit", null); + Assert.assertNotNull("Resolver 2 is null", resolver2); + provider.addMetadataResolverIntoChain(resolver2); + + provider.refresh(); + + Assert.assertTrue("Last refresh", provider.wasLastRefreshSuccess()); + Assert.assertNotNull("LastRefresh", provider.getLastRefresh()); + Assert.assertNotNull("LastSuccessfulRefresh", provider.getLastSuccessfulRefresh()); + Assert.assertNotNull("LastUpdate", provider.getLastUpdate()); + + } + + @Test + public void reloadPossible() throws XMLParserException, UnmarshallingException, + SamlSigningException, CredentialsNotAvailableException, MarshallingException, ResolverException, + IOException { + + mockWebServer.shutdown(); + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/metadata"); + + final String entityId = injectValidHttpMetadata(); + final EntityDescriptor entity = provider.getEntityDescriptor(entityId); + Assert.assertNotNull("Entity not found", entity); + Assert.assertNotNull("Entity not found", + provider.resolveSingle(generateEntityIdCreteria(entityId))); + + Assert.assertFalse("Last refresh", provider.wasLastRefreshSuccess()); + + injectValidHttpMetadata(entityId); + Assert.assertTrue("Refresh should not be possible", + provider.refreshMetadataProvider(entityId)); + + final EntityDescriptor entity2 = provider.getEntityDescriptor(entityId); + Assert.assertNotNull("Entity not found", entity2); + Assert.assertNotNull("Entity not found", + provider.resolveSingle(generateEntityIdCreteria(entityId))); + + Assert.assertFalse("Last refresh", provider.wasLastRefreshSuccess()); + + } + + private String injectValidHttpMetadata() throws SamlSigningException, CredentialsNotAvailableException, + XMLParserException, UnmarshallingException, MarshallingException { + return injectValidHttpMetadata(mockServerUrl.url().toString() + + "/" + RandomStringUtils.randomAlphabetic(5)); + } + + private String injectValidHttpMetadata(String dynEntityId) throws XMLParserException, + UnmarshallingException, + MarshallingException, SamlSigningException, CredentialsNotAvailableException { + final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + MetadataResolverTest.class.getResourceAsStream("/data/idp_metadata_no_sig.xml")); + metadata.setValidUntil(DateTime.now().plusDays(1)); + metadata.setSignature(null); + metadata.setEntityID(dynEntityId); + Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true); + final Element metadataElement = XMLObjectSupport.marshall(metadata); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody(SerializeSupport.nodeToString(metadataElement)) + .setHeader("Content-Type", "text/html;charset=utf-8")); + + return dynEntityId; + + } + + private CriteriaSet generateEntityIdCreteria(String entityId) { + final CriteriaSet result = new CriteriaSet(); + result.add(new EntityIdCriterion(entityId)); + return result; + + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderSecondTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderSecondTest.java new file mode 100644 index 00000000..3ee6ddcd --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderSecondTest.java @@ -0,0 +1,66 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import net.shibboleth.utilities.java.support.resolver.ResolverException; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml" +}) +public class IdAustriaClientAuthMetadataProviderSecondTest { + + @Autowired + IdAustriaClientAuthMetadataProvider provider; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void classInitializer() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + + } + + /** + * jUnit test set-up. + * + * @throws ResolverException + * + */ + @Before + public void testSetup() { + provider.fullyDestroy(); + + } + + @Test + public void notTrustedX509CertsInTrustStore() throws ResolverException { + final EntityDescriptor entity = provider.getEntityDescriptor("classpath:/data/idp_metadata_no_sig2.xml"); + Assert.assertNull("Entity found", entity); + + } + + @Test + public void readStaticInfos() { + Assert.assertEquals("wrong providerId", + IdAustriaClientAuthMetadataProvider.PROVIDER_ID, provider.getId()); + + provider.runGarbageCollector(); + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientCredentialProviderTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientCredentialProviderTest.java new file mode 100644 index 00000000..3e37e1a6 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientCredentialProviderTest.java @@ -0,0 +1,414 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.BeansException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import com.google.common.base.Optional; +import com.google.common.base.Predicates; +import com.google.common.base.Throwables; +import com.google.common.collect.FluentIterable; + +import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_basic_lazy.xml", + "/SpringTest-context_basic_mapConfig.xml" +}) +@DirtiesContext +public class IdAustriaClientCredentialProviderTest { + + private static final String PATH_JKS = "../keystore/junit_test.jks"; + private static final String ALIAS_METADATA = "meta"; + private static final String ALIAS_SIGN = "sig"; + private static final String ALIAS_ENC = "enc"; + private static final String PASSWORD = "password"; + + @Autowired + private ApplicationContext context; + @Autowired(required = true) + protected MsConnectorDummyConfigMap config; + + /** + * jUnit test initializer. + */ + @Before + public void initialize() { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH, PATH_JKS); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PASSWORD, PASSWORD); + + config.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS); + config.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD); + + config.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS); + config.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD); + + config.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS); + config.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD); + + } + + @Test + @DirtiesContext + public void noKeyStoreUrl() { + config.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH); + try { + context.getBean(IdAustriaClientAuthCredentialProvider.class); + Assert.fail("No KeyStore not detected"); + + } catch (final BeansException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, + e.getCause(), "Wrong exception"); + } + + } + + @Test + @DirtiesContext + public void noKeyStore() { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH, + "src/test/resources/config/notExist.p12"); + try { + context.getBean(IdAustriaClientAuthCredentialProvider.class); + Assert.fail("No KeyStore not detected"); + + } catch (final BeansException e) { + final Optional eaafException = FluentIterable.from( + Throwables.getCausalChain(e)).filter( + Predicates.instanceOf(EaafConfigurationException.class)).first(); + Assert.assertTrue("Wrong exception", eaafException.isPresent()); + Assert.assertEquals("Wrong errorId", "internal.keystore.06", + ((EaafException) eaafException.get()).getErrorId()); + + } + + } + + @Test + @DirtiesContext + public void noWrongKeyStorePassword() { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PASSWORD, "test"); + try { + context.getBean(IdAustriaClientAuthCredentialProvider.class); + Assert.fail("No KeyStore not detected"); + + } catch (final BeansException e) { + final Optional eaafException = FluentIterable.from( + Throwables.getCausalChain(e)).filter( + Predicates.instanceOf(EaafFactoryException.class)).first(); + Assert.assertTrue("Wrong exception", eaafException.isPresent()); + Assert.assertEquals("Wrong errorId", "internal.keystore.06", + ((EaafException) eaafException.get()).getErrorId()); + + } + + } + + @Test + @DirtiesContext + public void notKeyConfigurationWrongAlias() { + final IdAustriaClientAuthCredentialProvider credential = context.getBean( + IdAustriaClientAuthCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + credential.getMessageSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + credential.getMessageEncryptionCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + } + + @Test + @DirtiesContext + public void notKeyConfigurationWrongPassword() { + final IdAustriaClientAuthCredentialProvider credential = context.getBean( + IdAustriaClientAuthCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + credential.getMessageSigningCredential(); + Assert.fail("No message signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + final EaafX509Credential encCred = credential.getMessageEncryptionCredential(); + Assert.assertNull("No encryption signing credentials not detected", encCred); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + } + + @Test + @DirtiesContext + public void notKeyConfigurationValidAliasWrongPassword() { + final IdAustriaClientAuthCredentialProvider credential = context.getBean( + IdAustriaClientAuthCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS, + ALIAS_METADATA); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS, + ALIAS_SIGN); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + credential.getMessageSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS, + ALIAS_ENC); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + credential.getMessageEncryptionCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + } + + @Test + @DirtiesContext + public void notKeyConfigurationWrongAliasValidPassword() { + final IdAustriaClientAuthCredentialProvider credential = context.getBean( + IdAustriaClientAuthCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD, + PASSWORD); + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD, + PASSWORD); + credential.getMessageSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD, + PASSWORD); + credential.getMessageEncryptionCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + } + + @Test + @DirtiesContext + public void validonfiguration() throws CredentialsNotAvailableException { + final IdAustriaClientAuthCredentialProvider credential = context.getBean( + IdAustriaClientAuthCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS, + ALIAS_METADATA); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD, + PASSWORD); + credential.getMetaDataSigningCredential(); + + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS, + ALIAS_SIGN); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD, + PASSWORD); + credential.getMessageSigningCredential(); + + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS, + ALIAS_ENC); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD, + PASSWORD); + credential.getMessageEncryptionCredential(); + + } + + @Test + @DirtiesContext + public void notKeyConfiguration() { + final IdAustriaClientAuthCredentialProvider credential = context.getBean( + IdAustriaClientAuthCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + credential.getMessageSigningCredential(); + Assert.fail("No message signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + final EaafX509Credential encCred = credential.getMessageEncryptionCredential(); + Assert.assertNull("No encryption signing credentials not detected", encCred); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + } + + @Test + @DirtiesContext + public void notKeyConfigurationPkcs12() { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH, + "../keystore/pvp.p12"); + final IdAustriaClientAuthCredentialProvider credential = context.getBean( + IdAustriaClientAuthCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + credential.getMessageSigningCredential(); + Assert.fail("No message signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + final EaafX509Credential encCred = credential.getMessageEncryptionCredential(); + Assert.assertNull("No encryption signing credentials not detected", encCred); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java index 2579bb40..4fb05a35 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java @@ -1,38 +1,19 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateMobilePhoneSignatureRequestTask; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyAuthConfigMap; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory; -import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; -import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; +import static org.junit.Assert.assertThrows; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.util.Base64; +import java.util.Map; + import org.apache.commons.lang3.RandomStringUtils; -import org.apache.commons.lang3.StringUtils; import org.junit.Assert; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; -import org.opensaml.core.xml.schema.XSString; import org.opensaml.core.xml.util.XMLObjectSupport; import org.opensaml.saml.common.xml.SAMLConstants; import org.opensaml.saml.saml2.core.AuthnRequest; @@ -41,23 +22,38 @@ import org.springframework.context.ApplicationContext; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; -import java.io.ByteArrayInputStream; -import java.io.InputStream; -import java.util.Base64; -import java.util.Map; +import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateMobilePhoneSignatureRequestTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; @RunWith(SpringJUnit4ClassRunner.class) -@TestPropertySource(locations = {"classpath:/config/junit_config_1-.properties" }) -//@ContextConfiguration({"/spring/SpringTest-context_mapConfig_full.xml", "classpath:/spring/test_eaaf_core.beans.xml"}) -//@TestPropertySource(locations = { "classpath:/config/junit_config_1_springboot.properties" }) @ContextConfiguration(locations = { - "/SpringTest-context_tasks_test1.xml", - "/SpringTest-context_basic_mapConfig1.xml" + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml", + "classpath:/eaaf_pvp_sp.beans.xml" }) public class GenerateMobilePhoneSignatureRequestTaskTest { @@ -68,7 +64,7 @@ public class GenerateMobilePhoneSignatureRequestTaskTest { @Autowired(required = true) private ApplicationContext context; @Autowired(required = true) - protected DummyAuthConfigMap authConfig; + protected MsConnectorDummyConfigMap authConfig; @Autowired private IdAustriaClientAuthMetadataProvider metadataProvider; @Autowired @@ -77,8 +73,8 @@ public class GenerateMobilePhoneSignatureRequestTaskTest { private DummyGuiBuilderConfigurationFactory guiBuilderConfigFactory; @Autowired private SamlVerificationEngine samlVerifyEngine; -// @Autowired -// private ITransactionStorage transactionStorage; + @Autowired + private ITransactionStorage transactionStorage; final ExecutionContext executionContext = new ExecutionContextImpl(); private MockHttpServletRequest httpReq; @@ -106,27 +102,26 @@ public class GenerateMobilePhoneSignatureRequestTaskTest { */ @Before public void setUp() throws Exception { - task = (GenerateMobilePhoneSignatureRequestTask) context.getBean("GenerateMobilePhoneSignatureRequestTask"); + task = (GenerateMobilePhoneSignatureRequestTask) context.getBean( + "GenerateMobilePhoneSignatureRequestTask"); httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); httpResp = new MockHttpServletResponse(); RequestContextHolder.resetRequestAttributes(); RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - authConfig.putConfigValue("modules.idaustriaclient.request.sign.alias", "sig"); + authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, + METADATA_PATH); + authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS, + "sig"); oaParam = new DummyOA(); oaParam.setUniqueAppId("http://test.com/test"); - oaParam.setBmiUniqueIdentifier(oaParam.getUniqueIdentifier() + "#" + RandomStringUtils.randomAlphanumeric(5)); + oaParam.setBmiUniqueIdentifier(oaParam.getUniqueIdentifier() + "#" + RandomStringUtils.randomAlphanumeric( + 5)); oaParam.setTargetIdentifier( EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2)); oaParam.setEidasEnabled(true); - oaParam.putGenericConfigurationKey( - IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, null); - // oaParam.setMandateProfilesCsv( - // RandomStringUtils.randomAlphabetic(5) - // + "," + RandomStringUtils.randomAlphabetic(5) - // + "," + RandomStringUtils.randomAlphabetic(5)); pendingReq = new TestRequestImpl(); pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); @@ -140,108 +135,69 @@ public class GenerateMobilePhoneSignatureRequestTaskTest { @Test public void noMetadataAvailableOnGlobalConfig() { - authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID, - RandomStringUtils.randomAlphabetic(10)); - - try { - task.execute(pendingReq, executionContext); - Assert.fail(); - - } catch (final TaskExecutionException e) { - Assert.assertNotNull(e.getPendingRequestID()); - Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - Assert.assertNotNull(e.getOriginalException()); - org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, - e.getOriginalException()); - Assert.assertEquals("module.eidasauth.02", - ((EaafConfigurationException) e.getOriginalException()).getErrorId()); - - } + authConfig.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID); + + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, + e.getOriginalException()); + Assert.assertEquals("module.eidasauth.00", + ((EaafConfigurationException) e.getOriginalException()).getErrorId()); + } @Test - public void noMetadataAvailableOnSpConfig() { - oaParam.putGenericConfigurationKey(IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, - RandomStringUtils.randomAlphabetic(10)); - - try { - task.execute(pendingReq, executionContext); - Assert.fail(); - - } catch (final TaskExecutionException e) { - Assert.assertNotNull(e.getPendingRequestID()); - Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - Assert.assertNotNull(e.getOriginalException()); - org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, - e.getOriginalException()); - Assert.assertEquals("module.eidasauth.02", - ((EaafConfigurationException) e.getOriginalException()).getErrorId()); - - } + public void wrongMetadataAvailableOnGlobalConfig() { + authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, + "http://wrong.path/" + RandomStringUtils.randomAlphabetic(5)); + + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, + e.getOriginalException()); + Assert.assertEquals("module.eidasauth.idaustria.02", + ((EaafConfigurationException) e.getOriginalException()).getErrorId()); + } @Test public void noMetadataSigningKeyStore() throws Pvp2MetadataException { - oaParam.putGenericConfigurationKey(IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, - METADATA_PATH); - - authConfig.removeConfigValue("modules.idaustriaclient.request.sign.alias"); + authConfig.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS); metadataProvider.addMetadataResolverIntoChain( metadataFactory.createMetadataProvider(METADATA_PATH, null, "jUnitTest", null)); - try { - task.execute(pendingReq, executionContext); - Assert.fail(); - - } catch (final TaskExecutionException e) { - Assert.assertNotNull(e.getPendingRequestID()); - Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - Assert.assertNotNull(e.getOriginalException()); - org.springframework.util.Assert.isInstanceOf(CredentialsNotAvailableException.class, - e.getOriginalException()); - Assert.assertEquals("internal.pvp.01", - ((CredentialsNotAvailableException) e.getOriginalException()).getErrorId()); + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(CredentialsNotAvailableException.class, + e.getOriginalException()); + Assert.assertEquals("internal.pvp.01", + ((CredentialsNotAvailableException) e.getOriginalException()).getErrorId()); - } } @Test public void success() throws Exception { - oaParam.putGenericConfigurationKey(IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, - METADATA_PATH); metadataProvider.addMetadataResolverIntoChain( metadataFactory.createMetadataProvider(METADATA_PATH, null, "jUnitTest", null)); pendingReq.setTransactionId(RandomStringUtils.randomAlphanumeric(10)); task.execute(pendingReq, executionContext); - final EaafRequestedAttributes reqAttr = validate(); - Assert.assertEquals("#Req Attribute", 2, reqAttr.getAttributes().size()); - - Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.transactionId", - reqAttr.getAttributes().get(0).getName()); - Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(0).getAttributeValues()); - Assert.assertEquals("#Req. Attr value", 1, - reqAttr.getAttributes().get(0).getAttributeValues().size()); - org.springframework.util.Assert.isInstanceOf(XSString.class, - reqAttr.getAttributes().get(0).getAttributeValues().get(0), "Wrong requested Attributes Value type"); - Assert.assertEquals("Req. Attr. Value", pendingReq.getUniqueTransactionIdentifier(), - ((XSString) reqAttr.getAttributes().get(0).getAttributeValues().get(0)).getValue()); - - Assert.assertEquals("Wrong req attr.", "urn:oid:1.2.40.0.10.2.1.1.261.34", - reqAttr.getAttributes().get(1).getName()); - Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(1).getAttributeValues()); - Assert.assertEquals("#Req. Attr value", 1, - reqAttr.getAttributes().get(1).getAttributeValues().size()); - org.springframework.util.Assert.isInstanceOf(XSString.class, - reqAttr.getAttributes().get(1).getAttributeValues().get(0), "Wrong requested Attributes Value type"); - Assert.assertEquals("Req. Attr. Value", oaParam.getAreaSpecificTargetIdentifier(), - ((XSString) reqAttr.getAttributes().get(1).getAttributeValues().get(0)).getValue()); + validate(); } - private EaafRequestedAttributes validate() throws Exception { + private void validate() throws Exception { Assert.assertEquals("HTTP Statuscode", 200, httpResp.getStatus()); Assert.assertEquals("ContentType", "text/html;charset=UTF-8", httpResp.getContentType()); Assert.assertEquals("ContentEncoding", "UTF-8", httpResp.getCharacterEncoding()); @@ -252,18 +208,15 @@ public class GenerateMobilePhoneSignatureRequestTaskTest { final int startIndex = html.indexOf("SAMLRequest="); Assert.assertTrue("No SAMLRequest in html", startIndex >= 0); final String authnXml = html.substring(startIndex + "SAMLRequest=".length()); - //TODO why do i have to do that?? => remove "} from end -// String authnXml2 = authnXml1.substring(0,authnXml1.length()-2); - //check if relaystate was stored + // check if relaystate was stored final int startIndexRelayState = html.indexOf("RelayState="); Assert.assertTrue("wrong RelayState in HTML", startIndexRelayState >= 0); - String relayState = html.substring(startIndexRelayState + "RelayState=".length(), startIndex); -// String storedPendingReqId = transactionStorage.get(relayState, String.class); -// Assert.assertEquals("relayStore not map to pendingRequestId", -// pendingReq.getPendingRequestId(), storedPendingReqId); - + final String relayState = html.substring(startIndexRelayState + "RelayState=".length(), startIndex); + final String storedPendingReqId = transactionStorage.get(relayState, String.class); + Assert.assertEquals("relayStore not map to pendingRequestId", + pendingReq.getPendingRequestId(), storedPendingReqId); final AuthnRequest authnRequest = (AuthnRequest) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), new ByteArrayInputStream( @@ -275,25 +228,17 @@ public class GenerateMobilePhoneSignatureRequestTaskTest { "https://localhost/authhandler" + IdAustriaClientAuthConstants.ENDPOINT_METADATA, authnRequest.getIssuer().getValue()); - //check XML scheme + // check XML scheme Saml2Utils.schemeValidation(authnRequest); - - //check signature + // check signature final PvpSProfileRequest msg = new PvpSProfileRequest( authnRequest, SAMLConstants.SAML2_POST_BINDING_URI); msg.setEntityID(authnRequest.getIssuer().getValue()); metadataProvider.addMetadataResolverIntoChain( metadataFactory.createMetadataProvider(METADATA_SP_PATH, null, "jUnit SP", null)); - //samlVerifyEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); -//TODO - //check other elements -// Assert.assertNotNull("Proxy-Scope", authnRequest.getScoping()); -// Assert.assertNotNull("RequesterIds", authnRequest.getScoping().getRequesterIDs()); -// Assert.assertEquals("#RequesterIds", 1, authnRequest.getScoping().getRequesterIDs().size()); -// Assert.assertEquals("RequesterId", oaParam.getUniqueApplicationRegisterIdentifier(), -// authnRequest.getScoping().getRequesterIDs().get(0).getRequesterID()); + samlVerifyEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); Assert.assertNotNull("RequestedAuthnContext", authnRequest.getRequestedAuthnContext()); Assert.assertNotNull("AuthnContextClassRef", @@ -303,15 +248,6 @@ public class GenerateMobilePhoneSignatureRequestTaskTest { Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/high", authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().get(0).getAuthnContextClassRef()); - Assert.assertNotNull("Extensions", authnRequest.getExtensions()); - Assert.assertFalse("No Requested attributes", - authnRequest.getExtensions().getUnknownXMLObjects().isEmpty()); - - Assert.assertEquals("#ReqAttributes", 1, authnRequest.getExtensions().getUnknownXMLObjects().size()); - org.springframework.util.Assert.isInstanceOf(EaafRequestedAttributes.class, - authnRequest.getExtensions().getUnknownXMLObjects().get(0), "No Requested Attributes object"); - - return (EaafRequestedAttributes) authnRequest.getExtensions().getUnknownXMLObjects().get(0); } private IVelocityGuiBuilderConfiguration createDummyGuiConfig() { @@ -334,7 +270,8 @@ public class GenerateMobilePhoneSignatureRequestTaskTest { @Override public InputStream getTemplate(String viewName) { - return GenerateMobilePhoneSignatureRequestTaskTest.class.getResourceAsStream("/data/pvp_postbinding_template.html"); + return GenerateMobilePhoneSignatureRequestTaskTest.class.getResourceAsStream( + "/data/pvp_postbinding_template.html"); } @Override diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java index 550c2f13..fb34a2dd 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java @@ -1,24 +1,12 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; +import static org.junit.Assert.assertThrows; import java.io.IOException; import java.util.Base64; import javax.xml.transform.TransformerException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyAuthConfigMap; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyPendingRequest; -import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.RandomStringUtils; import org.joda.time.DateTime; @@ -42,11 +30,22 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; +import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyPendingRequest; import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; import at.gv.egiz.eaaf.core.impl.utils.DomUtils; import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; @@ -60,29 +59,24 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationExceptio import net.shibboleth.utilities.java.support.xml.XMLParserException; @RunWith(SpringJUnit4ClassRunner.class) -//@ContextConfiguration({"/spring/SpringTest-context_mapConfig_full.xml", "classpath:/spring/test_eaaf_core.beans.xml"}) @ContextConfiguration(locations = { - "/SpringTest-context_tasks_test1.xml", - "/SpringTest-context_basic_mapConfig1.xml" + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml" }) public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml"; - private static final String METADATA_PATH1 = "classpath:/data/idp_metadata_classpath_entity1.xml"; - private static final String TEST_SIGNED_AUTHBLOCK = "MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQG" - + "EwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMw" - + "MDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0" - + "YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SYO4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eT" - + "OWdiQX0GpDIBspYMZh8ZKcwwCgYIKoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImnAiA2KwFt" - + "zO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA=="; @Autowired(required = true) private ApplicationContext context; @Autowired(required = true) - protected DummyAuthConfigMap authConfig; - @Autowired private IdAustriaClientAuthMetadataProvider metadataProvider; - @Autowired private IdAustriaClientAuthCredentialProvider credentialProvider; - @Autowired private PvpMetadataResolverFactory metadataFactory; + protected MsConnectorDummyConfigMap authConfig; + @Autowired + private IdAustriaClientAuthMetadataProvider metadataProvider; + @Autowired + private IdAustriaClientAuthCredentialProvider credentialProvider; + @Autowired + private PvpMetadataResolverFactory metadataFactory; final ExecutionContext executionContext = new ExecutionContextImpl(); private MockHttpServletRequest httpReq; @@ -110,7 +104,8 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { */ @Before public void setUp() throws Exception { - task = (ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask) context.getBean("ReceiveMobilePhoneSignatureResponseTask"); + task = (ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask) context.getBean( + "ReceiveMobilePhoneSignatureResponseTask"); httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); httpReq.setScheme("https"); @@ -120,28 +115,18 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { RequestContextHolder.resetRequestAttributes(); RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - authConfig.putConfigValue("modules.eidascentralauth.request.sign.alias", "sig"); -// authConfig.putConfigValue(AuthHandlerConstants.PROP_CONFIG_LEGACY_ALLOW, "false"); + authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, + METADATA_PATH); oaParam = new DummyOA(); oaParam.setUniqueAppId("http://test.com/test"); oaParam.setTargetIdentifier( EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2)); - oaParam.setEidasEnabled(true); - oaParam.putGenericConfigurationKey( - IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH); - oaParam.putGenericConfigurationKey( - IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, null); - oaParam.setMandateProfilesCsv( - RandomStringUtils.randomAlphabetic(5) - + "," + RandomStringUtils.randomAlphabetic(5) - + "," + RandomStringUtils.randomAlphabetic(5)); pendingReq = new DummyPendingRequest(); pendingReq.initialize(httpReq, authConfig); pendingReq.setPendingRequestId(RandomStringUtils.randomAlphanumeric(10)); pendingReq.setOnlineApplicationConfiguration(oaParam); - //pendingReq.setAuthUrl("https://localhost/authhandler"); metadataProvider.fullyDestroy(); @@ -153,20 +138,17 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { RequestContextHolder.resetRequestAttributes(); RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - try { - task.execute(pendingReq, executionContext); - Assert.fail("Invalid response not detected"); + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); - } catch (final TaskExecutionException e) { - Assert.assertNotNull(e.getPendingRequestID()); - Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - Assert.assertNotNull(e.getOriginalException()); - org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, - e.getOriginalException()); - Assert.assertEquals("sp.pvp2.03", - ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.03", + ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); - } } @Test @@ -175,61 +157,52 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { RequestContextHolder.resetRequestAttributes(); RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - try { - task.execute(pendingReq, executionContext); - Assert.fail("Invalid response not detected"); + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); - } catch (final TaskExecutionException e) { - Assert.assertNotNull(e.getPendingRequestID()); - Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - Assert.assertNotNull(e.getOriginalException()); - org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, - e.getOriginalException()); - Assert.assertEquals("sp.pvp2.12", - ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.12", + ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); - } } @Test public void httpPostNoMessage() { - try { - task.execute(pendingReq, executionContext); - Assert.fail("Invalid response not detected"); + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); - } catch (final TaskExecutionException e) { - Assert.assertNotNull(e.getPendingRequestID()); - Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - Assert.assertNotNull(e.getOriginalException()); - org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, - e.getOriginalException()); - Assert.assertEquals("sp.pvp2.12", - ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.12", + ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); - } } @Test public void httpPostMessageNotSigned() throws IOException { httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - IOUtils.toByteArray(ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.class.getResourceAsStream( - "/data/Response_without_sig_classpath_entityid.xml")))); - - try { - task.execute(pendingReq, executionContext); - Assert.fail("Invalid response not detected"); + IOUtils.toByteArray(ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.class + .getResourceAsStream( + "/data/Response_without_sig_classpath_entityid.xml")))); + + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.12", + ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); - } catch (final TaskExecutionException e) { - Assert.assertNotNull(e.getPendingRequestID()); - Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - Assert.assertNotNull(e.getOriginalException()); - org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, - e.getOriginalException()); - Assert.assertEquals("sp.pvp2.12", - ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); - - } } @Test @@ -242,22 +215,20 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { "/data/Response_with_wrong_destination_endpoint.xml", credentialProvider.getMessageSigningCredential(), true); httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8"))); + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); - try { - task.execute(pendingReq, executionContext); - Assert.fail("Invalid response not detected"); + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); - } catch (final TaskExecutionException e) { - Assert.assertNotNull(e.getPendingRequestID()); - Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - Assert.assertNotNull(e.getOriginalException()); - org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, - e.getOriginalException()); - Assert.assertEquals("sp.pvp2.12", - ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.12", + ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); - } } @Test @@ -270,22 +241,19 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { "/data/Response_without_sig_classpath_entityid.xml", credentialProvider.getMessageSigningCredential(), true); httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8"))); + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); + + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.11", + ((EaafException) e.getOriginalException()).getErrorId()); - try { - task.execute(pendingReq, executionContext); - Assert.fail("Invalid response not detected"); - - } catch (final TaskExecutionException e) { - Assert.assertNotNull(e.getPendingRequestID()); - Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - Assert.assertNotNull(e.getOriginalException()); - org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, - e.getOriginalException()); - Assert.assertEquals("sp.pvp2.11", - ((EaafException) e.getOriginalException()).getErrorId()); - - } } @Test @@ -301,22 +269,20 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { "/data/Response_without_sig_classpath_entityid.xml", credentialProvider.getMessageSigningCredential(), false); httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8"))); + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); - try { - task.execute(pendingReq, executionContext); - Assert.fail("Invalid response not detected"); + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); - } catch (final TaskExecutionException e) { - Assert.assertNotNull(e.getPendingRequestID()); - Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - Assert.assertNotNull(e.getOriginalException()); - org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, - e.getOriginalException()); - Assert.assertEquals("sp.pvp2.12", - ((EaafException) e.getOriginalException()).getErrorId()); + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.12", + ((EaafException) e.getOriginalException()).getErrorId()); - } } @Test @@ -324,36 +290,32 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, MarshallingException, TransformerException { - oaParam.putGenericConfigurationKey( - IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, "http://wrong.idp"); - + authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, + "http://wrong.idp/" + RandomStringUtils.randomAlphabetic(5)); + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( METADATA_PATH, null, "jUnit IDP", null)); - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH1, null, "jUnit IDP", null)); final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity1.xml", + "classpath:/data/idp_metadata_classpath_entity.xml", "/data/Response_without_sig_classpath_entityid.xml", credentialProvider.getMessageSigningCredential(), true); httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8"))); + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); - try { - task.execute(pendingReq, executionContext); - Assert.fail("Invalid response not detected"); + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); - } catch (final TaskExecutionException e) { - Assert.assertNotNull(e.getPendingRequestID()); - Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - Assert.assertNotNull(e.getOriginalException()); - org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, - e.getOriginalException()); - Assert.assertEquals("sp.pvp2.08", - ((EaafException) e.getOriginalException()).getErrorId()); + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.08", + ((EaafException) e.getOriginalException()).getErrorId()); - } } @Test @@ -361,9 +323,6 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, MarshallingException, TransformerException { - oaParam.putGenericConfigurationKey( - IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH); - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( METADATA_PATH, null, "jUnit IDP", null)); @@ -373,22 +332,20 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { credentialProvider.getMessageSigningCredential(), true); httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8"))); + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); - try { - task.execute(pendingReq, executionContext); - Assert.fail("Invalid response not detected"); + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); - } catch (final TaskExecutionException e) { - Assert.assertNotNull(e.getPendingRequestID()); - Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - Assert.assertNotNull(e.getOriginalException()); - org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, - e.getOriginalException()); - Assert.assertEquals("sp.pvp2.12", - ((EaafException) e.getOriginalException()).getErrorId()); + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.12", + ((EaafException) e.getOriginalException()).getErrorId()); - } } @Test @@ -396,9 +353,6 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, MarshallingException, TransformerException { - oaParam.putGenericConfigurationKey( - IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH); - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( METADATA_PATH, null, "jUnit IDP", null)); @@ -408,22 +362,20 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { credentialProvider.getMessageSigningCredential(), true); httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8"))); + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); - try { - task.execute(pendingReq, executionContext); - Assert.fail("Invalid response not detected"); + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); - } catch (final TaskExecutionException e) { - Assert.assertNotNull(e.getPendingRequestID()); - Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - Assert.assertNotNull(e.getOriginalException()); - org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, - e.getOriginalException()); - Assert.assertEquals("sp.pvp2.05", - ((EaafException) e.getOriginalException()).getErrorId()); + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.05", + ((EaafException) e.getOriginalException()).getErrorId()); - } } @Test @@ -431,9 +383,6 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, MarshallingException, TransformerException, TaskExecutionException { - oaParam.putGenericConfigurationKey( - IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH); - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( METADATA_PATH, null, "jUnit IDP", null)); @@ -443,12 +392,13 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { credentialProvider.getMessageSigningCredential(), true); httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8"))); + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); - //perform test + // perform test task.execute(pendingReq, executionContext); - //validate state + // validate state Assert.assertTrue("process not cancelled", executionContext.isProcessCancelled()); Assert.assertTrue("process not stopped by user", pendingReq.isAbortedByUser()); Assert.assertFalse("should not authenticated", pendingReq.isAuthenticated()); @@ -460,9 +410,6 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, MarshallingException, TransformerException { - oaParam.putGenericConfigurationKey( - IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH); - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( METADATA_PATH, null, "jUnit IDP", null)); @@ -472,7 +419,8 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { credentialProvider.getMessageSigningCredential(), true); httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8"))); + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); try { task.execute(pendingReq, executionContext); @@ -495,9 +443,6 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, MarshallingException, TransformerException { - oaParam.putGenericConfigurationKey( - IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH); - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( METADATA_PATH, null, "jUnit IDP", null)); @@ -507,7 +452,8 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { credentialProvider.getMessageSigningCredential(), true); httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8"))); + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); try { task.execute(pendingReq, executionContext); @@ -530,9 +476,6 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, MarshallingException, TransformerException, TaskExecutionException, EaafStorageException { - oaParam.putGenericConfigurationKey( - IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH); - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( METADATA_PATH, null, "jUnit IDP", null)); @@ -542,57 +485,27 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { credentialProvider.getMessageSigningCredential(), true); httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8"))); + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); - //put SimpleEidasData in session + // put SimpleEidasData in session final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); - SimpleEidasData eidData = new SimpleEidasData(); + final SimpleEidasData eidData = new SimpleEidasData(); eidData.setFamilyName("Mustermann"); eidData.setGivenName("Max"); eidData.setDateOfBirth("1940-01-01"); authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); - //perform task + // perform task task.execute(pendingReq, executionContext); - //validate state -// Assert.assertTrue("Wrong EID-Process flag", -// (boolean) executionContext.get(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS)); -// Assert.assertFalse("Wrong Mandate flag", -// (boolean) executionContext.get(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES)); - -// Assert.assertEquals("piiTransactionId", "piiId_112233445566", pendingReq.getUniquePiiTransactionIdentifier()); - + // validate state final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); - -// Assert.assertTrue("E-ID flag", session.isEidProcess()); -// Assert.assertTrue("Foreign flag", session.isForeigner()); -// Assert.assertEquals("eidasBind", EIDAS_BIND, session.getQcBind()); -// Assert.assertEquals("vsz", -// "OD/kCGIFbjLTW0po6IZSmoaz3uhPYlO3S5bs9JnK0A5DHtufM3APLuDc3Llp4PeNdEa4NrCmgHr1YUiHT5irT8eDAfGpIbQHJg==", -// session.getVsz()); -// Assert.assertArrayEquals("signedConsent", -// Base64.getDecoder().decode(TEST_SIGNED_AUTHBLOCK), session.getSignedAuthBlock()); -// Assert.assertEquals("AuthBlockType", AuthHandlerConstants.AuthBlockType.JWS, session.getSignedAuthBlockType()); - Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel()); -// Assert.assertEquals("CountryCode", "IT", session.getGenericDataFromSession( -// ExtendedPvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class)); Assert.assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString()); -// Assert.assertNull("SigCert", session.getEncodedSignerCertificate()); - -// Assert.assertFalse("Mandate flag", session.isMandateUsed()); -// Assert.assertNull("MandateInfos", session.getMandateDate()); + //TODO: - Assert.assertNull("MandateType", session.getGenericDataFromSession( - ExtendedPvpAttributeDefinitions.MANDATE_TYPE_NAME, String.class)); - Assert.assertNull("Legal Person CommonName", session.getGenericDataFromSession( - ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, String.class)); - Assert.assertNull("Legal Person SourcePin",session.getGenericDataFromSession( - ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class)); - Assert.assertNull("Legal Person SourcePinType", session.getGenericDataFromSession( - ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class)); } @Test @@ -600,9 +513,6 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, MarshallingException, TransformerException, TaskExecutionException, EaafStorageException { - oaParam.putGenericConfigurationKey( - IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH); - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( METADATA_PATH, null, "jUnit IDP", null)); @@ -612,17 +522,18 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { credentialProvider.getMessageSigningCredential(), true); httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8"))); + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); - //put SimpleEidasData in session + // put SimpleEidasData in session final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); - SimpleEidasData eidData = new SimpleEidasData(); + final SimpleEidasData eidData = new SimpleEidasData(); eidData.setFamilyName("Mustermann1"); eidData.setGivenName("Max"); eidData.setDateOfBirth("1940-01-01"); authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); - //perform task + // perform task try { task.execute(pendingReq, executionContext); Assert.fail("Invalid response not detected"); @@ -634,171 +545,18 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); Assert.assertTrue(e.getOriginalException().getCause() instanceof InvalidUserInputException); - } - - } - - @Test - public void httpPostValidSignedAssertionLegacyValid() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException, TaskExecutionException, EaafStorageException { -// authConfig.putConfigValue(AuthHandlerConstants.PROP_CONFIG_LEGACY_ALLOW, "true"); - oaParam.putGenericConfigurationKey( - IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH); - - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); - - //put SimpleEidasData in session - final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); - SimpleEidasData eidData = new SimpleEidasData(); - eidData.setFamilyName("Mustermann"); - eidData.setGivenName("Max"); - eidData.setDateOfBirth("1940-01-01"); - authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_with_legacy.xml", - credentialProvider.getMessageSigningCredential(), - true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8"))); - - String piiTransId = pendingReq.getUniquePiiTransactionIdentifier(); - - //perform task - task.execute(pendingReq, executionContext); - - //validate state -// Assert.assertFalse("Wrong EID-Process flag", -// (boolean) executionContext.get(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS)); -// Assert.assertFalse("Wrong Mandate flag", -// (boolean) executionContext.get(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES)); - - Assert.assertEquals("piiTransactionId", piiTransId, pendingReq.getUniquePiiTransactionIdentifier()); - - final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); - - Assert.assertFalse("E-ID flag", session.isEidProcess()); -// Assert.assertTrue("Foreign flag", session.isForeigner()); - Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/test", session.getQaaLevel()); -// Assert.assertEquals("CountryCode", "AB", session.getGenericDataFromSession( -// ExtendedPvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class)); - Assert.assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString()); - -// Assert.assertEquals("FamilyName", "Mustermann", session.getGenericDataFromSession( -// ExtendedPvpAttributeDefinitions.PRINCIPAL_NAME_NAME, String.class)); -// Assert.assertEquals("Givenname", "Max", session.getGenericDataFromSession( -// ExtendedPvpAttributeDefinitions.GIVEN_NAME_NAME, String.class)); -// Assert.assertEquals("DateOfBirth", "1940-01-01", session.getGenericDataFromSession( -// ExtendedPvpAttributeDefinitions.BIRTHDATE_NAME, String.class)); -// -// Assert.assertEquals("bPK", "BF:QVGm48cqcM4UcyhDTNGYmVdrIoY=", session.getGenericDataFromSession( -// ExtendedPvpAttributeDefinitions.BPK_NAME, String.class)); -// Assert.assertEquals("bPK-Target", "urn:publicid:gv.at:cdid+BF", session.getGenericDataFromSession( -// ExtendedPvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class)); -// Assert.assertEquals("AuthBlock", TEST_SIGNED_AUTHBLOCK, session.getGenericDataFromSession( -// ExtendedPvpAttributeDefinitions.EID_IDENTITY_LINK_NAME, String.class)); - -// Assert.assertNull("SigCert", session.getEncodedSignerCertificate()); -// Assert.assertNull("eidasBind", session.getQcBind()); -// Assert.assertNull("signedConsent", session.getSignedAuthBlock()); -// Assert.assertEquals("signedConsentType", AuthBlockType.NONE, session.getSignedAuthBlockType()); - - Assert.assertFalse("Mandate flag", session.isMandateUsed()); -// Assert.assertNull("MandateInfos", session.getMandateDate()); - - } - - @Test - public void httpPostValidSignedAssertionWithLegacyAndEid() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException, TaskExecutionException, EaafStorageException { - - oaParam.putGenericConfigurationKey( - IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH); - - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); - - //put SimpleEidasData in session - final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); - SimpleEidasData eidData = new SimpleEidasData(); - eidData.setFamilyName("Mustermann"); - eidData.setGivenName("Max"); - eidData.setDateOfBirth("1940-01-01"); - authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_with_legacy_and_EID.xml", - credentialProvider.getMessageSigningCredential(), - true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8"))); - - //perform task - task.execute(pendingReq, executionContext); - - //validate state -// Assert.assertTrue("Wrong EID-Process flag", -// (boolean) executionContext.get(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS)); - final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); -// Assert.assertFalse("Wrong Mandate flag", -// (boolean) executionContext.get(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES)); - -// Assert.assertTrue("E-ID flag", session.isEidProcess()); -// Assert.assertTrue("Foreign flag", session.isForeigner()); - Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/test", session.getQaaLevel()); -// Assert.assertEquals("CountryCode", "AB", session.getGenericDataFromSession( -// ExtendedPvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class)); - Assert.assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString()); - -// Assert.assertEquals("eidasBind", EIDAS_BIND, session.getQcBind()); -// Assert.assertArrayEquals("signedConsent", -// Base64.getDecoder().decode(TEST_SIGNED_AUTHBLOCK), session.getSignedAuthBlock()); - -// Assert.assertEquals("FamilyName", "Mustermann", session.getGenericDataFromSession( -// ExtendedPvpAttributeDefinitions.PRINCIPAL_NAME_NAME, String.class)); -// Assert.assertEquals("Givenname", "Max", session.getGenericDataFromSession( -// ExtendedPvpAttributeDefinitions.GIVEN_NAME_NAME, String.class)); -// Assert.assertEquals("DateOfBirth", "1940-01-01", session.getGenericDataFromSession( -// ExtendedPvpAttributeDefinitions.BIRTHDATE_NAME, String.class)); -// -// Assert.assertEquals("FamilyName", "BF:QVGm48cqcM4UcyhDTNGYmVdrIoY=", session.getGenericDataFromSession( -// ExtendedPvpAttributeDefinitions.BPK_NAME, String.class)); -// Assert.assertEquals("FamilyName", "urn:publicid:gv.at:cdid+BF", session.getGenericDataFromSession( -// ExtendedPvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class)); -// Assert.assertEquals("FamilyName", TEST_SIGNED_AUTHBLOCK, session.getGenericDataFromSession( -// ExtendedPvpAttributeDefinitions.EID_IDENTITY_LINK_NAME, String.class)); - -// Assert.assertNull("SigCert", session.getEncodedSignerCertificate()); - - Assert.assertFalse("Mandate flag", session.isMandateUsed()); -// Assert.assertNull("MandateInfos", session.getMandateDate()); - - Assert.assertNull("MandateType", session.getGenericDataFromSession( - ExtendedPvpAttributeDefinitions.MANDATE_TYPE_NAME, String.class)); - Assert.assertNull("Legal Person CommonName", session.getGenericDataFromSession( - ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, String.class)); - Assert.assertNull("Legal Person SourcePin",session.getGenericDataFromSession( - ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class)); - Assert.assertNull("Legal Person SourcePinType", session.getGenericDataFromSession( - ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class)); + } } - - - private Response initializeResponse(String idpEntityId, String responsePath, EaafX509Credential credential, - boolean validConditions) throws SamlSigningException, XMLParserException, UnmarshallingException, + boolean validConditions) throws SamlSigningException, XMLParserException, UnmarshallingException, Pvp2MetadataException { final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), - ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.class.getResourceAsStream(responsePath)); + ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.class.getResourceAsStream( + responsePath)); response.setIssueInstant(DateTime.now()); final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class); issuer.setValue(idpEntityId); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_lazy.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_lazy.xml new file mode 100644 index 00000000..a567ecba --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_lazy.xml @@ -0,0 +1,24 @@ + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_mapConfig1.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_mapConfig1.xml deleted file mode 100644 index 56c7ed6e..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_mapConfig1.xml +++ /dev/null @@ -1,24 +0,0 @@ - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml index 956cfcc9..d4783585 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml @@ -12,6 +12,9 @@ + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test1.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test1.xml deleted file mode 100644 index 8363eb50..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test1.xml +++ /dev/null @@ -1,63 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml index da64d25d..f4463a3e 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml @@ -18,6 +18,8 @@ + + @@ -25,6 +27,15 @@ + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test1.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test1.xml deleted file mode 100644 index c58eb330..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test1.xml +++ /dev/null @@ -1,149 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1-.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1-.properties deleted file mode 100644 index ee4dff39..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1-.properties +++ /dev/null @@ -1,252 +0,0 @@ -## Basic service configuration -eidas.ms.context.url.prefix= -eidas.ms.context.url.request.validation=false - -eidas.ms.context.use.clustermode=true - -##Monitoring -eidas.ms.monitoring.eIDASNode.metadata.url= - - -##Specific logger configuration -eidas.ms.technicallog.write.MDS.into.techlog=true -eidas.ms.revisionlog.write.MDS.into.revisionlog=true -eidas.ms.revisionlog.logIPAddressOfUser=true - -##Directory for static Web content -eidas.ms.webcontent.static.directory=webcontent/ -eidas.ms.webcontent.templates=templates/ -eidas.ms.webcontent.properties=properties/messages - -## extended validation of pending-request Id's -eidas.ms.core.pendingrequestid.maxlifetime=300 -eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256 -eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret - -## eIDAS Ref. Implementation connector ### -eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector -eidas.ms.auth.eIDAS.node_v2.forward.endpoint= -eidas.ms.auth.eIDAS.node_v2.forward.method=POST -eidas.ms.auth.eIDAS.node_v2.countrycode=AT -eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.* -eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true -eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true -eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true -eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs=myNode - -eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high - -eidas.ms.auth.eIDAS.szrclient.useTestService=true -eidas.ms.auth.eIDAS.szrclient.endpoint.prod= -eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr -eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/..... -eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password= -eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path= -eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password= -eidas.ms.auth.eIDAS.szrclient.timeout.connection=15 -eidas.ms.auth.eIDAS.szrclient.timeout.response=30 -eidas.ms.auth.eIDAS.szrclient.params.vkz= - -eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false - - -eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s -eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair -eidas.ms.auth.eIDAS.authblock.keystore.path=./../keystore/teststore.jks -eidas.ms.auth.eIDAS.authblock.keystore.type=jks -eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair1 -eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s - - -#Raw eIDAS Id data storage -eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true - -eidas.ms.auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true -eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true - -eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true -eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=true - -##without mandates -eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true -eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true -eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.2=FirstName,true -eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.3=DateOfBirth,true - -eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.4=PlaceOfBirth,false -eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.5=BirthName,false -eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.6=Gender,false -eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.7=CurrentAddress,false -eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.8=testtest,false - -##with mandates ---- NOT FULLY SUPPORTED AT THE MOMENT ----- -eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.0=PersonIdentifier,true -eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.1=FamilyName,true -eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.2=FirstName,true -eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.3=DateOfBirth,true -eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,true -eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true - - -## PVP2 S-Profile end-point configuration -eidas.ms.pvp2.keystore.path=keys/..... -eidas.ms.pvp2.keystore.password= -eidas.ms.pvp2.key.metadata.alias= -eidas.ms.pvp2.key.metadata.password= -eidas.ms.pvp2.key.signing.alias= -eidas.ms.pvp2.key.signing.password= -eidas.ms.pvp2.metadata.validity=24 - -## Service Provider configuration -eidas.ms.sp.0.uniqueID= -eidas.ms.sp.0.pvp2.metadata.truststore= -eidas.ms.sp.0.pvp2.metadata.truststore.password= -eidas.ms.sp.0.newEidMode=true - -#eidas.ms.sp.0.friendlyName= -#eidas.ms.sp.0.pvp2.metadata.url= -#eidas.ms.sp.0.policy.allowed.requested.targets=.* -#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false - - -##only for advanced config -eidas.ms.configuration.sp.disableRegistrationRequirement= -eidas.ms.configuration.restrictions.baseID.spTransmission= -eidas.ms.configuration.auth.default.countrycode= -eidas.ms.configuration.pvp.scheme.validation= -eidas.ms.configuration.pvp.enable.entitycategories= - - - - -## PVP2 S-Profile ID Austria client configuration - -eidas.ms.modules.idaustriaclient.keystore.path=../keystore/junit_test.jks -eidas.ms.modules.idaustriaclient.keystore.password=password -eidas.ms.modules.idaustriaclient.keystore.type=jks - -eidas.ms.modules.idaustriaclient.metadata.sign.alias=meta -eidas.ms.modules.idaustriaclient.metadata.sign.password=password -eidas.ms.modules.idaustriaclient.request.sign.alias=sig -eidas.ms.modules.idaustriaclient.request.sign.password=password -eidas.ms.modules.idaustriaclient.response.encryption.alias=enc -eidas.ms.modules.idaustriaclient.response.encryption.password=password - -eidas.ms.modules.idaustriaclient.truststore.path=../keystore/junit_test.jks -eidas.ms.modules.idaustriaclient.truststore.password=password -eidas.ms.modules.idaustriaclient.truststore.type=jks - -eidas.ms.modules.idaustriaclient.node.entityId=classpath:/data/idp_metadata_classpath_entity.xml -eidas.ms.modules.idaustriaclient.sp.entityId= -eidas.ms.modules.idaustriaclient.node.metadataUrl= - -eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit -eidas.ms.modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit -eidas.ms.modules.idaustriaclient.metadata.organisation.url=http://junit.test -eidas.ms.modules.idaustriaclient.metadata.contact.givenname=Max -eidas.ms.modules.idaustriaclient.metadata.contact.surname=Mustermann -eidas.ms.modules.idaustriaclient.metadata.contact.email=max@junit.test - - - - - - -auth.eIDAS.authblock.key.alias=connectorkeypair -auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s -auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair -auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s -auth.eIDAS.authblock.keystore.path=.//src/test/resources/keystore/teststore.jks -auth.eIDAS.authblock.keystore.type=jks -auth.eIDAS.node_v2.attributes.requested.de.onlynatural.4=PlaceOfBirth,false -auth.eIDAS.node_v2.attributes.requested.de.onlynatural.5=BirthName,false -auth.eIDAS.node_v2.attributes.requested.de.onlynatural.6=Gender,false -auth.eIDAS.node_v2.attributes.requested.de.onlynatural.7=CurrentAddress,false -auth.eIDAS.node_v2.attributes.requested.de.onlynatural.8=testtest,false -auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true -auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true -auth.eIDAS.node_v2.attributes.requested.onlynatural.2=FirstName,true -auth.eIDAS.node_v2.attributes.requested.onlynatural.3=DateOfBirth,true -auth.eIDAS.node_v2.attributes.requested.representation.0=PersonIdentifier,true -auth.eIDAS.node_v2.attributes.requested.representation.1=FamilyName,true -auth.eIDAS.node_v2.attributes.requested.representation.2=FirstName,true -auth.eIDAS.node_v2.attributes.requested.representation.3=DateOfBirth,true -auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,true -auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true -auth.eIDAS.node_v2.countrycode=AT -auth.eIDAS.node_v2.entityId=ownSpecificConnector -auth.eIDAS.node_v2.forward.endpoint= -auth.eIDAS.node_v2.forward.method=POST -auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high -auth.eIDAS.node_v2.publicSectorTargets=.* -auth.eIDAS.node_v2.staticProviderNameForPublicSPs=myNode -auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true -auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true -auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true -auth.eIDAS.szrclient.debug.logfullmessages=true -auth.eIDAS.szrclient.debug.useDummySolution=true -auth.eIDAS.szrclient.endpoint.prod= -auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr -auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true -auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true -auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false -auth.eIDAS.szrclient.params.vkz= -auth.eIDAS.szrclient.ssl.keyStore.password= -auth.eIDAS.szrclient.ssl.keyStore.path=keys/..... -auth.eIDAS.szrclient.ssl.trustStore.password= -auth.eIDAS.szrclient.ssl.trustStore.path= -auth.eIDAS.szrclient.timeout.connection=15 -auth.eIDAS.szrclient.timeout.response=30 -auth.eIDAS.szrclient.useTestService=true -auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true -configuration.auth.default.countrycode= -configuration.pvp.enable.entitycategories= -configuration.pvp.scheme.validation= -configuration.restrictions.baseID.spTransmission= -configuration.sp.disableRegistrationRequirement= -context.url.prefix= -context.url.request.validation=false -context.use.clustermode=true -core.pendingrequestid.digist.algorithm=HmacSHA256 -core.pendingrequestid.digist.secret=pendingReqIdSecret -core.pendingrequestid.maxlifetime=300 -modules.idaustriaclient.keystore.password=password -modules.idaustriaclient.keystore.path=.//src/test/resources/keystore/junit_test.jks -modules.idaustriaclient.keystore.type=jks -modules.idaustriaclient.metadata.contact.email=max@junit.test -modules.idaustriaclient.metadata.contact.givenname=Max -modules.idaustriaclient.metadata.contact.surname=Mustermann -modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit -modules.idaustriaclient.metadata.organisation.name=JUnit -modules.idaustriaclient.metadata.organisation.url=http://junit.test -modules.idaustriaclient.metadata.sign.alias=meta -modules.idaustriaclient.metadata.sign.password=password -modules.idaustriaclient.node.entityId=classpath:/data/idp_metadata_classpath_entity.xml -modules.idaustriaclient.node.metadataUrl= -modules.idaustriaclient.request.sign.alias=sig -modules.idaustriaclient.request.sign.password=password -modules.idaustriaclient.response.encryption.alias=enc -modules.idaustriaclient.response.encryption.password=password -modules.idaustriaclient.sp.entityId= -modules.idaustriaclient.truststore.password=password -modules.idaustriaclient.truststore.path=./src/test/resources/keystore/junit_test.jks -modules.idaustriaclient.truststore.type=jks -monitoring.eIDASNode.metadata.url= -pvp2.key.metadata.alias= -pvp2.key.metadata.password= -pvp2.key.signing.alias= -pvp2.key.signing.password= -pvp2.keystore.password= -pvp2.keystore.path=keys/..... -pvp2.metadata.validity=24 -revisionlog.logIPAddressOfUser=true -revisionlog.write.MDS.into.revisionlog=true -sp.0.newEidMode=true -sp.0.pvp2.metadata.truststore.password= -sp.0.pvp2.metadata.truststore= -sp.0.uniqueID= -technicallog.write.MDS.into.techlog=true -webcontent.properties=properties/messages -webcontent.static.directory=webcontent/ -webcontent.templates=templates/ - diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties index df64b494..e6741c88 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties @@ -8,6 +8,11 @@ eidas.ms.context.use.clustermode=true eidas.ms.monitoring.eIDASNode.metadata.url= +eidas.ms.client.http.connection.timeout.socket=1 +eidas.ms.client.http.connection.timeout.connection=1 +eidas.ms.client.http.connection.timeout.request=1 + + ##Specific logger configuration eidas.ms.technicallog.write.MDS.into.techlog=true eidas.ms.revisionlog.write.MDS.into.revisionlog=true @@ -136,14 +141,6 @@ eidas.ms.modules.idaustriaclient.truststore.path=../keystore/junit_test.jks eidas.ms.modules.idaustriaclient.truststore.password=password eidas.ms.modules.idaustriaclient.truststore.type=jks -eidas.ms.modules.idaustriaclient.node.entityId= -eidas.ms.modules.idaustriaclient.sp.entityId= -eidas.ms.modules.idaustriaclient.node.metadataUrl= - -eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit -eidas.ms.modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit -eidas.ms.modules.idaustriaclient.metadata.organisation.url=http://junit.test -eidas.ms.modules.idaustriaclient.metadata.contact.givenname=Max -eidas.ms.modules.idaustriaclient.metadata.contact.surname=Mustermann -eidas.ms.modules.idaustriaclient.metadata.contact.email=max@junit.test +eidas.ms.modules.idaustriaclient.idaustria.idp.entityId= +eidas.ms.modules.idaustriaclient.idaustria.idp.metadataUrl= diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID.xml index 7b802fc0..10701c29 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID.xml @@ -1,5 +1,5 @@ - + classpath:/data/idp_metadata_classpath_entity.xml @@ -9,12 +9,12 @@ QVGm48cqcM4UcyhDTNGYmVdrIoY= - + - https://localhost/authhandler/idAustriaSp/metadata + https://localhost/authhandler/sp/idaustria/metadata diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID_wrong_data.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID_wrong_data.xml deleted file mode 100644 index 50d434e3..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID_wrong_data.xml +++ /dev/null @@ -1,46 +0,0 @@ - - - classpath:/data/idp_metadata_classpath_entity.xml - - - - - https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata - - QVGm48cqcM4UcyhDTNGYmVdrIoY= - - - - - - - https://localhost/authhandler/idAustriaSp/metadata - - - - - http://eidas.europa.eu/LoA/high - - - - - piiId_112233445566 - - - 2.1 - - - http://eidas.europa.eu/LoA/low - - - IT - - - aabbccddeeffgghh - - - MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SYO4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYIKoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImnAiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA== - - - - diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy.xml deleted file mode 100644 index 1bc93fae..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy.xml +++ /dev/null @@ -1,55 +0,0 @@ - - - classpath:/data/idp_metadata_classpath_entity.xml - - - - - https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata - - QVGm48cqcM4UcyhDTNGYmVdrIoY= - - - - - - - https://localhost/authhandler/idAustriaSp/metadata - - - - - http://eidas.europa.eu/LoA/high - - - - - 2.1 - - - http://eidas.europa.eu/LoA/test - - - AB - - - Mustermann - - - Max - - - 1940-01-01 - - - BF:QVGm48cqcM4UcyhDTNGYmVdrIoY= - - - urn:publicid:gv.at:cdid+BF - - - MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SYO4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYIKoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImnAiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA== - - - - diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy_and_EID.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy_and_EID.xml deleted file mode 100644 index 0d465c81..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy_and_EID.xml +++ /dev/null @@ -1,58 +0,0 @@ - - - classpath:/data/idp_metadata_classpath_entity.xml - - - - - https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata - - QVGm48cqcM4UcyhDTNGYmVdrIoY= - - - - - - - https://localhost/authhandler/idAustriaSp/metadata - - - - - http://eidas.europa.eu/LoA/high - - - - - 2.1 - - - http://eidas.europa.eu/LoA/test - - - AB - - - Mustermann - - - Max - - - 1940-01-01 - - - BF:QVGm48cqcM4UcyhDTNGYmVdrIoY= - - - urn:publicid:gv.at:cdid+BF - - - MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SYO4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYIKoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImnAiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA== - - - MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SYO4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYIKoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImnAiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA== - - - - diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_classpath_entityid.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_classpath_entityid.xml index f1065961..1c3bd357 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_classpath_entityid.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_classpath_entityid.xml @@ -1,5 +1,5 @@ - + classpath:/data/idp_metadata_classpath_entity.xml @@ -9,12 +9,12 @@ QVGm48cqcM4UcyhDTNGYmVdrIoY= - + - https://localhost/authhandler/idAustriaSp/metadata + https://localhost/authhandler/sp/idaustria/metadata diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error.xml index 56b06534..2d7020ac 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error.xml @@ -1,5 +1,5 @@ - + classpath:/data/idp_metadata_classpath_entity.xml @@ -12,12 +12,12 @@ QVGm48cqcM4UcyhDTNGYmVdrIoY= - + - https://localhost/authhandler/idAustriaSp/metadata + https://localhost/authhandler/sp/idaustria/metadata diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_empty_subcode.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_empty_subcode.xml index 973491d8..36fd9c11 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_empty_subcode.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_empty_subcode.xml @@ -1,5 +1,5 @@ - + classpath:/data/idp_metadata_classpath_entity.xml @@ -12,12 +12,12 @@ QVGm48cqcM4UcyhDTNGYmVdrIoY= - + - https://localhost/authhandler/idAustriaSp/metadata + https://localhost/authhandler/sp/idaustria/metadata diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_userstop.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_userstop.xml index 087bcb1f..989d3053 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_userstop.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_userstop.xml @@ -1,5 +1,5 @@ - + classpath:/data/idp_metadata_classpath_entity.xml @@ -12,12 +12,12 @@ QVGm48cqcM4UcyhDTNGYmVdrIoY= - + - https://localhost/authhandler/idAustriaSp/metadata + https://localhost/authhandler/sp/idaustria/metadata diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_without_subcode.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_without_subcode.xml index e449327a..c85cb655 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_without_subcode.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_without_subcode.xml @@ -1,5 +1,5 @@ - + classpath:/data/idp_metadata_classpath_entity.xml @@ -11,12 +11,12 @@ QVGm48cqcM4UcyhDTNGYmVdrIoY= - + - https://localhost/authhandler/idAustriaSp/metadata + https://localhost/authhandler/sp/idaustria/metadata diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_classpath_entity1.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_classpath_entity1.xml deleted file mode 100644 index cde66c78..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_classpath_entity1.xml +++ /dev/null @@ -1,146 +0,0 @@ - - - - - - - MIIDMzCCAhsCBFtIcPowDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH - SVoxJDAiBgNVBAsMG2NlbnRyYWwgbmF0aW9uYWwgZUlEQVMgbm9kZTEaMBgGA1UEAwwRQXNzZXJ0 - aW9uIHNpZ25pbmcwHhcNMTgwNzEzMDkyOTMwWhcNMjEwNDA3MDkyOTMwWjBeMQswCQYDVQQGEwJB - VDENMAsGA1UECgwERUdJWjEkMCIGA1UECwwbY2VudHJhbCBuYXRpb25hbCBlSURBUyBub2RlMRow - GAYDVQQDDBFBc3NlcnRpb24gc2lnbmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB - AJ5zDYxMPRcz6AHaev1tS46Tq8sdgbGFM56uxk6c7LmMDC+HTzNX/3Q5S/YwSzgL3ue5TSw1ltOf - yMXMZ6D0+buWWcsxGEkQ8M3adKRFdQrEwafzwTA7pguq5WiHOkr4qwR7dLMome9z5cc3LRcwdOPP - gq7ahb5jM3hRqc5xkMWIuvql0NFXPzlHrjDLwy5nIWPOhL5abhVt4YsXbpbjXxFSGkDEAZ32K3EU - LNBr9FSUmJfbrVX9AU2T+BKIwiqXP8e/3UJHgPHQ0l5ljWp5P6u5+tvM21o8sUM4eArRa8BkdRsP - C92GVuASSUz2ZJ3JhAK1cSM8bnvaZVLQtTvPMAcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAp7z - TubWXW6YMpyLSvWBdZiiQ3X66XpSZLZJDIAkoPzEY0DSBp8I5YASIx4JTR5XJt+6MI9acgNIAYW8 - DhtRwUMVaRWEtuCrfKhGLWm5KSxnhPcD3lzRZhY4ZcA7dUlirjf6hnqo2TFEmJ9fkM+rxwy1GkDD - 7j2YDSOFmSq9/Ud9/IbIfSnRu/lO0dh7iRrmg3y0Y/+plPxYmp4AHqehP11OchTz2FGGHVsSC2Vs - IVBQI6ANZYyOlicgfEEFHA06jP9OnA0EwEFr2P+di9caZg8vfibyzxMGeuf6CY0c0eLHokBCn2W8 - vkzvWiER3pozRvCmXFjCVZfRjUunaJf2ow== - - - - MIIC+DCCAeCgAwIBAgIEXh7TbTANBgkqhkiG9w0BAQsFADA+MQswCQYDVQQGEwJB - VDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxEDAOBgNVBAMMB3NpZ25p - bmcwHhcNMjAwMTE1MDg1NTA5WhcNMjkwMTE0MDg1NTA5WjA+MQswCQYDVQQGEwJB - VDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxEDAOBgNVBAMMB3NpZ25p - bmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUSiRjnDvPafZfhJ+L - 1wM86FKJX3VIAV/8TD9qJ6HOBkn5WwYfpheyCfRb6XVDyIGpO8qnMWAgC17Ngbmh - zj8d8HXNQ2l3uppMv24oUTfXyYhQfZWAghx0sTlRIx/ZmlnduJilx2S53Sa7ruJw - lQcBFXj9h9B8dtyegc86Sx6D9BumP1xU7+mEBk8Gv9rR5Khg0Y7qGfZWB0t4aikg - aupWveVwiGifOOSfR8czqIg9qUpMYfZiTEBTSRmN6sPiNWhd4J0GyAI9Rn5C9jz/ - sSlQrxpN+4DXzsqSU5F6gzq3yRux6wyOzDlt2birf21VPQ9HIy4YCjZXwgDWG7AO - 821pAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADnwdaxUtQU6SIpYwIb2c0ljTmQi - 7ryUcUpNHtK0M0E5Mw5Ex8zwrWbNQZ2sUyc4r07M66iOIqHsYZUQlRYvVKHifDpA - r8TCgD7iGGdB3By8Ou0RaNW+03w1fwmi98CufbHCGvpv0o2KxlejoHZminNdQ79i - bN+01nhocezJQATEQlnwHLiQSjilXpZeLYDk8HbrcUXNRxezN4ChdH+uU54vf+Ux - qcj9QHcmBe1+BM8EXfqS1DbTwZl+NTCnh5OYl8fvIFSOHMBxwFrI4pyY0faxg9Uc - rCogn/oQ+mV1gnVUDaDhvvEnVGZQtrlt7heVId2BeNellVgsrcmdW8j4U9U= - - - - MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDEN - MAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRh - MB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQx - DTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0 - YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SY - O4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYI - KoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImn - AiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA== - - - - - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - - urn:oasis:names:tc:SAML:2.0:nameid-format:transient - - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - - - - - - - - - - - - - - - - - - - - diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_no_sig.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_no_sig.xml new file mode 100644 index 00000000..bc55fe62 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_no_sig.xml @@ -0,0 +1,46 @@ + + + + + + + MIIDMzCCAhsCBFtIcPowDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH +SVoxJDAiBgNVBAsMG2NlbnRyYWwgbmF0aW9uYWwgZUlEQVMgbm9kZTEaMBgGA1UEAwwRQXNzZXJ0 +aW9uIHNpZ25pbmcwHhcNMTgwNzEzMDkyOTMwWhcNMjEwNDA3MDkyOTMwWjBeMQswCQYDVQQGEwJB +VDENMAsGA1UECgwERUdJWjEkMCIGA1UECwwbY2VudHJhbCBuYXRpb25hbCBlSURBUyBub2RlMRow +GAYDVQQDDBFBc3NlcnRpb24gc2lnbmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AJ5zDYxMPRcz6AHaev1tS46Tq8sdgbGFM56uxk6c7LmMDC+HTzNX/3Q5S/YwSzgL3ue5TSw1ltOf +yMXMZ6D0+buWWcsxGEkQ8M3adKRFdQrEwafzwTA7pguq5WiHOkr4qwR7dLMome9z5cc3LRcwdOPP +gq7ahb5jM3hRqc5xkMWIuvql0NFXPzlHrjDLwy5nIWPOhL5abhVt4YsXbpbjXxFSGkDEAZ32K3EU +LNBr9FSUmJfbrVX9AU2T+BKIwiqXP8e/3UJHgPHQ0l5ljWp5P6u5+tvM21o8sUM4eArRa8BkdRsP +C92GVuASSUz2ZJ3JhAK1cSM8bnvaZVLQtTvPMAcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAp7z +TubWXW6YMpyLSvWBdZiiQ3X66XpSZLZJDIAkoPzEY0DSBp8I5YASIx4JTR5XJt+6MI9acgNIAYW8 +DhtRwUMVaRWEtuCrfKhGLWm5KSxnhPcD3lzRZhY4ZcA7dUlirjf6hnqo2TFEmJ9fkM+rxwy1GkDD +7j2YDSOFmSq9/Ud9/IbIfSnRu/lO0dh7iRrmg3y0Y/+plPxYmp4AHqehP11OchTz2FGGHVsSC2Vs +IVBQI6ANZYyOlicgfEEFHA06jP9OnA0EwEFr2P+di9caZg8vfibyzxMGeuf6CY0c0eLHokBCn2W8 +vkzvWiER3pozRvCmXFjCVZfRjUunaJf2ow== + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_no_sig2.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_no_sig2.xml new file mode 100644 index 00000000..bdc176a0 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_no_sig2.xml @@ -0,0 +1,46 @@ + + + + + + + MIIDMzCCAhsCBFtIcPowDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH +SVoxJDAiBgNVBAsMG2NlbnRyYWwgbmF0aW9uYWwgZUlEQVMgbm9kZTEaMBgGA1UEAwwRQXNzZXJ0 +aW9uIHNpZ25pbmcwHhcNMTgwNzEzMDkyOTMwWhcNMjEwNDA3MDkyOTMwWjBeMQswCQYDVQQGEwJB +VDENMAsGA1UECgwERUdJWjEkMCIGA1UECwwbY2VudHJhbCBuYXRpb25hbCBlSURBUyBub2RlMRow +GAYDVQQDDBFBc3NlcnRpb24gc2lnbmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AJ5zDYxMPRcz6AHaev1tS46Tq8sdgbGFM56uxk6c7LmMDC+HTzNX/3Q5S/YwSzgL3ue5TSw1ltOf +yMXMZ6D0+buWWcsxGEkQ8M3adKRFdQrEwafzwTA7pguq5WiHOkr4qwR7dLMome9z5cc3LRcwdOPP +gq7ahb5jM3hRqc5xkMWIuvql0NFXPzlHrjDLwy5nIWPOhL5abhVt4YsXbpbjXxFSGkDEAZ32K3EU +LNBr9FSUmJfbrVX9AU2T+BKIwiqXP8e/3UJHgPHQ0l5ljWp5P6u5+tvM21o8sUM4eArRa8BkdRsP +C92GVuASSUz2ZJ3JhAK1cSM8bnvaZVLQtTvPMAcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAp7z +TubWXW6YMpyLSvWBdZiiQ3X66XpSZLZJDIAkoPzEY0DSBp8I5YASIx4JTR5XJt+6MI9acgNIAYW8 +DhtRwUMVaRWEtuCrfKhGLWm5KSxnhPcD3lzRZhY4ZcA7dUlirjf6hnqo2TFEmJ9fkM+rxwy1GkDD +7j2YDSOFmSq9/Ud9/IbIfSnRu/lO0dh7iRrmg3y0Y/+plPxYmp4AHqehP11OchTz2FGGHVsSC2Vs +IVBQI6ANZYyOlicgfEEFHA06jP9OnA0EwEFr2P+di9caZg8vfibyzxMGeuf6CY0c0eLHokBCn2W8 +vkzvWiER3pozRvCmXFjCVZfRjUunaJf2ow== + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_sig_notvalid.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_sig_notvalid.xml new file mode 100644 index 00000000..86665a9c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_sig_notvalid.xml @@ -0,0 +1,84 @@ + + + + + + + + + + + + + e6DiHa9scuvxJFBUipZ8PQcD4kAkmSIDZgZV+0/7glg= + + + Czr2EwhK/0ZUZ5blQpJfNoOFEscLlxlmHPjmOJUIsxlB2pUn+ApULrjVpR1ViUcGZ0PVi2KChSNoSn09YKjtgPFBiSY010VYdaACgqluxUt6AwESObaqcyHVBzMDUr/g6jkRFEJV4vqnZQQDdDfTH4MXNqunORegS1saBHw4nJSOX4YfoVmIuT5uOlRrxvoG7srnGShvF7DmvIHBUBF5Tq9FyeSgwTM8udxl8Yl9FB2pREuR83CcbgjPrYKtzi6TiSfrWkcD0L5BvmMxN/BdaGDAorxYOnk41sWDJjrkY8C2SC1YDy6XT4SM06uFwstUrRn8QPg1hfbLHAyQNoaR8ecgapk5DkxmbATMcGY+SM4yQWkBdYT7GtufNmF8sIVaL6JOOTKAE9qqX/1N6N4zOPmm8rpIqVEQZtQ5usN/ubxbxLxUoTdDeo8RwkktW6zQ3Zv9+Iyf0DASYmK1IxN+fMw/qyeVy9r6o15ITHTqTmT/7BidKZ58m4HxIK52E3DU + + + MIIEFTCCAn0CBFtIcMwwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH +SVoxMTAvBgNVBAMMKG5hdGlvbmFsIGNlbnRyYWwgZUlEQVMgbm9kZSAtIHRlc3RzeXN0ZW0wHhcN +MTgwNzEzMDkyODQ0WhcNMjEwNDA3MDkyODQ0WjBPMQswCQYDVQQGEwJBVDENMAsGA1UECgwERUdJ +WjExMC8GA1UEAwwobmF0aW9uYWwgY2VudHJhbCBlSURBUyBub2RlIC0gdGVzdHN5c3RlbTCCAaIw +DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALK4bdf5OremKkj0+xCjU0eN7RUd1A2VqoGnvFUs +t7xjLQ1PspHiDf9Pm2cwOIJabSnuZ01hYAGz9X+lU3Z3fwhVc+tEsuzsaAml/LPw3i3+ppoSTJDM +iDvhCoUKTzJ8HBQj2gTvXNlqPljyGneuCJ+uBMr7Okq/XjMTJj2xzvutrHS3qIO+/w+OkY967QLV +RXh0bdFqYqnyAnlYcWJPIwjanOJtE2difPYqers7ZW1F9djP0+IZRoyaook5rpLYvuQTHuvulgIE +3zGlTuOx3sk8zMyInMndqi75Eh+ROnndSZE7gN3u5CfFpuO5pxFa2jj1h/AnR39Tg8/sU+Se+AwH +rNvee3IWhxk5LkelYevfeCQos7Dv2ASE9XMCCs7FoE47w8fDalECh09MFKDiotpklbq3OrPg9NQ4 +D//k0GXlW5jYUKP/Wq/+suAI6mfhSnNkjOGMcMlzNTmwxGD/v7Py6OVA+YcJQsqYalLrqbvT2tXV +mYBVO3oqafg+kfevfwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQCioM8k0EEBFtY4QyxOYFufPDLw +9PNPct01ltnTVjNEEt/L6/8zYlDwrDeULEkJS7mV9zV3657NPQ5IPT/Ib93Uk/RPi0iOA2CGWIMa +DQIODN3BUYr+zPUqhbKS6OWOhTgV8GiRCUbxrT1uc1AiacP63pga3TJX8k8WFnfW+Dqm2MfWWlxr +4X2YB9VUW55X5sBNy035jYhEpp8NCK/fTAhoEQNCG+rm3T9qhT6YyOnbW2kXU747+ZwXT2qA5o4y +a/9+6dDc+LUlHCEm4X7c6bcGvCfNezB4k56FzbAJlOLf2VDGzvEQBf0hsB+kElezm1VBlEkZ4Mjz +pBpHBMoR21SwTpcvrbR4ig0Bk1eEHNK44sw0F32K5yww3gnJftMIZtPhjhk8UdG2/H6vs9s/to2V +j4V6wN4o79RTULoQ8RjL6MPWEWzwOvOZXJAo2XJEECvDivSjIJvNC0lfrK3zI3LH3c1JR6q2EfeC +Z50wTJMFoChSaqunJQXKo81g6wNhP00= + + + + + + + + MIIDMzCCAhsCBFtIcPowDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH +SVoxJDAiBgNVBAsMG2NlbnRyYWwgbmF0aW9uYWwgZUlEQVMgbm9kZTEaMBgGA1UEAwwRQXNzZXJ0 +aW9uIHNpZ25pbmcwHhcNMTgwNzEzMDkyOTMwWhcNMjEwNDA3MDkyOTMwWjBeMQswCQYDVQQGEwJB +VDENMAsGA1UECgwERUdJWjEkMCIGA1UECwwbY2VudHJhbCBuYXRpb25hbCBlSURBUyBub2RlMRow +GAYDVQQDDBFBc3NlcnRpb24gc2lnbmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AJ5zDYxMPRcz6AHaev1tS46Tq8sdgbGFM56uxk6c7LmMDC+HTzNX/3Q5S/YwSzgL3ue5TSw1ltOf +yMXMZ6D0+buWWcsxGEkQ8M3adKRFdQrEwafzwTA7pguq5WiHOkr4qwR7dLMome9z5cc3LRcwdOPP +gq7ahb5jM3hRqc5xkMWIuvql0NFXPzlHrjDLwy5nIWPOhL5abhVt4YsXbpbjXxFSGkDEAZ32K3EU +LNBr9FSUmJfbrVX9AU2T+BKIwiqXP8e/3UJHgPHQ0l5ljWp5P6u5+tvM21o8sUM4eArRa8BkdRsP +C92GVuASSUz2ZJ3JhAK1cSM8bnvaZVLQtTvPMAcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAp7z +TubWXW6YMpyLSvWBdZiiQ3X66XpSZLZJDIAkoPzEY0DSBp8I5YASIx4JTR5XJt+6MI9acgNIAYW8 +DhtRwUMVaRWEtuCrfKhGLWm5KSxnhPcD3lzRZhY4ZcA7dUlirjf6hnqo2TFEmJ9fkM+rxwy1GkDD +7j2YDSOFmSq9/Ud9/IbIfSnRu/lO0dh7iRrmg3y0Y/+plPxYmp4AHqehP11OchTz2FGGHVsSC2Vs +IVBQI6ANZYyOlicgfEEFHA06jP9OnA0EwEFr2P+di9caZg8vfibyzxMGeuf6CY0c0eLHokBCn2W8 +vkzvWiER3pozRvCmXFjCVZfRjUunaJf2ow== + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_sig_valid_wrong_alg.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_sig_valid_wrong_alg.xml new file mode 100644 index 00000000..2187aa5f --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_sig_valid_wrong_alg.xml @@ -0,0 +1,74 @@ + + dhkHkgZ1OOHG0nYWiRXrpZhIAx41103CG6DKDbBra8o=AkxnEu9g3QgYC0JwuJXMYFrnNn6UMtrbtVn5YzkKBXxyYqZui4pEi/TRSM9r7Gt+ +4UqHrJVkYMbbuoO2kpiDnluPG+vHYzYFvF0agQ+gfGjpVQNRORN0FU7JPX+KPjpr +sMU8wVZITSPU0GBBccvzrcpq7DQt0VbV5U7/Vq3KM/fop4ytAkUbTltUj/XxvAd1 +XdhB/zyeTTR2dafJ6Z2CKyM7MMmxwXYD1NrPGciPvTJ9ASHAT0lJM1dxrRNbeAja +KTrNVj78MhSluRm5g7N1pMZzgMSpqN66AUg8pkSTvcRaNImPzYDcMQzHl2Tr362M +RudjSgaEljK98TbBdgLFTg==MIIEqzCCBBSgAwIBAgIHANux81oNezANBgkqhkiG9w0BAQUFADBAMSIwIAYDVQQD +ExlJQUlLIFRlc3QgSW50ZXJtZWRpYXRlIENBMQ0wCwYDVQQKEwRJQUlLMQswCQYD +VQQGEwJBVDAeFw0xMzA5MjcwNTMzMzdaFw0yMzA5MjcwNTMzMzdaMIHkMQswCQYD +VQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5 +IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJ +bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEUMBIGA1UE +BBMLTU9BLVNTIFRlc3QxGDAWBgNVBCoTD0VHSVogVGVzdHBvcnRhbDEkMCIGA1UE +AxMbRUdJWiBUZXN0cG9ydGFsIE1PQS1TUyBUZXN0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAuDjOyf+mY+oQL2FQzzuaiC8C23vVKbq/n2Zi7BqSibZH +mtqMJfmj4pT+hWSNHvVvWsaxFcx4KeNqdCMzwnw1r4P3Sf+2o5uFku5KHEMLMokR +yYQG9VqY/KkB94ye7Pv6zT8gvKqxGFg96UamECep4swPaSZrA8AOER5WAtyGDzKI +Tz+a5zfFaTXDoba7f98PCWR96yKiFjVOhzp38WVz4VJgz+b8ZSY7Xsv5Kn7DXjOL +STX4MevFLki3rFPup3+4vGToaMBW3PEj67HXBdqR855Le6+E6rVxORqsXqlVwhsI +6nuS0CO2LWYmBNR1IB0mXteeYH/HfxvuZc+7yDjdPQIDAQABo4IBhDCCAYAwDgYD +VR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEmcH6VY4BG1EAGB +TLoNR9vH/g6yMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9jcmxzL0lBSUtUZXN0X0ludGVybWVkaWF0ZUNBLmNybDCBqgYI +KwYBBQUHAQEEgZ0wgZowSgYIKwYBBQUHMAGGPmh0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9PQ1NQP2NhPUlBSUtUZXN0X0ludGVybWVkaWF0ZUNBMEwGCCsG +AQUFBzAChkBodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY2Fwc28vY2VydHMvSUFJ +S1Rlc3RfSW50ZXJtZWRpYXRlQ0EuY2VyMCEGA1UdEQQaMBiBFnRob21hcy5sZW56 +QGVnaXouZ3YuYXQwHwYDVR0jBBgwFoAUaKJeEdreL4BrRES/jfplNoEkp28wDQYJ +KoZIhvcNAQEFBQADgYEAlFGjUxXLs7SAT8NtXSrv2WrjlklaRnHTFHLQwyVo8JWb +gvRkHHDUv2o8ofXUY2R2WJ38dxeDoccgbXrJb/Qhi8IY7YhCwv/TuIZDisyAqo8W +ORKSip/6HWlGCSR/Vgoet1GtCmF0FoUxFUIGSAuQ2yyt4fIzt5GJrU1X5ujjI1w= + + + + MIIDMzCCAhsCBFtIcPowDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH +SVoxJDAiBgNVBAsMG2NlbnRyYWwgbmF0aW9uYWwgZUlEQVMgbm9kZTEaMBgGA1UEAwwRQXNzZXJ0 +aW9uIHNpZ25pbmcwHhcNMTgwNzEzMDkyOTMwWhcNMjEwNDA3MDkyOTMwWjBeMQswCQYDVQQGEwJB +VDENMAsGA1UECgwERUdJWjEkMCIGA1UECwwbY2VudHJhbCBuYXRpb25hbCBlSURBUyBub2RlMRow +GAYDVQQDDBFBc3NlcnRpb24gc2lnbmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AJ5zDYxMPRcz6AHaev1tS46Tq8sdgbGFM56uxk6c7LmMDC+HTzNX/3Q5S/YwSzgL3ue5TSw1ltOf +yMXMZ6D0+buWWcsxGEkQ8M3adKRFdQrEwafzwTA7pguq5WiHOkr4qwR7dLMome9z5cc3LRcwdOPP +gq7ahb5jM3hRqc5xkMWIuvql0NFXPzlHrjDLwy5nIWPOhL5abhVt4YsXbpbjXxFSGkDEAZ32K3EU +LNBr9FSUmJfbrVX9AU2T+BKIwiqXP8e/3UJHgPHQ0l5ljWp5P6u5+tvM21o8sUM4eArRa8BkdRsP +C92GVuASSUz2ZJ3JhAK1cSM8bnvaZVLQtTvPMAcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAp7z +TubWXW6YMpyLSvWBdZiiQ3X66XpSZLZJDIAkoPzEY0DSBp8I5YASIx4JTR5XJt+6MI9acgNIAYW8 +DhtRwUMVaRWEtuCrfKhGLWm5KSxnhPcD3lzRZhY4ZcA7dUlirjf6hnqo2TFEmJ9fkM+rxwy1GkDD +7j2YDSOFmSq9/Ud9/IbIfSnRu/lO0dh7iRrmg3y0Y/+plPxYmp4AHqehP11OchTz2FGGHVsSC2Vs +IVBQI6ANZYyOlicgfEEFHA06jP9OnA0EwEFr2P+di9caZg8vfibyzxMGeuf6CY0c0eLHokBCn2W8 +vkzvWiER3pozRvCmXFjCVZfRjUunaJf2ow== + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/sp_metadata_junit.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/sp_metadata_junit.xml index 9c62db5d..0e25cce4 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/sp_metadata_junit.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/sp_metadata_junit.xml @@ -1,5 +1,5 @@ - + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/pvp.p12 b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/pvp.p12 new file mode 100644 index 00000000..183342f7 Binary files /dev/null and b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/pvp.p12 differ diff --git a/pom.xml b/pom.xml index edb31076..796b640c 100644 --- a/pom.xml +++ b/pom.xml @@ -354,6 +354,20 @@ test test-jar + + at.gv.egiz.eaaf + eaaf_module_pvp2_core + ${eaaf-core.version} + test + test-jar + + + at.gv.egiz.eaaf + eaaf_module_pvp2_idp + ${eaaf-core.version} + test + test-jar + at.asitplus.eidas.ms_specific connector_lib -- cgit v1.2.3 From 84244f4ac1909c20ce36531f110705b24edbad12 Mon Sep 17 00:00:00 2001 From: Christian Kollmann Date: Mon, 22 Feb 2021 10:43:57 +0100 Subject: Rename tasks to clarify functionality --- .../config/templates/chooseOtherLoginMethod.html | 250 --------------------- .../config/templates/other_login_method.html | 250 +++++++++++++++++++++ .../specific/connector/MsEidasNodeConstants.java | 16 +- .../specific/modules/auth/eidas/v2/Constants.java | 9 +- .../v2/tasks/GenerateAustrianResidenceGuiTask.java | 76 +++++++ .../GenerateGuiQueryAustrianResidenceTask.java | 77 ------- .../eidas/v2/tasks/GenerateLoginMethodGuiTask.java | 76 ------- .../v2/tasks/GenerateOtherLoginMethodGuiTask.java | 77 +++++++ .../auth/eidas/v2/tasks/InitialSearchTask.java | 4 +- .../ReceiveAustrianResidenceGuiResponseTask.java | 117 ++++++++++ .../ReceiveGuiAustrianResidenceResponseTask.java | 117 ---------- .../tasks/ReceiveLoginMethodGuiResponseTask.java | 95 -------- .../ReceiveOtherLoginMethodGuiResponseTask.java | 95 ++++++++ .../resources/eIDAS.Authentication.process.xml | 54 +++-- .../src/main/resources/eidas_v2_auth.beans.xml | 20 +- .../eidas/v2/test/tasks/InitialSearchTaskTest.java | 8 +- .../ReceiveLoginMethodGuiResponseTaskTest.java | 139 ------------ ...ReceiveOtherLoginMethodGuiResponseTaskTest.java | 135 +++++++++++ 18 files changed, 809 insertions(+), 806 deletions(-) delete mode 100644 connector/src/test/resources/config/templates/chooseOtherLoginMethod.html create mode 100644 connector/src/test/resources/config/templates/other_login_method.html create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateGuiQueryAustrianResidenceTask.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateLoginMethodGuiTask.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveLoginMethodGuiResponseTask.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveLoginMethodGuiResponseTaskTest.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/connector/src/test/resources/config/templates/chooseOtherLoginMethod.html b/connector/src/test/resources/config/templates/chooseOtherLoginMethod.html deleted file mode 100644 index 3a3f9a4a..00000000 --- a/connector/src/test/resources/config/templates/chooseOtherLoginMethod.html +++ /dev/null @@ -1,250 +0,0 @@ - - - - - - - eIDAS-Login Login-Auswahl - - - - - -
-
- - -
-
-
-
-

Zentraler eIDAS Knoten der Republik Österreich

-

Betrieben durch das Bundesministerium für Inneres

-
- -

Wählen Sie Ihr Land / Select your country

- -
- -
- - - -
-
- - - -
-
- - - -
-
- - -
- - - -
- -
-
-
© BUNDESMINISTERIUM FÃœR INNERES
-
-
- - diff --git a/connector/src/test/resources/config/templates/other_login_method.html b/connector/src/test/resources/config/templates/other_login_method.html new file mode 100644 index 00000000..3a3f9a4a --- /dev/null +++ b/connector/src/test/resources/config/templates/other_login_method.html @@ -0,0 +1,250 @@ + + + + + + + eIDAS-Login Login-Auswahl + + + + + +
+
+ + +
+
+
+
+

Zentraler eIDAS Knoten der Republik Österreich

+

Betrieben durch das Bundesministerium für Inneres

+
+ +

Wählen Sie Ihr Land / Select your country

+ +
+ +
+ + + +
+
+ + + +
+
+ + + +
+
+ + +
+ + + +
+ +
+
+
© BUNDESMINISTERIUM FÃœR INNERES
+
+
+ + diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java index 2c87a794..c6eb9bfa 100644 --- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java @@ -85,7 +85,7 @@ public class MsEidasNodeConstants { PROP_CONFIG_PVP2_PREFIX + "metadata.organisation.friendyname"; public static final String CONFIG_PROPS_METADATA_ORGANISATION_URL = PROP_CONFIG_PVP2_PREFIX + "metadata.organisation.url"; - + // TODO: is not implemented yet public static final String PROP_CONFIG_SP_VALIDATION_DISABLED = "configuration.sp.disableRegistrationRequirement"; @@ -100,14 +100,14 @@ public class MsEidasNodeConstants { public static final String PROP_CONFIG_AUTHBLOCK_KEYSTORE_PASSWORD = "auth.eIDAS.authblock.keystore.password"; public static final String PROP_CONFIG_AUTHBLOCK_KEYSTORE_NAME = - "auth.eIDAS.authblock.keystore.name"; + "auth.eIDAS.authblock.keystore.name"; public static final String PROP_CONFIG_AUTHBLOCK_KEY_ALIAS = "auth.eIDAS.authblock.key.alias"; public static final String PROP_CONFIG_AUTHBLOCK_KEY_PASSWORD = "auth.eIDAS.authblock.key.password"; - - - + + + public static final String PROP_CONFIG_SP_LIST_PREFIX = "sp"; public static final String PROP_CONFIG_SP_UNIQUEIDENTIFIER = EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER; @@ -145,7 +145,7 @@ public class MsEidasNodeConstants { public static final String ENDPOINT_PVP_REDIRECT = "/pvp/redirect"; public static final String ENDPOINT_COUNTRYSELECTION = "/myHomeCountry"; - public static final String ENDPOINT_OTHERLOGINMETHODSELECTION = "/otherLoginMethod"; + public static final String ENDPOINT_OTHER_LOGIN_METHOD_SELECTION = "/otherLoginMethod"; public static final String ENDPOINT_RESIDENCY_INPUT = "/residency"; public static final String ENDPOINT_OTHER_CONTACTS_INPUT = "/otherContacts"; public static final String ENDPOINT_MONITORING_MONITOR = "/monitoring"; @@ -158,7 +158,7 @@ public class MsEidasNodeConstants { public static final String TEMPLATE_HTML_ERROR = "error_message.html"; public static final String TEMPLATE_HTML_PVP_POSTBINDING = "pvp2_post_binding.html"; public static final String TEMPLATE_HTML_COUNTRYSELECTION = "countrySelection.html"; - public static final String TEMPLATE_HTML_OTHERLOGINMETHODS = "chooseOtherLoginMethod.html"; + public static final String TEMPLATE_HTML_OTHERLOGINMETHODS = "other_login_method.html"; public static final String TEMPLATE_HTML_RESIDENCY = "residency.html"; public static final String TEMPLATE_HTML_OTHERCONTACTSWITHAUSTRIANEGOV = "otherContactsWithAustrianEgov.html"; // ************ execution context and generic data ************ @@ -182,5 +182,5 @@ public class MsEidasNodeConstants { private MsEidasNodeConstants() { //hidden Constructor for class with static values only. } - + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index e7190ab4..c6d24e34 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -28,7 +28,7 @@ import at.gv.egiz.eaaf.core.api.data.EaafConstants; public class Constants { public static final String ERRORCODE_00 = "module.eidasauth.00"; - + public static final String DATA_REQUESTERID = "req_requesterId"; public static final String DATA_PROVIDERNAME = "req_providerName"; public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA"; @@ -151,7 +151,7 @@ public class Constants { public static final String eIDAS_REQ_PARAM_SECTOR_PUBLIC = "public"; public static final String eIDAS_REQ_PARAM_SECTOR_PRIVATE = "private"; - + public static final String POLICY_DEFAULT_ALLOWED_TARGETS = EaafConstants.URN_PREFIX_CDID.replaceAll("\\.", "\\\\.").replaceAll("\\+", "\\\\+") + ".*"; @@ -184,9 +184,10 @@ public class Constants { public static final String COUNTRY_CODE_IT = "IT"; public static final String TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK = "TASK_CreateNewErnpEntryTask"; - public static final String TRANSITION_TO_CREATE_GENERATE_GUI_TASK = "TASK_GenerateGuiTask"; + public static final String TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK = + "TASK_GenerateOtherLoginMethodGuiTask"; public static final String TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK = - "Task_GenerateGuiQueryAustrianResidenceTask"; + "TASK_GenerateAustrianResidenceGuiTask"; public static final String TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK = "TASK_GenerateMobilePhoneSignatureRequestTask"; public static final String TRANSITION_TO_GENERATE_EIDAS_LOGIN = "TASK_TODO"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java new file mode 100644 index 00000000..d8266398 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java @@ -0,0 +1,76 @@ +/* + * Copyright 2021 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.connector.gui.StaticGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * Show GUI where user can provide an Austrian residence address, to provide further input to match the identity. + * + * @author ckollmann + */ +@Slf4j +@Component("GenerateAustrianResidenceGuiTask") +public class GenerateAustrianResidenceGuiTask extends AbstractAuthServletTask { + + @Autowired + private ISpringMvcGuiFormBuilder guiBuilder; + @Autowired + private IConfiguration basicConfig; + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + final IGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( + basicConfig, + pendingReq, + basicConfig.getBasicConfiguration(//TODO + MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_TEMPLATES_RESIDENCY, + MsEidasNodeConstants.TEMPLATE_HTML_RESIDENCY), + MsEidasNodeConstants.ENDPOINT_RESIDENCY_INPUT, + resourceLoader); + + guiBuilder.build(request, response, config, "Query Austrian residency"); + + } catch (final Exception e) { + log.error("Initial search FAILED.", e); + throw new TaskExecutionException(pendingReq, "Gui creation FAILED.", e); + } + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateGuiQueryAustrianResidenceTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateGuiQueryAustrianResidenceTask.java deleted file mode 100644 index 02f8c5b7..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateGuiQueryAustrianResidenceTask.java +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright 2021 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; - -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.asitplus.eidas.specific.connector.gui.StaticGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import lombok.extern.slf4j.Slf4j; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -/** - * Task that generates a GUI that queries whether the user has an addional eidas eID or an Austrian mobile phone - * signature. - * - * @author amarsalek - */ -@Slf4j -@Component("GenerateGuiQueryAustrianResidenceTask") -public class GenerateGuiQueryAustrianResidenceTask extends AbstractAuthServletTask { - - @Autowired - ISpringMvcGuiFormBuilder guiBuilder; - @Autowired - IConfiguration basicConfig; - - @Override - public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - try { - final IGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( - basicConfig, - pendingReq, - basicConfig.getBasicConfiguration(//TODO - MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_TEMPLATES_RESIDENCY, - MsEidasNodeConstants.TEMPLATE_HTML_RESIDENCY), - MsEidasNodeConstants.ENDPOINT_RESIDENCY_INPUT, - resourceLoader); - - guiBuilder.build(request, response, config, "Query Austrian residency"); - - } catch (final Exception e) { - log.error("Initial search FAILED.", e); - throw new TaskExecutionException(pendingReq, "Gui creation FAILED.", e); - } - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateLoginMethodGuiTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateLoginMethodGuiTask.java deleted file mode 100644 index 9c94b036..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateLoginMethodGuiTask.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright 2021 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; - -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.asitplus.eidas.specific.connector.gui.StaticGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import lombok.extern.slf4j.Slf4j; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -/** - * Task that searches ErnB and ZMR before adding person to SZR. - * - * @author amarsalek - */ -@Slf4j -@Component("GenerateGuiTask") -public class GenerateLoginMethodGuiTask extends AbstractAuthServletTask { - - @Autowired - ISpringMvcGuiFormBuilder guiBuilder; - @Autowired - IConfiguration basicConfig; - - @Override - public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - try { - final IGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( - basicConfig, - pendingReq, - basicConfig.getBasicConfiguration( - MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_TEMPLATES_OTHER_LOGIN_METHOD_SELECTION, - MsEidasNodeConstants.TEMPLATE_HTML_OTHERLOGINMETHODS), - MsEidasNodeConstants.ENDPOINT_OTHERLOGINMETHODSELECTION, - resourceLoader); - - guiBuilder.build(request, response, config, "Other login methods selection form"); - - } catch (final Exception e) { - log.error("Initial search FAILED.", e); - throw new TaskExecutionException(pendingReq, "Gui creation FAILED.", e); - } - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java new file mode 100644 index 00000000..0236b9c2 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java @@ -0,0 +1,77 @@ +/* + * Copyright 2021 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.connector.gui.StaticGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * Task that provides GUI for user to select an alternative login method. + * This page is shown when the matching of the eIDAS data to ZMR/ERnP data is ambiguous + * + * @author ckollmann + */ +@Slf4j +@Component("GenerateOtherLoginMethodGuiTask") +public class GenerateOtherLoginMethodGuiTask extends AbstractAuthServletTask { + + @Autowired + private ISpringMvcGuiFormBuilder guiBuilder; + @Autowired + private IConfiguration basicConfig; + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + final IGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( + basicConfig, + pendingReq, + basicConfig.getBasicConfiguration( + MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_TEMPLATES_OTHER_LOGIN_METHOD_SELECTION, + MsEidasNodeConstants.TEMPLATE_HTML_OTHERLOGINMETHODS), + MsEidasNodeConstants.ENDPOINT_OTHER_LOGIN_METHOD_SELECTION, + resourceLoader); + + guiBuilder.build(request, response, config, "Other login methods selection form"); + + } catch (final Exception e) { + log.error("Initial search FAILED.", e); + throw new TaskExecutionException(pendingReq, "Gui creation FAILED.", e); + } + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index 2e754e14..554c60b6 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -209,9 +209,9 @@ public class InitialSearchTask extends AbstractAuthServletTask { if (mdsSearchResult.getResultCount() == 0) { executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK, true); } else { - executionContext.put(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK, true); + executionContext.put(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true); } - + // todo das suchergebnis auch noch speichern für später! //TODO implement next phase and return correct value return null; } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java new file mode 100644 index 00000000..2020274a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java @@ -0,0 +1,117 @@ +/* + * Copyright 2021 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang3.StringUtils; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.Enumeration; + +/** + * Task receives the response of {@link GenerateAustrianResidenceGuiTask} and handles it. + * + * @author amarsalek + */ +@Slf4j +@Component("ReceiveAustrianResidenceGuiResponseTask") +public class ReceiveAustrianResidenceGuiResponseTask extends AbstractAuthServletTask { + + final String formerResidenceAvailableParameterName = "formerResidenceAvailable"; + final String streetParameterName = "street"; + final String zipCodeParameterName = "zipcode"; + final String cityParameterName = "city"; + private final IZmrClient zmrClient; + + public ReceiveAustrianResidenceGuiResponseTask(IZmrClient zmrClient) { + this.zmrClient = zmrClient; + } + + //TODO + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + + log.trace("Starting ReceiveAustrianResidenceGuiResponseTask"); + // set parameter execution context + final Enumeration reqParamNames = request.getParameterNames(); + String street = null; + String city = null; + String zipcode = null; + Boolean formerResidenceAvailable = false; + while (reqParamNames.hasMoreElements()) { + final String paramName = reqParamNames.nextElement(); + if (StringUtils.isNotEmpty(paramName) + && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) + && formerResidenceAvailableParameterName.equalsIgnoreCase(paramName)) { + formerResidenceAvailable = + Boolean.parseBoolean(StringEscapeUtils.escapeHtml(request.getParameter(paramName))); + } + if (StringUtils.isNotEmpty(paramName) + && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) + && streetParameterName.equalsIgnoreCase(paramName)) { + street = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); + } + if (StringUtils.isNotEmpty(paramName) + && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) + && cityParameterName.equalsIgnoreCase(paramName)) { + city = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); + } + if (StringUtils.isNotEmpty(paramName) + && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) + && zipCodeParameterName.equalsIgnoreCase(paramName)) { + zipcode = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); + } + } + if (formerResidenceAvailable) { + //step 18 + if (street.isEmpty() || city.isEmpty() || zipcode.isEmpty()) { + //form should ensure that mandatory fields are field => + //this can never happen, expect somebody manipulated the response + throw new TaskExecutionException(pendingReq, "Invalid user input", new InvalidUserInputException()); + } + step18_RegisterSearch(street, city, zipcode);//TODO also MDS? + } else { + //step 20 or for now (phase 1) step 9 + executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK, true); + } + + + } + + private void step18_RegisterSearch(String street, String city, String zipcode) { + System.out.println(street + city + zipcode + zmrClient);//TODO + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java deleted file mode 100644 index 977262bb..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright 2021 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import lombok.extern.slf4j.Slf4j; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.commons.lang3.StringUtils; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.util.Enumeration; - -/** - * Task receives the response of GenerateGuiQueryAustrianResidenceTask and handles it. - * - * @author amarsalek - */ -@Slf4j -@Component("ReceiveGuiAustrianResidenceResponseTask") -public class ReceiveGuiAustrianResidenceResponseTask extends AbstractAuthServletTask { - - final String formerResidenceAvailableParameterName = "formerResidenceAvailable"; - final String streetParameterName = "street"; - final String zipCodeParameterName = "zipcode"; - final String cityParameterName = "city"; - private final IZmrClient zmrClient; - - public ReceiveGuiAustrianResidenceResponseTask(IZmrClient zmrClient) { - this.zmrClient = zmrClient; - } - - //TODO - @Override - public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - - log.trace("Starting ReceiveGuiAustrianResidenceResponseTask"); - // set parameter execution context - final Enumeration reqParamNames = request.getParameterNames(); - String street = null; - String city = null; - String zipcode = null; - Boolean formerResidenceAvailable = false; - while (reqParamNames.hasMoreElements()) { - final String paramName = reqParamNames.nextElement(); - if (StringUtils.isNotEmpty(paramName) - && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) - && formerResidenceAvailableParameterName.equalsIgnoreCase(paramName)) { - formerResidenceAvailable = - Boolean.parseBoolean(StringEscapeUtils.escapeHtml(request.getParameter(paramName))); - } - if (StringUtils.isNotEmpty(paramName) - && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) - && streetParameterName.equalsIgnoreCase(paramName)) { - street = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); - } - if (StringUtils.isNotEmpty(paramName) - && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) - && cityParameterName.equalsIgnoreCase(paramName)) { - city = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); - } - if (StringUtils.isNotEmpty(paramName) - && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) - && zipCodeParameterName.equalsIgnoreCase(paramName)) { - zipcode = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); - } - } - if (formerResidenceAvailable) { - //step 18 - if (street.isEmpty() || city.isEmpty() || zipcode.isEmpty()) { - //form should ensure that mandatory fields are field => - //this can never happen, expect somebody manipulated the response - throw new TaskExecutionException(pendingReq, "Invalid user input", new InvalidUserInputException()); - } - step18_RegisterSearch(street, city, zipcode);//TODO also MDS? - } else { - //step 20 or for now (phase 1) step 9 - executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK, true); - } - - - } - - private void step18_RegisterSearch(String street, String city, String zipcode) { - System.out.println(street + city + zipcode + zmrClient);//TODO - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveLoginMethodGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveLoginMethodGuiResponseTask.java deleted file mode 100644 index 266198e5..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveLoginMethodGuiResponseTask.java +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright 2021 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import lombok.extern.slf4j.Slf4j; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.commons.lang3.StringUtils; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.util.Enumeration; - -/** - * Task that searches ErnB and ZMR before adding person to SZR. - * - * @author amarsalek - */ -@Slf4j -@Component("ReceiveGuiResponseTask") -public class ReceiveLoginMethodGuiResponseTask extends AbstractAuthServletTask { - - @Override - public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - int found = 0; - try { - // set parameter execution context - final Enumeration reqParamNames = request.getParameterNames(); - while (reqParamNames.hasMoreElements()) { - final String paramName = reqParamNames.nextElement(); - if (StringUtils.isNotEmpty(paramName) - && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) - && Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER.equalsIgnoreCase(paramName)) { - String value = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); - SelectedLoginMethod selection = SelectedLoginMethod.valueOf(value); - executionContext.put(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, selection); - switch (selection) { - case EIDAS_LOGIN: - executionContext.put(Constants.TRANSITION_TO_GENERATE_EIDAS_LOGIN, true); - found++; - break; - case MOBILE_PHONE_SIGNATURE_LOGIN: - executionContext.put(Constants.TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK, true); - found++; - break; - case NO_OTHER_LOGIN: - executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); - found++; - break; - default: - throw new InvalidUserInputException(); - } - } - } - } catch (final Exception e) { - log.error("Parsing selected login method FAILED.", e); - throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.", e); - } - if (found != 1) { - log.error("Parsing selected login method FAILED."); - throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.", - new InvalidUserInputException()); - } - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java new file mode 100644 index 00000000..d8b80689 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java @@ -0,0 +1,95 @@ +/* + * Copyright 2021 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang3.StringUtils; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.Enumeration; + +/** + * Handles user's selection from {@link GenerateOtherLoginMethodGuiTask}. + * + * @author ckollmann + */ +@Slf4j +@Component("ReceiveOtherLoginMethodGuiResponseTask") +public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractAuthServletTask { + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + int found = 0; + try { + // set parameter execution context + final Enumeration reqParamNames = request.getParameterNames(); + while (reqParamNames.hasMoreElements()) { + final String paramName = reqParamNames.nextElement(); + if (StringUtils.isNotEmpty(paramName) + && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName) + && Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER.equalsIgnoreCase(paramName)) { + String value = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); + SelectedLoginMethod selection = SelectedLoginMethod.valueOf(value); + executionContext.put(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, selection); + switch (selection) { + case EIDAS_LOGIN: + executionContext.put(Constants.TRANSITION_TO_GENERATE_EIDAS_LOGIN, true); + found++; + break; + case MOBILE_PHONE_SIGNATURE_LOGIN: + executionContext.put(Constants.TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK, true); + found++; + break; + case NO_OTHER_LOGIN: + executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); + found++; + break; + default: + throw new InvalidUserInputException(); + } + } + } + } catch (final Exception e) { + log.error("Parsing selected login method FAILED.", e); + throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.", e); + } + if (found != 1) { + log.error("Parsing selected login method FAILED."); + throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.", + new InvalidUserInputException()); + } + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index 6b67379c..f60bb5f9 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -15,23 +15,23 @@ - + - + - - + + - - @@ -42,30 +42,36 @@ to="createNewErnpEntryTask" conditionExpression="ctx['TASK_CreateNewErnpEntryTask']"/> + to="generateOtherLoginMethodGuiTask" + conditionExpression="ctx['TASK_GenerateOtherLoginMethodGuiTask']"/> - - + - - + + + + + + - + + - @@ -76,9 +82,9 @@ - - + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index a720c1f8..07553c22 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -22,7 +22,7 @@ - + @@ -39,7 +39,7 @@ ref="specificConnectorAdditionalAttributesFileWithPath" /> - - - - - diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java index 95986c49..e0138f62 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java @@ -386,7 +386,7 @@ public class InitialSearchTaskTest { .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); Assert.assertEquals("Wrong bpk", null, bPk); - Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK); + Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK); Assert.assertEquals("Wrong transition", null, transitionGUI); Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK); Assert.assertEquals("Wrong transition", true, transitionErnb); @@ -411,7 +411,7 @@ public class InitialSearchTaskTest { pendingReq.getSessionData(AuthProcessDataWrapper.class) .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); Assert.assertEquals("Wrong bpk", null, bPk); - Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK); + Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK); Assert.assertEquals("Wrong transition", true, transitionGUI); Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK); Assert.assertEquals("Wrong transition", null, transitionErnb); @@ -436,7 +436,7 @@ public class InitialSearchTaskTest { pendingReq.getSessionData(AuthProcessDataWrapper.class) .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); Assert.assertEquals("Wrong bpk", null, bPk); - Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK); + Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK); Assert.assertEquals("Wrong transition", true, transitionGUI); Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK); Assert.assertEquals("Wrong transition", null, transitionErnb); @@ -463,7 +463,7 @@ public class InitialSearchTaskTest { pendingReq.getSessionData(AuthProcessDataWrapper.class) .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); Assert.assertEquals("Wrong bpk", null, bPk); - Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK); + Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK); Assert.assertEquals("Wrong transition", true, transitionGUI); Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK); Assert.assertEquals("Wrong transition", null, transitionErnb); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveLoginMethodGuiResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveLoginMethodGuiResponseTaskTest.java deleted file mode 100644 index c6729a03..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveLoginMethodGuiResponseTaskTest.java +++ /dev/null @@ -1,139 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; - -import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveLoginMethodGuiResponseTask; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask; -import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; -import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; -import org.apache.commons.lang3.RandomStringUtils; -import org.junit.Assert; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.i18n.LocaleContextHolder; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.test.context.ActiveProfiles; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.test.context.web.WebAppConfiguration; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; - -import java.io.UnsupportedEncodingException; - -@RunWith(SpringJUnit4ClassRunner.class) -//@ContextConfiguration({ -// "/applicationContext.xml", -// "/specific_eIDAS_connector.beans.xml", -// "/eaaf_core.beans.xml", -// "/eaaf_pvp.beans.xml", -// "/eaaf_pvp_idp.beans.xml", -// "/spring/SpringTest-context_simple_storage.xml" }) -@ContextConfiguration(locations = { - "/SpringTest-context_tasks_test.xml", - "/SpringTest-context_basic_mapConfig.xml" -}) -@ActiveProfiles(profiles = {"deprecatedConfig"}) -@WebAppConfiguration -public class ReceiveLoginMethodGuiResponseTaskTest { - - @Autowired private ReceiveLoginMethodGuiResponseTask task; - - private ExecutionContextImpl executionContext = new ExecutionContextImpl(); - private TestRequestImpl pendingReq; - private MockHttpServletRequest httpReq; - private MockHttpServletResponse httpResp; - - /** - * jUnit class initializer. - * - */ - @BeforeClass - public static void classInitializer() { - final String current = new java.io.File(".").toURI().toString(); - System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties"); - - } - - /** - * jUnit test set-up. - * - */ - @Before - public void initialize() { - httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); - httpResp = new MockHttpServletResponse(); - RequestContextHolder.resetRequestAttributes(); - RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - - pendingReq = new TestRequestImpl(); - pendingReq.setAuthUrl("https://localhost/ms_connector"); - pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); - - LocaleContextHolder.resetLocaleContext(); - } - - @Test - public void withMobileSignatureSelection() throws TaskExecutionException { - test(SelectedLoginMethod.MOBILE_PHONE_SIGNATURE_LOGIN); - } - - @Test - public void withEidasSelection() throws TaskExecutionException { - test(SelectedLoginMethod.MOBILE_PHONE_SIGNATURE_LOGIN); - } - - @Test - public void withNoOtherLoginSelection() throws TaskExecutionException { - test(SelectedLoginMethod.NO_OTHER_LOGIN); - } - - public void test(SelectedLoginMethod loginMethod) throws TaskExecutionException { - String parameterValue = loginMethod.name(); - httpReq.setParameter(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, parameterValue); - - task.execute(pendingReq, executionContext); - - //result validation - Assert.assertFalse("wrong pendingReq auth flag", pendingReq.isAuthenticated()); - Assert.assertFalse("wrong process-cancelled flag", executionContext.isProcessCancelled()); - - Assert.assertNotNull("no login-selection found", - executionContext.get(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER)); - Assert.assertEquals("Wrong login-selection found", loginMethod, - executionContext.get(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER)); - } - - - @Test(expected = TaskExecutionException.class) - public void withInvalidSelection() throws TaskExecutionException { - String parameterValue = RandomStringUtils.randomAlphabetic(2); - httpReq.setParameter(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, parameterValue); - task.execute(pendingReq, executionContext); - } - - @Test(expected = TaskExecutionException.class) - public void withNullSelection() throws TaskExecutionException { - httpReq.setParameter(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, "null"); - task.execute(pendingReq, executionContext); - } - - @Test(expected = TaskExecutionException.class) - public void withEmptySelection() throws TaskExecutionException { - httpReq.setParameter(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, ""); - task.execute(pendingReq, executionContext); - } - - @Test(expected = TaskExecutionException.class) - public void withoutLoginMethodSelection() throws TaskExecutionException, UnsupportedEncodingException { - task.execute(pendingReq, executionContext); - } -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java new file mode 100644 index 00000000..ae4b5d8c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java @@ -0,0 +1,135 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveOtherLoginMethodGuiResponseTask; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.i18n.LocaleContextHolder; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ActiveProfiles; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.web.WebAppConfiguration; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import java.io.UnsupportedEncodingException; + +@RunWith(SpringJUnit4ClassRunner.class) +//@ContextConfiguration({ +// "/applicationContext.xml", +// "/specific_eIDAS_connector.beans.xml", +// "/eaaf_core.beans.xml", +// "/eaaf_pvp.beans.xml", +// "/eaaf_pvp_idp.beans.xml", +// "/spring/SpringTest-context_simple_storage.xml" }) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml" +}) +@ActiveProfiles(profiles = {"deprecatedConfig"}) +@WebAppConfiguration +public class ReceiveOtherLoginMethodGuiResponseTaskTest { + + @Autowired private ReceiveOtherLoginMethodGuiResponseTask task; + + private ExecutionContextImpl executionContext = new ExecutionContextImpl(); + private TestRequestImpl pendingReq; + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + + /** + * jUnit class initializer. + * + */ + @BeforeClass + public static void classInitializer() { + final String current = new java.io.File(".").toURI().toString(); + System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties"); + + } + + /** + * jUnit test set-up. + * + */ + @Before + public void initialize() { + httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + pendingReq = new TestRequestImpl(); + pendingReq.setAuthUrl("https://localhost/ms_connector"); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + + LocaleContextHolder.resetLocaleContext(); + } + + @Test + public void withMobileSignatureSelection() throws TaskExecutionException { + test(SelectedLoginMethod.MOBILE_PHONE_SIGNATURE_LOGIN); + } + + @Test + public void withEidasSelection() throws TaskExecutionException { + test(SelectedLoginMethod.MOBILE_PHONE_SIGNATURE_LOGIN); + } + + @Test + public void withNoOtherLoginSelection() throws TaskExecutionException { + test(SelectedLoginMethod.NO_OTHER_LOGIN); + } + + public void test(SelectedLoginMethod loginMethod) throws TaskExecutionException { + String parameterValue = loginMethod.name(); + httpReq.setParameter(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, parameterValue); + + task.execute(pendingReq, executionContext); + + //result validation + Assert.assertFalse("wrong pendingReq auth flag", pendingReq.isAuthenticated()); + Assert.assertFalse("wrong process-cancelled flag", executionContext.isProcessCancelled()); + + Assert.assertNotNull("no login-selection found", + executionContext.get(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER)); + Assert.assertEquals("Wrong login-selection found", loginMethod, + executionContext.get(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER)); + } + + + @Test(expected = TaskExecutionException.class) + public void withInvalidSelection() throws TaskExecutionException { + String parameterValue = RandomStringUtils.randomAlphabetic(2); + httpReq.setParameter(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, parameterValue); + task.execute(pendingReq, executionContext); + } + + @Test(expected = TaskExecutionException.class) + public void withNullSelection() throws TaskExecutionException { + httpReq.setParameter(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, "null"); + task.execute(pendingReq, executionContext); + } + + @Test(expected = TaskExecutionException.class) + public void withEmptySelection() throws TaskExecutionException { + httpReq.setParameter(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, ""); + task.execute(pendingReq, executionContext); + } + + @Test(expected = TaskExecutionException.class) + public void withoutLoginMethodSelection() throws TaskExecutionException, UnsupportedEncodingException { + task.execute(pendingReq, executionContext); + } +} -- cgit v1.2.3 From 39b5e38cc5e3c7c555ae10e0ff0f684c9bcc0966 Mon Sep 17 00:00:00 2001 From: Christian Kollmann Date: Mon, 22 Feb 2021 13:57:50 +0100 Subject: Add service to consolidate register search access --- .../eidas/v2/service/RegisterSearchService.java | 57 +++++++++++++++ .../auth/eidas/v2/tasks/InitialSearchTask.java | 64 +++++++++-------- ...eSignatureResponseAndSearchInRegistersTask.java | 84 ++++++++++------------ .../modules/auth/eidas/v2/utils/Utils.java | 48 ------------- .../src/main/resources/eidas_v2_auth.beans.xml | 2 + .../eidas/v2/test/tasks/InitialSearchTaskTest.java | 13 ++-- 6 files changed, 139 insertions(+), 129 deletions(-) create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/Utils.java (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java new file mode 100644 index 00000000..75374872 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java @@ -0,0 +1,57 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.service; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Service; + +@Slf4j +@Service("registerSearchService") +public class RegisterSearchService { + + private final IZmrClient zmrClient; + private final IErnpClient ernpClient; + + public RegisterSearchService(IZmrClient zmrClient, IErnpClient ernpClient) { + this.zmrClient = zmrClient; + this.ernpClient = ernpClient; + } + + + /** + * Automatic process to fix the register entries. + * + * @param initialSearchResult Result of initial register search + * @param specificDetailSearchResult Result of last register search + * @param eidData Received eidas data + * @param pendingReq Pending request + * @return The bpk + * @throws TaskExecutionException if an error occurs during the register update + */ + public String step7aKittProcess(MergedRegisterSearchResult initialSearchResult, + MergedRegisterSearchResult specificDetailSearchResult, + SimpleEidasData eidData, IRequest pendingReq) throws TaskExecutionException { + try { + if (initialSearchResult.getResultCount() != 0) { + throw new WorkflowException("initialSearchResult.getResultCount() != 0"); + } + if (specificDetailSearchResult.getResultCount() != 1) { + throw new WorkflowException("countrySpecificDetailSearchResult.getResultCount() != 1"); + } + if (specificDetailSearchResult.getResultsZmr().size() == 1) { + this.zmrClient.update(specificDetailSearchResult.getResultsZmr().get(0), eidData); + } + if (specificDetailSearchResult.getResultsErnp().size() == 1) { + this.ernpClient.update(specificDetailSearchResult.getResultsErnp().get(0), eidData); + } + return specificDetailSearchResult.getBpk(); + } catch (WorkflowException e) { + throw new TaskExecutionException(pendingReq, "Step7a failed.", e); + } + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index c4d067f5..7f4526ad 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -31,12 +31,11 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttribute import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificDetailSearchProcessor; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.data.Triple; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import com.google.common.collect.ImmutableMap; @@ -47,6 +46,7 @@ import eu.eidas.auth.commons.light.ILightResponse; import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; +import org.jetbrains.annotations.NotNull; import org.joda.time.DateTime; import org.springframework.stereotype.Component; @@ -72,16 +72,20 @@ public class InitialSearchTask extends AbstractAuthServletTask { private final List handlers; private final IErnpClient ernpClient; private final IZmrClient zmrClient; + private final RegisterSearchService registerSearchService; /** * Constructor. - * - * @param handlers List of countrySpecificSearchProcessors + * @param handlers List of countrySpecificSearchProcessors + * @param registerSearchService * @param ernpClient Ernp client * @param zmrClient ZMR client */ - public InitialSearchTask(List handlers, IErnpClient ernpClient, + public InitialSearchTask(List handlers, + RegisterSearchService registerSearchService, + IErnpClient ernpClient, IZmrClient zmrClient) { + this.registerSearchService = registerSearchService; this.ernpClient = ernpClient; this.zmrClient = zmrClient; this.handlers = handlers; @@ -93,27 +97,22 @@ public class InitialSearchTask extends AbstractAuthServletTask { throws TaskExecutionException { try { final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); - final ILightResponse eidasResponse = authProcessData - .getGenericDataFromSession(DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); - - final SimpleEidasData eidData = convertSimpleMapToSimpleData(convertEidasAttrToSimpleMap( - eidasResponse.getAttributes().getAttributeMap())); - - final String bpK = step2RegisterSearchWithPersonidentifier(executionContext, eidData, authProcessData); - authProcessData.setGenericDataToSession(DATA_RESULT_MATCHING_BPK, bpK); - authProcessData.setGenericDataToSession(DATA_SIMPLE_EIDAS, eidData); + final SimpleEidasData eidasData = convertEidasAttrToSimpleData(authProcessData); + final String bpk = step2RegisterSearchWithPersonIdentifier(executionContext, eidasData, authProcessData); + authProcessData.setGenericDataToSession(DATA_RESULT_MATCHING_BPK, bpk); + authProcessData.setGenericDataToSession(DATA_SIMPLE_EIDAS, eidasData); } catch (final Exception e) { log.error("Initial search FAILED.", e); throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); } } - private String step2RegisterSearchWithPersonidentifier( + private String step2RegisterSearchWithPersonIdentifier( ExecutionContext executionContext, SimpleEidasData eidData, AuthProcessDataWrapper authProcessData) throws TaskExecutionException { - log.trace("Starting step2RegisterSearchWithPersonidentifier"); + log.trace("Starting step2RegisterSearchWithPersonIdentifier"); String personIdentifier = eidData.getPseudonym(); - MergedRegisterSearchResult result = searchInZmrAndErnp(personIdentifier); + MergedRegisterSearchResult result = searchWithPersonIdentifier(personIdentifier); //store data in session try { authProcessData.setGenericDataToSession(DATA_INITIAL_REGISTER_RESULT, result); @@ -196,19 +195,13 @@ public class InitialSearchTask extends AbstractAuthServletTask { MergedRegisterSearchResult countrySpecificDetailSearchResult, SimpleEidasData eidData) throws TaskExecutionException { log.trace("Starting step7aKittProcess"); - return Utils.step7aKittProcess(ernpClient, zmrClient, initialSearchResult, countrySpecificDetailSearchResult, + return registerSearchService.step7aKittProcess(initialSearchResult, countrySpecificDetailSearchResult, eidData, pendingReq); } private String step8RegisterSearchWithMds(ExecutionContext executionContext, SimpleEidasData eidData) { log.trace("Starting step8RegisterSearchWithMds"); - List resultsZmr = - zmrClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); - - List resultsErnp = - ernpClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); - - MergedRegisterSearchResult mdsSearchResult = new MergedRegisterSearchResult(resultsZmr, resultsErnp); + MergedRegisterSearchResult mdsSearchResult = searchWithMds(eidData); if (mdsSearchResult.getResultCount() == 0) { executionContext.put(TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK, true); } else { @@ -219,12 +212,29 @@ public class InitialSearchTask extends AbstractAuthServletTask { return null; } - private MergedRegisterSearchResult searchInZmrAndErnp(String personIdentifier) { + @NotNull + private MergedRegisterSearchResult searchWithMds(SimpleEidasData eidData) { + List resultsZmr = + zmrClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); + List resultsErnp = + ernpClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); + return new MergedRegisterSearchResult(resultsZmr, resultsErnp); + } + + private MergedRegisterSearchResult searchWithPersonIdentifier(String personIdentifier) { List resultsZmr = zmrClient.searchWithPersonIdentifier(personIdentifier); List resultsErnp = ernpClient.searchWithPersonIdentifier(personIdentifier); return new MergedRegisterSearchResult(resultsZmr, resultsErnp); } + @NotNull + private SimpleEidasData convertEidasAttrToSimpleData(AuthProcessDataWrapper authProcessData) + throws EidasAttributeException { + final ILightResponse eidasResponse = authProcessData + .getGenericDataFromSession(DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); + return convertSimpleMapToSimpleData(convertEidasAttrToSimpleMap(eidasResponse.getAttributes().getAttributeMap())); + } + private SimpleEidasData convertSimpleMapToSimpleData(Map eidasAttrMap) throws EidasAttributeException { SimpleEidasData result = new SimpleEidasData(); @@ -260,7 +270,6 @@ public class InitialSearchTask extends AbstractAuthServletTask { if (attribute != null) { result.put(el.getFriendlyName(), attribute); log.trace("Find attr '{}' with value: {}", el.getFriendlyName(), attribute.toString()); - } else { log.info("Ignore empty 'DateTime' attribute"); } @@ -269,7 +278,6 @@ public class InitialSearchTask extends AbstractAuthServletTask { if (addressAttribute != null) { result.put(el.getFriendlyName(), addressAttribute); log.trace("Find attr '{}' with value: {}", el.getFriendlyName(), addressAttribute.toString()); - } else { log.info("Ignore empty 'PostalAddress' attribute"); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java index 44e13d78..74af7be4 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java @@ -23,38 +23,18 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; -import java.io.IOException; -import java.util.HashMap; -import java.util.List; -import java.util.Set; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.TransformerException; - -import org.apache.commons.lang3.StringUtils; -import org.opensaml.core.xml.io.MarshallingException; -import org.opensaml.messaging.decoder.MessageDecodingException; -import org.opensaml.saml.saml2.core.Response; -import org.opensaml.saml.saml2.core.StatusCode; -import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleMobileSignatureData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthEventConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; @@ -78,9 +58,25 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.messaging.decoder.MessageDecodingException; +import org.opensaml.saml.saml2.core.Response; +import org.opensaml.saml.saml2.core.StatusCode; +import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.TransformerException; +import java.io.IOException; +import java.util.HashMap; +import java.util.List; +import java.util.Set; /** - * Task that receives the SAML2 response from ID Austria system. + * Task that receives the SAML2 response from ID Austria system. * * @author tlenz */ @@ -91,6 +87,8 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends @Autowired private SamlVerificationEngine samlVerificationEngine; @Autowired + private RegisterSearchService registerSearchService; + @Autowired private IdAustriaClientAuthCredentialProvider credentialProvider; @Autowired(required = true) IdAustriaClientAuthMetadataProvider metadataProvider; @@ -112,15 +110,6 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends private static final String ERROR_MSG_03 = "PVP response validation FAILED."; - - private final IErnpClient ernpClient; - private final IZmrClient zmrClient; - - public ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask(IErnpClient ernpClient, IZmrClient zmrClient) { - this.ernpClient = ernpClient; - this.zmrClient = zmrClient; - } - @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { @@ -129,7 +118,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends InboundMessage msg = null; IDecoder decoder = null; EaafUriCompare comperator = null; - + // select Response Binding if (request.getMethod().equalsIgnoreCase("POST")) { decoder = new PostBinding(); @@ -188,20 +177,20 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends final AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(processedMsg.getFirst().getResponse()); - - - + + + /* - * SAML2 response ist bereits vollständig validiert und die Attribute können aus dem + * SAML2 response ist bereits vollständig validiert und die Attribute können aus dem * ausgelesen werden. * Die AttributeNamen sind entsprechend PVP Spezifikation, z.B. PvpAttributeDefinitions.GIVEN_NAME_NAME - * + * * --------------------------------------------------------------------------------------------- - * + * * TODO: ab hier müssen wir wohl was anpassen - * + * */ - + //load additional search-data from pendingRequest final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); MergedRegisterSearchResult initialSearchResult = @@ -210,7 +199,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends SimpleEidasData eidData = authProcessData.getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class); - + SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData); if (!simpleMobileSignatureData.equalsSimpleEidasData(eidData)) { @@ -219,14 +208,13 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends } String bpkzp = simpleMobileSignatureData.getBpk(); - MergedRegisterSearchResult result = searchInZmrAndErnp(bpkzp); + MergedRegisterSearchResult result = searchWithBpkZp(bpkzp); if (result.getResultCount() == 0) { //go to step 16 executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); return; } else if (result.getResultCount() == 1) { - String bpk = - Utils.step7aKittProcess(ernpClient, zmrClient, initialSearchResult, result, eidData, pendingReq); + String bpk = registerSearchService.step7aKittProcess(initialSearchResult, result, eidData, pendingReq); authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); //node 110 } else if (result.getResultCount() > 1) { @@ -295,7 +283,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends return Pair.newInstance(msg, false); } else { - log.info("Receive StatusCode {} from 'ms-specific eIDAS node'.", + log.info("Receive StatusCode {} from 'ms-specific eIDAS node'.", samlResp.getStatus().getStatusCode().getValue()); StatusCode subStatusCode = getSubStatusCode(samlResp); if (subStatusCode != null @@ -328,7 +316,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends && StringUtils.isNotEmpty(samlResp.getStatus().getStatusCode().getStatusCode().getValue())) { return samlResp.getStatus().getStatusCode().getStatusCode(); } - + return null; } @@ -379,8 +367,8 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends return simpleMobileSignatureData; } - - private MergedRegisterSearchResult searchInZmrAndErnp(String bpkzp) { + + private MergedRegisterSearchResult searchWithBpkZp(String bpkzp) { List resultsZmr = zmrClient.searchWithBpkZp(bpkzp); List resultsErnp = ernpClient.searchWithBpkZp(bpkzp); return new MergedRegisterSearchResult(resultsZmr, resultsErnp); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/Utils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/Utils.java deleted file mode 100644 index 5612d137..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/Utils.java +++ /dev/null @@ -1,48 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.utils; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; - -public class Utils { - - /** - * Automatic process to fix the register entries. - * - * @param ernpClient ErnP client - * @param zmrClient ZMR client - * @param initialSearchResult Result of initial register search - * @param specificDetailSearchResult Result of last register search - * @param eidData Received eidas data - * @param pendingReq Pending request - * @return The bpk - * @throws TaskExecutionException if an error occurs during the register update - */ - public static String step7aKittProcess(IErnpClient ernpClient, IZmrClient zmrClient, - MergedRegisterSearchResult initialSearchResult, - MergedRegisterSearchResult specificDetailSearchResult, - SimpleEidasData eidData, IRequest pendingReq) throws TaskExecutionException { - try { - if (initialSearchResult.getResultCount() != 0) { - throw new WorkflowException("initialSearchResult.getResultCount() != 0"); - } - if (specificDetailSearchResult.getResultCount() != 1) { - throw new WorkflowException("countrySpecificDetailSearchResult.getResultCount() != 1"); - } - if (specificDetailSearchResult.getResultsZmr().size() == 1) { - zmrClient.update(specificDetailSearchResult.getResultsZmr().get(0), eidData); - } - if (specificDetailSearchResult.getResultsErnp().size() == 1) { - ernpClient.update(specificDetailSearchResult.getResultsErnp().get(0), eidData); - } - String bpK = specificDetailSearchResult.getBpk(); - return bpK; - } catch (WorkflowException e) { - throw new TaskExecutionException(pendingReq, "Step7a failed.", e); - } - } -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 07553c22..82cf7e95 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -66,6 +66,8 @@ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ItSpecificDetailSearchProcessor"> + (), ernpClient, zmrClient); + registerSearchService = new RegisterSearchService(zmrClient, ernpClient); + task = new InitialSearchTask(new ArrayList<>(), registerSearchService, ernpClient, zmrClient); MockHttpServletRequest httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); MockHttpServletResponse httpResp = new MockHttpServletResponse(); @@ -250,7 +253,7 @@ public class InitialSearchTaskTest { Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); task = new InitialSearchTask( Collections.singletonList(new ItSpecificDetailSearchProcessor(ernpClient, zmrClient)), - ernpClient, zmrClient); + registerSearchService, ernpClient, zmrClient); task.execute(pendingReq1, executionContext); @@ -280,7 +283,7 @@ public class InitialSearchTaskTest { Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); task = new InitialSearchTask( Collections.singletonList(new DeSpecificDetailSearchProcessor(ernpClient, zmrClient)), - ernpClient, zmrClient); + registerSearchService, ernpClient, zmrClient); task.execute(pendingReq1, executionContext); @@ -316,7 +319,7 @@ public class InitialSearchTaskTest { Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); task = new InitialSearchTask( Collections.singletonList(new DeSpecificDetailSearchProcessor(ernpClient, zmrClient)), - ernpClient, zmrClient); + registerSearchService, ernpClient, zmrClient); TaskExecutionException exception = assertThrows(TaskExecutionException.class, () -> task.execute(pendingReq1, executionContext)); @@ -349,7 +352,7 @@ public class InitialSearchTaskTest { Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); task = new InitialSearchTask( Collections.singletonList(new ItSpecificDetailSearchProcessor(ernpClient, zmrClient)), - ernpClient, zmrClient); + registerSearchService, ernpClient, zmrClient); TaskExecutionException exception = assertThrows(TaskExecutionException.class, () -> task.execute(pendingReq1, executionContext)); -- cgit v1.2.3 From 5eb83e0ca367958c81a7b0ee2cbd047482dd1974 Mon Sep 17 00:00:00 2001 From: Christian Kollmann Date: Mon, 22 Feb 2021 14:06:16 +0100 Subject: Move country specific search in registers into common service --- .../CountrySpecificDetailSearchProcessor.java | 22 ++--------- .../handler/DeSpecificDetailSearchProcessor.java | 25 ++++++------ .../handler/ItSpecificDetailSearchProcessor.java | 21 ++++++----- .../eidas/v2/service/RegisterSearchService.java | 44 ++++++++++++++++++++-- .../auth/eidas/v2/tasks/InitialSearchTask.java | 37 +++--------------- ...eSignatureResponseAndSearchInRegistersTask.java | 8 +--- .../src/main/resources/eidas_v2_auth.beans.xml | 4 +- .../eidas/v2/test/tasks/InitialSearchTaskTest.java | 18 ++++----- 8 files changed, 85 insertions(+), 94 deletions(-) (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java index c5b3b231..6e8f7fce 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java @@ -25,27 +25,13 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; -public abstract class CountrySpecificDetailSearchProcessor { - - protected IErnpClient ernbClient; - protected IZmrClient zmrClient; - - public CountrySpecificDetailSearchProcessor(IErnpClient ernbClient, IZmrClient zmrClient) { - this.ernbClient = ernbClient; - this.zmrClient = zmrClient; - } +public interface CountrySpecificDetailSearchProcessor { /** * Get a friendlyName of this post-processor implementation. - * - * @return */ - public String getName() { - return this.getClass().getName(); - } + String getName(); /** * Check if this postProcessor is sensitive for a specific country. @@ -54,8 +40,8 @@ public abstract class CountrySpecificDetailSearchProcessor { * @param eidData eID data * @return true if this implementation can handle the country, otherwise false */ - public abstract boolean canHandle(String countryCode, SimpleEidasData eidData); + boolean canHandle(String countryCode, SimpleEidasData eidData); - public abstract MergedRegisterSearchResult search(SimpleEidasData eidData); + MergedRegisterSearchResult search(SimpleEidasData eidData); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java index 544d5b0c..904c41a1 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java @@ -25,17 +25,20 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; -import java.util.List; +public class DeSpecificDetailSearchProcessor implements CountrySpecificDetailSearchProcessor { -public class DeSpecificDetailSearchProcessor extends CountrySpecificDetailSearchProcessor { + private final RegisterSearchService registerSearchService; - public DeSpecificDetailSearchProcessor(IErnpClient ernbClient, IZmrClient zmrClient) { - super(ernbClient, zmrClient); + public DeSpecificDetailSearchProcessor(RegisterSearchService registerSearchService) { + this.registerSearchService = registerSearchService; + } + + @Override + public String getName() { + return this.getClass().getName(); } @Override @@ -54,12 +57,6 @@ public class DeSpecificDetailSearchProcessor extends CountrySpecificDetailSearch @Override public MergedRegisterSearchResult search(SimpleEidasData eidData) { - List resultsZmr = - zmrClient.searchDeSpecific(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth(), - eidData.getPlaceOfBirth(), eidData.getBirthName()); - List resultsErnb = - ernbClient.searchDeSpecific(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth(), - eidData.getPlaceOfBirth(), eidData.getBirthName()); - return new MergedRegisterSearchResult(resultsZmr, resultsErnb); + return registerSearchService.searchDeSpecific(eidData); } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java index 370a111c..7e74a85c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java @@ -25,17 +25,20 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; -import java.util.List; +public class ItSpecificDetailSearchProcessor implements CountrySpecificDetailSearchProcessor { -public class ItSpecificDetailSearchProcessor extends CountrySpecificDetailSearchProcessor { + private final RegisterSearchService registerSearchService; - public ItSpecificDetailSearchProcessor(IErnpClient ernbClient, IZmrClient zmrClient) { - super(ernbClient, zmrClient); + public ItSpecificDetailSearchProcessor(RegisterSearchService registerSearchService) { + this.registerSearchService = registerSearchService; + } + + @Override + public String getName() { + return this.getClass().getName(); } @Override @@ -51,8 +54,6 @@ public class ItSpecificDetailSearchProcessor extends CountrySpecificDetailSearch @Override public MergedRegisterSearchResult search(SimpleEidasData eidData) { - List resultsZmr = zmrClient.searchItSpecific(eidData.getTaxNumber()); - List resultsErnb = ernbClient.searchItSpecific(eidData.getTaxNumber()); - return new MergedRegisterSearchResult(resultsZmr, resultsErnb); + return registerSearchService.searchItSpecific(eidData); } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java index 75374872..a3062d0d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java @@ -1,6 +1,7 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.service; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; @@ -10,6 +11,8 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Service; +import java.util.List; + @Slf4j @Service("registerSearchService") public class RegisterSearchService { @@ -22,7 +25,6 @@ public class RegisterSearchService { this.ernpClient = ernpClient; } - /** * Automatic process to fix the register entries. * @@ -44,14 +46,50 @@ public class RegisterSearchService { throw new WorkflowException("countrySpecificDetailSearchResult.getResultCount() != 1"); } if (specificDetailSearchResult.getResultsZmr().size() == 1) { - this.zmrClient.update(specificDetailSearchResult.getResultsZmr().get(0), eidData); + zmrClient.update(specificDetailSearchResult.getResultsZmr().get(0), eidData); } if (specificDetailSearchResult.getResultsErnp().size() == 1) { - this.ernpClient.update(specificDetailSearchResult.getResultsErnp().get(0), eidData); + ernpClient.update(specificDetailSearchResult.getResultsErnp().get(0), eidData); } return specificDetailSearchResult.getBpk(); } catch (WorkflowException e) { throw new TaskExecutionException(pendingReq, "Step7a failed.", e); } } + + public MergedRegisterSearchResult searchWithMds(SimpleEidasData eidData) { + List resultsZmr = + zmrClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); + List resultsErnp = + ernpClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); + return new MergedRegisterSearchResult(resultsZmr, resultsErnp); + } + + public MergedRegisterSearchResult searchWithPersonIdentifier(SimpleEidasData eidData) { + List resultsZmr = zmrClient.searchWithPersonIdentifier(eidData.getPseudonym()); + List resultsErnp = ernpClient.searchWithPersonIdentifier(eidData.getPseudonym()); + return new MergedRegisterSearchResult(resultsZmr, resultsErnp); + } + + public MergedRegisterSearchResult searchItSpecific(SimpleEidasData eidData) { + List resultsZmr = zmrClient.searchItSpecific(eidData.getTaxNumber()); + List resultsErnb = ernpClient.searchItSpecific(eidData.getTaxNumber()); + return new MergedRegisterSearchResult(resultsZmr, resultsErnb); + } + + public MergedRegisterSearchResult searchDeSpecific(SimpleEidasData eidData) { + List resultsZmr = + zmrClient.searchDeSpecific(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth(), + eidData.getPlaceOfBirth(), eidData.getBirthName()); + List resultsErnb = + ernpClient.searchDeSpecific(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth(), + eidData.getPlaceOfBirth(), eidData.getBirthName()); + return new MergedRegisterSearchResult(resultsZmr, resultsErnb); + } + + public MergedRegisterSearchResult searchWithBpkZp(String bpkzp) { + List resultsZmr = zmrClient.searchWithBpkZp(bpkzp); + List resultsErnp = ernpClient.searchWithBpkZp(bpkzp); + return new MergedRegisterSearchResult(resultsZmr, resultsErnp); + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index 7f4526ad..4fdf3cd2 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -24,15 +24,12 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificDetailSearchProcessor; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; @@ -70,24 +67,17 @@ import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasRespon public class InitialSearchTask extends AbstractAuthServletTask { private final List handlers; - private final IErnpClient ernpClient; - private final IZmrClient zmrClient; private final RegisterSearchService registerSearchService; /** * Constructor. - * @param handlers List of countrySpecificSearchProcessors - * @param registerSearchService - * @param ernpClient Ernp client - * @param zmrClient ZMR client + * + * @param handlers List of countrySpecificSearchProcessors + * @param registerSearchService Service for register search access */ public InitialSearchTask(List handlers, - RegisterSearchService registerSearchService, - IErnpClient ernpClient, - IZmrClient zmrClient) { + RegisterSearchService registerSearchService) { this.registerSearchService = registerSearchService; - this.ernpClient = ernpClient; - this.zmrClient = zmrClient; this.handlers = handlers; log.info("Init with {} country specific detail search services", handlers.size()); } @@ -112,7 +102,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { throws TaskExecutionException { log.trace("Starting step2RegisterSearchWithPersonIdentifier"); String personIdentifier = eidData.getPseudonym(); - MergedRegisterSearchResult result = searchWithPersonIdentifier(personIdentifier); + MergedRegisterSearchResult result = registerSearchService.searchWithPersonIdentifier(eidData); //store data in session try { authProcessData.setGenericDataToSession(DATA_INITIAL_REGISTER_RESULT, result); @@ -201,7 +191,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { private String step8RegisterSearchWithMds(ExecutionContext executionContext, SimpleEidasData eidData) { log.trace("Starting step8RegisterSearchWithMds"); - MergedRegisterSearchResult mdsSearchResult = searchWithMds(eidData); + MergedRegisterSearchResult mdsSearchResult = registerSearchService.searchWithMds(eidData); if (mdsSearchResult.getResultCount() == 0) { executionContext.put(TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK, true); } else { @@ -212,21 +202,6 @@ public class InitialSearchTask extends AbstractAuthServletTask { return null; } - @NotNull - private MergedRegisterSearchResult searchWithMds(SimpleEidasData eidData) { - List resultsZmr = - zmrClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); - List resultsErnp = - ernpClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); - return new MergedRegisterSearchResult(resultsZmr, resultsErnp); - } - - private MergedRegisterSearchResult searchWithPersonIdentifier(String personIdentifier) { - List resultsZmr = zmrClient.searchWithPersonIdentifier(personIdentifier); - List resultsErnp = ernpClient.searchWithPersonIdentifier(personIdentifier); - return new MergedRegisterSearchResult(resultsZmr, resultsErnp); - } - @NotNull private SimpleEidasData convertEidasAttrToSimpleData(AuthProcessDataWrapper authProcessData) throws EidasAttributeException { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java index 74af7be4..09f2d54c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java @@ -25,7 +25,6 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleMobileSignatureData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; @@ -208,7 +207,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends } String bpkzp = simpleMobileSignatureData.getBpk(); - MergedRegisterSearchResult result = searchWithBpkZp(bpkzp); + MergedRegisterSearchResult result = registerSearchService.searchWithBpkZp(bpkzp); if (result.getResultCount() == 0) { //go to step 16 executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); @@ -368,9 +367,4 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends } - private MergedRegisterSearchResult searchWithBpkZp(String bpkzp) { - List resultsZmr = zmrClient.searchWithBpkZp(bpkzp); - List resultsErnp = ernpClient.searchWithBpkZp(bpkzp); - return new MergedRegisterSearchResult(resultsZmr, resultsErnp); - } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 82cf7e95..34046e55 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -58,11 +58,11 @@ - - diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java index ae2bc93e..4dd6b92e 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java @@ -106,7 +106,7 @@ public class InitialSearchTaskTest { public void setUp() throws URISyntaxException, EaafStorageException { MockitoAnnotations.initMocks(this); registerSearchService = new RegisterSearchService(zmrClient, ernpClient); - task = new InitialSearchTask(new ArrayList<>(), registerSearchService, ernpClient, zmrClient); + task = new InitialSearchTask(new ArrayList<>(), registerSearchService); MockHttpServletRequest httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); MockHttpServletResponse httpResp = new MockHttpServletResponse(); @@ -252,8 +252,8 @@ public class InitialSearchTaskTest { randomBirthDate, null, null, taxNumber, null))); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); task = new InitialSearchTask( - Collections.singletonList(new ItSpecificDetailSearchProcessor(ernpClient, zmrClient)), - registerSearchService, ernpClient, zmrClient); + Collections.singletonList(new ItSpecificDetailSearchProcessor(registerSearchService)), + registerSearchService); task.execute(pendingReq1, executionContext); @@ -282,8 +282,8 @@ public class InitialSearchTaskTest { randomFamilyName, randomBirthDate, randomPlaceOfBirth, randomBirthName, null, null))); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); task = new InitialSearchTask( - Collections.singletonList(new DeSpecificDetailSearchProcessor(ernpClient, zmrClient)), - registerSearchService, ernpClient, zmrClient); + Collections.singletonList(new DeSpecificDetailSearchProcessor(registerSearchService)), + registerSearchService); task.execute(pendingReq1, executionContext); @@ -318,8 +318,8 @@ public class InitialSearchTaskTest { randomBirthName)).thenReturn(zmrResultSpecific); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); task = new InitialSearchTask( - Collections.singletonList(new DeSpecificDetailSearchProcessor(ernpClient, zmrClient)), - registerSearchService, ernpClient, zmrClient); + Collections.singletonList(new DeSpecificDetailSearchProcessor(registerSearchService)), + registerSearchService); TaskExecutionException exception = assertThrows(TaskExecutionException.class, () -> task.execute(pendingReq1, executionContext)); @@ -351,8 +351,8 @@ public class InitialSearchTaskTest { Mockito.when(zmrClient.searchItSpecific(randomTaxNumber)).thenReturn(zmrResultSpecific); Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); task = new InitialSearchTask( - Collections.singletonList(new ItSpecificDetailSearchProcessor(ernpClient, zmrClient)), - registerSearchService, ernpClient, zmrClient); + Collections.singletonList(new ItSpecificDetailSearchProcessor(registerSearchService)), + registerSearchService); TaskExecutionException exception = assertThrows(TaskExecutionException.class, () -> task.execute(pendingReq1, executionContext)); -- cgit v1.2.3 From 0c4fe92684a707040fd7536da05945a64b309740 Mon Sep 17 00:00:00 2001 From: Christian Kollmann Date: Thu, 25 Feb 2021 07:54:53 +0100 Subject: Refactor tasks for MobilePhoneSignature login and tests --- .../eidas/v2/dao/SimpleMobileSignatureData.java | 18 +- ...eSignatureResponseAndSearchInRegistersTask.java | 331 ------------- .../ReceiveMobilePhoneSignatureResponseTask.java | 340 +++++++++++++ .../src/main/resources/eidas_v2_auth.beans.xml | 2 +- ...natureResponseAndSearchInRegistersTaskTest.java | 543 --------------------- ...eceiveMobilePhoneSignatureResponseTaskTest.java | 371 ++++++++++++++ 6 files changed, 719 insertions(+), 886 deletions(-) delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java index 2a7beb3b..e7a5547a 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java @@ -24,12 +24,12 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; import lombok.Data; +import org.apache.commons.lang3.builder.EqualsBuilder; @Data public class SimpleMobileSignatureData { private String citizenCountryCode; - private String bpk; private String givenName; private String familyName; @@ -37,19 +37,15 @@ public class SimpleMobileSignatureData { /** * Compares the received authentication data from the mobile phone signature with the eid data received via eIDAS. + * * @param simpleEidasData The extracted eIDAS data * @return Returns true, if the eIDAS data matches the mobile phone signature data and false otherwise. */ public boolean equalsSimpleEidasData(SimpleEidasData simpleEidasData) { - if (!simpleEidasData.getGivenName().equals(givenName)) { - return false; - } - if (!simpleEidasData.getFamilyName().equals(familyName)) { - return false; - } - if (!simpleEidasData.getDateOfBirth().equals(dateOfBirth)) { - return false; - } - return true; + return new EqualsBuilder() + .append(simpleEidasData.getGivenName(), givenName) + .append(simpleEidasData.getFamilyName(), familyName) + .append(simpleEidasData.getDateOfBirth(), dateOfBirth) + .isEquals(); } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java deleted file mode 100644 index 81be04b5..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java +++ /dev/null @@ -1,331 +0,0 @@ -/* - * Copyright 2021 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleMobileSignatureData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthEventConstants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; -import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; -import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; -import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; -import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; -import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; -import lombok.extern.slf4j.Slf4j; -import org.apache.commons.lang3.StringUtils; -import org.jetbrains.annotations.NotNull; -import org.opensaml.core.xml.io.MarshallingException; -import org.opensaml.messaging.decoder.MessageDecodingException; -import org.opensaml.saml.saml2.core.Response; -import org.opensaml.saml.saml2.core.StatusCode; -import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.TransformerException; -import java.io.IOException; -import java.util.List; -import java.util.Set; - -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_INITIAL_REGISTER_RESULT; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_SIMPLE_EIDAS; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING; - -/** - * Task that receives the SAML2 response from ID Austria system. - * This corresponds to Step 15 in the eIDAS Matching Concept. - * - * @author tlenz - */ -@Slf4j -@Component("ReceiveMobilePhoneSignatureResponseTask") -public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends AbstractAuthServletTask { - - @Autowired - private SamlVerificationEngine samlVerificationEngine; - @Autowired - private RegisterSearchService registerSearchService; - @Autowired - private IdAustriaClientAuthCredentialProvider credentialProvider; - @Autowired - IdAustriaClientAuthMetadataProvider metadataProvider; - - private static final String ERROR_PVP_03 = "sp.pvp2.03"; - private static final String ERROR_PVP_05 = "sp.pvp2.05"; - private static final String ERROR_PVP_06 = "sp.pvp2.06"; - private static final String ERROR_PVP_08 = "sp.pvp2.08"; - private static final String ERROR_PVP_10 = "sp.pvp2.10"; - private static final String ERROR_PVP_11 = "sp.pvp2.11"; - private static final String ERROR_PVP_12 = "sp.pvp2.12"; - - private static final String ERROR_MSG_00 = "Receive INVALID PVP Response from ID Austria system"; - private static final String ERROR_MSG_01 = "Processing PVP response from 'ID Austria system' FAILED."; - private static final String ERROR_MSG_02 = "PVP response decrytion FAILED. No credential found."; - private static final String ERROR_MSG_03 = "PVP response validation FAILED."; - - @Override - public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - try { - log.trace("Starting ReceiveMobilePhoneSignatureResponseTask"); - IDecoder decoder = loadDecoder(request); - EaafUriCompare comparator = loadComparator(request); - InboundMessage inboundMessage = decodeAndVerifyMessage(request, response, decoder, comparator); - final Pair processedMsg = validateAssertion((PvpSProfileResponse) inboundMessage); - if (processedMsg.getSecond()) { - stopProcessFromUserDecision(executionContext, request, response); - return; - } - - validateEntityId(inboundMessage); - AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(processedMsg.getFirst().getResponse()); - - /* - * SAML2 response ist bereits vollständig validiert und die Attribute können aus dem - * ausgelesen werden. - * Die AttributeNamen sind entsprechend PVP Spezifikation, z.B. PvpAttributeDefinitions.GIVEN_NAME_NAME - * - * --------------------------------------------------------------------------------------------- - * - * TODO: ab hier müssen wir wohl was anpassen - * - */ - - final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); - MergedRegisterSearchResult initialSearchResult = - authProcessData.getGenericDataFromSession(DATA_INITIAL_REGISTER_RESULT, MergedRegisterSearchResult.class); - SimpleEidasData eidasData = authProcessData.getGenericDataFromSession(DATA_SIMPLE_EIDAS, SimpleEidasData.class); - - SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData); - if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) { - //TODO User has cheated? - throw new InvalidUserInputException(); - } - - String bpkZp = simpleMobileSignatureData.getBpk(); - MergedRegisterSearchResult result = registerSearchService.searchWithBpkZp(bpkZp); - if (result.getResultCount() == 0) { - //go to step 16 - executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); - return; - } else if (result.getResultCount() == 1) { - String bpk = registerSearchService.step7aKittProcess(initialSearchResult, result, eidasData, pendingReq); - authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); - return; - //node 110 - } else if (result.getResultCount() > 1) { - throw new ManualFixNecessaryException("bpkZp: " + bpkZp);// node 108 - } - - // set NeedConsent to false, because user gives consent during authentication - pendingReq.setNeedUserConsent(false); - log.info("Receive a valid assertion from IDP " + inboundMessage.getEntityID()); - } catch (final AuthnResponseValidationException e) { - throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e); - } catch (MessageDecodingException | SecurityException | SamlSigningException e) { - //final String samlRequest = request.getParameter("SAMLRequest"); - //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}", - // samlRequest, null, e); - throw new TaskExecutionException(pendingReq, ERROR_MSG_00, - new AuthnResponseValidationException(ERROR_PVP_11, new Object[]{MODULE_NAME_FOR_LOGGING}, e)); - } catch (IOException | MarshallingException | TransformerException e) { - log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); - throw new TaskExecutionException(pendingReq, ERROR_MSG_01, - new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); - } catch (final CredentialsNotAvailableException e) { - log.debug("PVP response decrytion FAILED. No credential found.", e); - throw new TaskExecutionException(pendingReq, ERROR_MSG_02, - new AuthnResponseValidationException(ERROR_PVP_10, new Object[]{MODULE_NAME_FOR_LOGGING}, e)); - } catch (final Exception e) { - e.printStackTrace(); - log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e); - throw new TaskExecutionException(pendingReq, ERROR_MSG_03, - new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); - } - } - - @NotNull - private InboundMessage decodeAndVerifyMessage(HttpServletRequest request, HttpServletResponse response, - IDecoder decoder, EaafUriCompare comparator) throws Exception { - InboundMessage inboundMessage = (InboundMessage) decoder.decode(request, response, metadataProvider, - IDPSSODescriptor.DEFAULT_ELEMENT_NAME, comparator); - if (!inboundMessage.isVerified()) { - samlVerificationEngine.verify(inboundMessage, TrustEngineFactory.getSignatureKnownKeysTrustEngine( - metadataProvider)); - inboundMessage.setVerified(true); - } - return inboundMessage; - } - - private void validateEntityId(InboundMessage inboundMessage) throws AuthnResponseValidationException { - final String msNodeEntityID = authConfig - .getBasicConfiguration(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID); - final String respEntityId = inboundMessage.getEntityID(); - if (!msNodeEntityID.equals(respEntityId)) { - log.warn("Response Issuer is not from valid 'ID Austria IDP'. Stopping ID Austria authentication ..."); - throw new AuthnResponseValidationException(ERROR_PVP_08, - new Object[]{MODULE_NAME_FOR_LOGGING, - inboundMessage.getEntityID()}); - } - } - - @NotNull - private EaafUriCompare loadComparator(HttpServletRequest request) throws AuthnResponseValidationException { - if (request.getMethod().equalsIgnoreCase("POST")) { - log.trace("Receive PVP Response from 'ID Austria system', by using POST-Binding."); - return new EaafUriCompare(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_POST); - } else if (request.getMethod().equalsIgnoreCase("GET")) { - log.trace("Receive PVP Response from 'ID Austria system', by using Redirect-Binding."); - return new EaafUriCompare(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT); - } else { - log.warn("Receive PVP Response from 'ID Austria system', but Binding {} is not supported.", request.getMethod()); - throw new AuthnResponseValidationException(ERROR_PVP_03, new Object[]{MODULE_NAME_FOR_LOGGING}); - } - } - - @NotNull - private IDecoder loadDecoder(HttpServletRequest request) throws AuthnResponseValidationException { - if (request.getMethod().equalsIgnoreCase("POST")) { - log.trace("Receive PVP Response from 'ID Austria system', by using POST-Binding."); - return new PostBinding(); - } else if (request.getMethod().equalsIgnoreCase("GET")) { - log.trace("Receive PVP Response from 'ID Austria system', by using Redirect-Binding."); - return new RedirectBinding(); - } else { - log.warn("Receive PVP Response from 'ID Austria system', but Binding {} is not supported.", request.getMethod()); - throw new AuthnResponseValidationException(ERROR_PVP_03, new Object[]{MODULE_NAME_FOR_LOGGING}); - } - } - - private Pair validateAssertion(PvpSProfileResponse msg) - throws IOException, MarshallingException, TransformerException, - CredentialsNotAvailableException, AuthnResponseValidationException, SamlAssertionValidationExeption { - log.debug("Start PVP21 assertion processing... "); - final Response response = (Response) msg.getResponse(); - if (response.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS)) { - samlVerificationEngine.validateAssertion(response, - credentialProvider.getMessageEncryptionCredential(), - pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_METADATA, - MODULE_NAME_FOR_LOGGING); - msg.setSamlMessage(Saml2Utils.asDomDocument(response).getDocumentElement()); - revisionsLogger.logEvent(pendingReq, - IdAustriaClientAuthEventConstants.AUTHPROCESS_ID_AUSTRIA_RESPONSE_RECEIVED, - response.getID()); - return Pair.newInstance(msg, false); - } else { - log.info("Receive StatusCode {} from 'ms-specific eIDAS node'.", response.getStatus().getStatusCode().getValue()); - StatusCode subStatusCode = getSubStatusCode(response); - if (subStatusCode != null - && IdAustriaClientAuthConstants.SAML2_STATUSCODE_USERSTOP.equals(subStatusCode.getValue())) { - log.info("Find 'User-Stop operation' in SAML2 response. Stopping authentication process ... "); - return Pair.newInstance(msg, true); - } - - revisionsLogger.logEvent(pendingReq, - IdAustriaClientAuthEventConstants.AUTHPROCESS_ID_AUSTRIA_RESPONSE_RECEIVED_ERROR); - throw new AuthnResponseValidationException(ERROR_PVP_05, - new Object[]{MODULE_NAME_FOR_LOGGING, - response.getIssuer().getValue(), - response.getStatus().getStatusCode().getValue(), - response.getStatus().getStatusMessage().getMessage()}); - } - } - - /** - * Get SAML2 Sub-StatusCode if not null. - * - * @param samlResp SAML2 response - * @return Sub-StatusCode or null if it's not set - */ - private StatusCode getSubStatusCode(Response samlResp) { - if (samlResp.getStatus().getStatusCode().getStatusCode() != null - && StringUtils.isNotEmpty(samlResp.getStatus().getStatusCode().getStatusCode().getValue())) { - return samlResp.getStatus().getStatusCode().getStatusCode(); - } - return null; - } - - private SimpleMobileSignatureData getAuthDataFromInterfederation(AssertionAttributeExtractor extractor, - AuthProcessDataWrapper authProcessData) - throws EaafBuilderException { - List requiredAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES; - SimpleMobileSignatureData result = new SimpleMobileSignatureData(); - try { - if (!extractor.containsAllRequiredAttributes(requiredAttributes)) { - log.warn("PVP Response from 'ID Austria node' contains not all requested attributes."); - throw new AssertionValidationExeption(ERROR_PVP_06, new Object[]{MODULE_NAME_FOR_LOGGING}); - } - final Set includedAttrNames = extractor.getAllIncludeAttributeNames(); - for (final String attrName : includedAttrNames) { - if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) { - result.setBpk(extractor.getSingleAttributeValue(attrName)); - } - if (PvpAttributeDefinitions.GIVEN_NAME_NAME.equals(attrName)) { - result.setGivenName(extractor.getSingleAttributeValue(attrName)); - } - if (PvpAttributeDefinitions.PRINCIPAL_NAME_NAME.equals(attrName)) { - result.setFamilyName(extractor.getSingleAttributeValue(attrName)); - } - if (PvpAttributeDefinitions.BIRTHDATE_NAME.equals(attrName)) { - result.setDateOfBirth(extractor.getSingleAttributeValue(attrName)); - } - if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) { - authProcessData.setQaaLevel(extractor.getSingleAttributeValue(attrName)); - } - } - authProcessData.setIssueInstant(extractor.getAssertionIssuingDate()); - } catch (final AssertionValidationExeption e) { - throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e); - } - return result; - } - - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java new file mode 100644 index 00000000..0f40b337 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java @@ -0,0 +1,340 @@ +/* + * Copyright 2021 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleMobileSignatureData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthEventConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; +import org.jetbrains.annotations.NotNull; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.messaging.decoder.MessageDecodingException; +import org.opensaml.saml.saml2.core.Response; +import org.opensaml.saml.saml2.core.StatusCode; +import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.TransformerException; +import java.io.IOException; +import java.util.List; +import java.util.Set; + +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_INITIAL_REGISTER_RESULT; +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_SIMPLE_EIDAS; +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING; + +/** + * Task that receives the SAML2 response from ID Austria system. + * This corresponds to Step 15 in the eIDAS Matching Concept. + * + * @author tlenz + */ +@Slf4j +@Component("ReceiveMobilePhoneSignatureResponseTask") +public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServletTask { + + private final SamlVerificationEngine samlVerificationEngine; + private final RegisterSearchService registerSearchService; + private final IdAustriaClientAuthCredentialProvider credentialProvider; + private final IdAustriaClientAuthMetadataProvider metadataProvider; + + private static final String ERROR_PVP_03 = "sp.pvp2.03"; + private static final String ERROR_PVP_05 = "sp.pvp2.05"; + private static final String ERROR_PVP_06 = "sp.pvp2.06"; + private static final String ERROR_PVP_08 = "sp.pvp2.08"; + private static final String ERROR_PVP_10 = "sp.pvp2.10"; + private static final String ERROR_PVP_11 = "sp.pvp2.11"; + private static final String ERROR_PVP_12 = "sp.pvp2.12"; + + private static final String ERROR_MSG_00 = "Receive INVALID PVP Response from ID Austria system"; + private static final String ERROR_MSG_01 = "Processing PVP response from 'ID Austria system' FAILED."; + private static final String ERROR_MSG_02 = "PVP response decryption FAILED. No credential found."; + private static final String ERROR_MSG_03 = "PVP response validation FAILED."; + + /** + * Creates the new task, with autowired dependencies from Spring. + */ + public ReceiveMobilePhoneSignatureResponseTask(SamlVerificationEngine samlVerificationEngine, + RegisterSearchService registerSearchService, + IdAustriaClientAuthCredentialProvider credentialProvider, + IdAustriaClientAuthMetadataProvider metadataProvider) { + this.samlVerificationEngine = samlVerificationEngine; + this.registerSearchService = registerSearchService; + this.credentialProvider = credentialProvider; + this.metadataProvider = metadataProvider; + } + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + log.trace("Starting ReceiveMobilePhoneSignatureResponseTask"); + IDecoder decoder = loadDecoder(request); + EaafUriCompare comparator = loadComparator(request); + InboundMessage inboundMessage = decodeAndVerifyMessage(request, response, decoder, comparator); + Pair processedMsg = validateAssertion((PvpSProfileResponse) inboundMessage); + if (processedMsg.getSecond()) { + stopProcessFromUserDecision(executionContext, request, response); + return; + } + + validateEntityId(inboundMessage); + AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(processedMsg.getFirst().getResponse()); + + /* + * SAML2 response ist bereits vollständig validiert und die Attribute können aus dem + * ausgelesen werden. + * Die AttributeNamen sind entsprechend PVP Spezifikation, z.B. PvpAttributeDefinitions.GIVEN_NAME_NAME + * + * --------------------------------------------------------------------------------------------- + * + * TODO: ab hier müssen wir wohl was anpassen + * + */ + + AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + MergedRegisterSearchResult initialSearchResult = + authProcessData.getGenericDataFromSession(DATA_INITIAL_REGISTER_RESULT, MergedRegisterSearchResult.class); + SimpleEidasData eidasData = authProcessData.getGenericDataFromSession(DATA_SIMPLE_EIDAS, SimpleEidasData.class); + String bpkZp = extractBpkZp(extractor, authProcessData, eidasData); + + MergedRegisterSearchResult result = registerSearchService.searchWithBpkZp(bpkZp); + if (result.getResultCount() == 0) { + executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); + return; + } else if (result.getResultCount() == 1) { + String bpk = registerSearchService.step7aKittProcess(initialSearchResult, result, eidasData, pendingReq); + authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); + return; + } else if (result.getResultCount() > 1) { + throw new ManualFixNecessaryException("bpkZp: " + bpkZp); + } + + // set NeedConsent to false, because user gives consent during authentication + pendingReq.setNeedUserConsent(false); + log.info("Receive a valid assertion from IDP " + inboundMessage.getEntityID()); + } catch (final AuthnResponseValidationException e) { + throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e); + } catch (MessageDecodingException | SecurityException | SamlSigningException e) { + //final String samlRequest = request.getParameter("SAMLRequest"); + //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}", + // samlRequest, null, e); + throw new TaskExecutionException(pendingReq, ERROR_MSG_00, + new AuthnResponseValidationException(ERROR_PVP_11, new Object[]{MODULE_NAME_FOR_LOGGING}, e)); + } catch (IOException | MarshallingException | TransformerException e) { + log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); + throw new TaskExecutionException(pendingReq, ERROR_MSG_01, + new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); + } catch (final CredentialsNotAvailableException e) { + log.debug("PVP response decryption FAILED. No credential found.", e); + throw new TaskExecutionException(pendingReq, ERROR_MSG_02, + new AuthnResponseValidationException(ERROR_PVP_10, new Object[]{MODULE_NAME_FOR_LOGGING}, e)); + } catch (final Exception e) { + e.printStackTrace(); + log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e); + throw new TaskExecutionException(pendingReq, ERROR_MSG_03, + new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); + } + } + + private String extractBpkZp(AssertionAttributeExtractor extractor, + AuthProcessDataWrapper authProcessData, + SimpleEidasData eidasData) throws EaafBuilderException, InvalidUserInputException { + SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData); + if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) { + //TODO User has cheated? + throw new InvalidUserInputException(); + } + return simpleMobileSignatureData.getBpk(); + } + + @NotNull + private InboundMessage decodeAndVerifyMessage(HttpServletRequest request, HttpServletResponse response, + IDecoder decoder, EaafUriCompare comparator) throws Exception { + InboundMessage inboundMessage = (InboundMessage) decoder.decode(request, response, metadataProvider, + IDPSSODescriptor.DEFAULT_ELEMENT_NAME, comparator); + if (!inboundMessage.isVerified()) { + samlVerificationEngine.verify(inboundMessage, TrustEngineFactory.getSignatureKnownKeysTrustEngine( + metadataProvider)); + inboundMessage.setVerified(true); + } + return inboundMessage; + } + + private void validateEntityId(InboundMessage inboundMessage) throws AuthnResponseValidationException { + final String msNodeEntityID = authConfig + .getBasicConfiguration(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID); + final String respEntityId = inboundMessage.getEntityID(); + if (!msNodeEntityID.equals(respEntityId)) { + log.warn("Response Issuer is not from valid 'ID Austria IDP'. Stopping ID Austria authentication ..."); + throw new AuthnResponseValidationException(ERROR_PVP_08, + new Object[]{MODULE_NAME_FOR_LOGGING, + inboundMessage.getEntityID()}); + } + } + + @NotNull + private EaafUriCompare loadComparator(HttpServletRequest request) throws AuthnResponseValidationException { + if (request.getMethod().equalsIgnoreCase("POST")) { + log.trace("Receive PVP Response from 'ID Austria system', by using POST-Binding."); + return new EaafUriCompare(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_POST); + } else if (request.getMethod().equalsIgnoreCase("GET")) { + log.trace("Receive PVP Response from 'ID Austria system', by using Redirect-Binding."); + return new EaafUriCompare(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT); + } else { + log.warn("Receive PVP Response from 'ID Austria system', but Binding {} is not supported.", request.getMethod()); + throw new AuthnResponseValidationException(ERROR_PVP_03, new Object[]{MODULE_NAME_FOR_LOGGING}); + } + } + + @NotNull + private IDecoder loadDecoder(HttpServletRequest request) throws AuthnResponseValidationException { + if (request.getMethod().equalsIgnoreCase("POST")) { + log.trace("Receive PVP Response from 'ID Austria system', by using POST-Binding."); + return new PostBinding(); + } else if (request.getMethod().equalsIgnoreCase("GET")) { + log.trace("Receive PVP Response from 'ID Austria system', by using Redirect-Binding."); + return new RedirectBinding(); + } else { + log.warn("Receive PVP Response from 'ID Austria system', but Binding {} is not supported.", request.getMethod()); + throw new AuthnResponseValidationException(ERROR_PVP_03, new Object[]{MODULE_NAME_FOR_LOGGING}); + } + } + + private Pair validateAssertion(PvpSProfileResponse msg) + throws IOException, MarshallingException, TransformerException, + CredentialsNotAvailableException, AuthnResponseValidationException, SamlAssertionValidationExeption { + log.debug("Start PVP21 assertion processing... "); + final Response response = (Response) msg.getResponse(); + if (response.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS)) { + samlVerificationEngine.validateAssertion(response, + credentialProvider.getMessageEncryptionCredential(), + pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_METADATA, + MODULE_NAME_FOR_LOGGING); + msg.setSamlMessage(Saml2Utils.asDomDocument(response).getDocumentElement()); + revisionsLogger.logEvent(pendingReq, + IdAustriaClientAuthEventConstants.AUTHPROCESS_ID_AUSTRIA_RESPONSE_RECEIVED, + response.getID()); + return Pair.newInstance(msg, false); + } else { + log.info("Receive StatusCode {} from 'ms-specific eIDAS node'.", response.getStatus().getStatusCode().getValue()); + StatusCode subStatusCode = getSubStatusCode(response); + if (subStatusCode != null + && IdAustriaClientAuthConstants.SAML2_STATUSCODE_USERSTOP.equals(subStatusCode.getValue())) { + log.info("Find 'User-Stop operation' in SAML2 response. Stopping authentication process ... "); + return Pair.newInstance(msg, true); + } + + revisionsLogger.logEvent(pendingReq, + IdAustriaClientAuthEventConstants.AUTHPROCESS_ID_AUSTRIA_RESPONSE_RECEIVED_ERROR); + throw new AuthnResponseValidationException(ERROR_PVP_05, + new Object[]{MODULE_NAME_FOR_LOGGING, + response.getIssuer().getValue(), + response.getStatus().getStatusCode().getValue(), + response.getStatus().getStatusMessage().getMessage()}); + } + } + + /** + * Get SAML2 Sub-StatusCode if not null. + * + * @param samlResp SAML2 response + * @return Sub-StatusCode or null if it's not set + */ + private StatusCode getSubStatusCode(Response samlResp) { + if (samlResp.getStatus().getStatusCode().getStatusCode() != null + && StringUtils.isNotEmpty(samlResp.getStatus().getStatusCode().getStatusCode().getValue())) { + return samlResp.getStatus().getStatusCode().getStatusCode(); + } + return null; + } + + private SimpleMobileSignatureData getAuthDataFromInterfederation(AssertionAttributeExtractor extractor, + AuthProcessDataWrapper authProcessData) + throws EaafBuilderException { + List requiredAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES; + SimpleMobileSignatureData result = new SimpleMobileSignatureData(); + if (!extractor.containsAllRequiredAttributes(requiredAttributes)) { + log.warn("PVP Response from 'ID Austria node' contains not all requested attributes."); + AssertionValidationExeption e = new AssertionValidationExeption(ERROR_PVP_06, + new Object[]{MODULE_NAME_FOR_LOGGING}); + throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e); + } + final Set includedAttrNames = extractor.getAllIncludeAttributeNames(); + for (final String attrName : includedAttrNames) { + if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) { + result.setBpk(extractor.getSingleAttributeValue(attrName)); + } + if (PvpAttributeDefinitions.GIVEN_NAME_NAME.equals(attrName)) { + result.setGivenName(extractor.getSingleAttributeValue(attrName)); + } + if (PvpAttributeDefinitions.PRINCIPAL_NAME_NAME.equals(attrName)) { + result.setFamilyName(extractor.getSingleAttributeValue(attrName)); + } + if (PvpAttributeDefinitions.BIRTHDATE_NAME.equals(attrName)) { + result.setDateOfBirth(extractor.getSingleAttributeValue(attrName)); + } + if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) { + authProcessData.setQaaLevel(extractor.getSingleAttributeValue(attrName)); + } + } + authProcessData.setIssueInstant(extractor.getAssertionIssuingDate()); + return result; + } + + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 34046e55..ed086493 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -121,7 +121,7 @@ scope="prototype" /> task.execute(pendingReq, executionContext)); - - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.03", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); - } - - @Test - public void httpGetNoMessage() { - httpReq = new MockHttpServletRequest("GET", "https://localhost/authhandler"); - RequestContextHolder.resetRequestAttributes(); - RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - - final TaskExecutionException e = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq, executionContext)); - - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); - - } - - @Test - public void httpPostNoMessage() { - final TaskExecutionException e = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq, executionContext)); - - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); - } - - @Test - public void httpPostMessageNotSigned() throws IOException { - - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - IOUtils.toByteArray(ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.class - .getResourceAsStream( - "/data/Response_without_sig_classpath_entityid.xml")))); - - final TaskExecutionException e = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq, executionContext)); - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); - - } - - @Test - public void httpPostMessageWrongDestinationEndpoint() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - TransformerException, MarshallingException { - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_with_wrong_destination_endpoint.xml", - credentialProvider.getMessageSigningCredential(), true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - final TaskExecutionException e = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq, executionContext)); - - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); - - } - - @Test - public void httpPostValidSignedNoMetadata() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException { - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_without_sig_classpath_entityid.xml", - credentialProvider.getMessageSigningCredential(), true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - final TaskExecutionException e = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq, executionContext)); - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.11", ((EaafException) e.getOriginalException()).getErrorId()); - } - - @Test - public void httpPostValidSignedAssertionOutDated() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException { - - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_without_sig_classpath_entityid.xml", - credentialProvider.getMessageSigningCredential(), false); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - final TaskExecutionException e = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq, executionContext)); - - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId()); - - } - - @Test - public void httpPostValidSignedAssertionFromWrongIdp() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException { - - authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, - "http://wrong.idp/" + RandomStringUtils.randomAlphabetic(5)); - - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_without_sig_classpath_entityid.xml", - credentialProvider.getMessageSigningCredential(), - true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - final TaskExecutionException e = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq, executionContext)); - - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.08", ((EaafException) e.getOriginalException()).getErrorId()); - - } - - @Test - public void httpPostValidSignedAssertionMissingAttributes() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException { - - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_without_sig_classpath_entityid.xml", - credentialProvider.getMessageSigningCredential(), - true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - final TaskExecutionException e = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq, executionContext)); - - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId()); - - } - - @Test - public void httpPostValidSignedWithError() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException { - - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_without_sig_with_error.xml", - credentialProvider.getMessageSigningCredential(), - true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - final TaskExecutionException e = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq, executionContext)); - - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId()); - - } - - @Test - public void httpPostValidSignedWitUserStopErrorCode() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException, TaskExecutionException { - - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_without_sig_with_error_userstop.xml", - credentialProvider.getMessageSigningCredential(), - true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - // perform test - task.execute(pendingReq, executionContext); - - // validate state - assertTrue("process not cancelled", executionContext.isProcessCancelled()); - assertTrue("process not stopped by user", pendingReq.isAbortedByUser()); - assertFalse("should not authenticated", pendingReq.isAuthenticated()); - - } - - @Test - public void httpPostValidSignedWithErrorAndNoSubCode() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException { - - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_without_sig_with_error_without_subcode.xml", - credentialProvider.getMessageSigningCredential(), - true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - try { - task.execute(pendingReq, executionContext); - fail("Invalid response not detected"); - - } catch (final TaskExecutionException e) { - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId()); - } - } - - @Test - public void httpPostValidSignedWithErrorAndEmptySubCode() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException { - - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_without_sig_with_error_empty_subcode.xml", - credentialProvider.getMessageSigningCredential(), - true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - try { - task.execute(pendingReq, executionContext); - fail("Invalid response not detected"); - - } catch (final TaskExecutionException e) { - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId()); - - } - } - - @Test - public void httpPostValidSignedAssertionEidValid() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException, TaskExecutionException, EaafStorageException { - - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_with_EID.xml", - credentialProvider.getMessageSigningCredential(), - true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - // put SimpleEidasData in session - final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); - final SimpleEidasData eidData = new SimpleEidasData(); - eidData.setFamilyName("Mustermann"); - eidData.setGivenName("Max"); - eidData.setDateOfBirth("1940-01-01"); - authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); - - // perform task - task.execute(pendingReq, executionContext); - - // validate state - final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); - assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel()); - assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString()); - - //TODO: - - } - - @Test - public void httpPostValidSignedAssertionEidValidButNameMissmatch() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException, TaskExecutionException, EaafStorageException { - - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_with_EID.xml", - credentialProvider.getMessageSigningCredential(), - true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - // put SimpleEidasData in session - final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); - final SimpleEidasData eidData = new SimpleEidasData(); - eidData.setFamilyName("Mustermann1"); - eidData.setGivenName("Max"); - eidData.setDateOfBirth("1940-01-01"); - authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); - - // perform task - try { - task.execute(pendingReq, executionContext); - fail("Invalid response not detected"); - - } catch (final TaskExecutionException e) { - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertTrue(e.getOriginalException().getCause() instanceof InvalidUserInputException); - } - - } - - private Response initializeResponse(String idpEntityId, String responsePath, EaafX509Credential credential, - boolean validConditions) throws SamlSigningException, XMLParserException, UnmarshallingException, - Pvp2MetadataException { - - final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream( - XMLObjectProviderRegistrySupport.getParserPool(), - ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.class.getResourceAsStream( - responsePath)); - response.setIssueInstant(DateTime.now()); - final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class); - issuer.setValue(idpEntityId); - response.setIssuer(issuer); - - if (validConditions) { - response.getAssertions().get(0).getConditions().setNotOnOrAfter(DateTime.now().plusMinutes(5)); - - } - - return Saml2Utils.signSamlObject(response, credential, true); - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java new file mode 100644 index 00000000..5ea7b59b --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java @@ -0,0 +1,371 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyPendingRequest; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; +import net.shibboleth.utilities.java.support.xml.ParserPool; +import org.apache.commons.io.IOUtils; +import org.apache.commons.lang3.RandomStringUtils; +import org.jetbrains.annotations.NotNull; +import org.joda.time.DateTime; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.saml2.core.Issuer; +import org.opensaml.saml.saml2.core.Response; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import javax.xml.transform.TransformerException; +import java.io.IOException; +import java.io.InputStream; +import java.nio.charset.StandardCharsets; +import java.util.Base64; +import java.util.Objects; + +import static org.junit.Assert.*; +import static org.springframework.util.Assert.isInstanceOf; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml" +}) +public class ReceiveMobilePhoneSignatureResponseTaskTest { + + private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml"; + + @Autowired + protected MsConnectorDummyConfigMap authConfig; + @Autowired + private IdAustriaClientAuthMetadataProvider metadataProvider; + @Autowired + private IdAustriaClientAuthCredentialProvider credentialProvider; + @Autowired + private PvpMetadataResolverFactory metadataFactory; + @Autowired + private ReceiveMobilePhoneSignatureResponseTask task; + + private final ExecutionContext executionContext = new ExecutionContextImpl(); + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + private DummyPendingRequest pendingReq; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void initialize() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + } + + /** + * jUnit test set-up. + * + * @throws Exception In case of an set-up error + */ + @Before + public void setUp() throws Exception { + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpReq.setScheme("https"); + httpReq.setServerPort(443); + httpReq.setContextPath("/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, METADATA_PATH); + + DummyOA oaParam = new DummyOA(); + oaParam.setUniqueAppId("http://test.com/test"); + oaParam.setTargetIdentifier(EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2)); + + pendingReq = new DummyPendingRequest(); + pendingReq.initialize(httpReq, authConfig); + pendingReq.setPendingRequestId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setOnlineApplicationConfiguration(oaParam); + + metadataProvider.fullyDestroy(); + } + + @Test + public void unsupportedHttpMethod() { + httpReq = new MockHttpServletRequest("PUT", "https://localhost/authhandler"); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.03", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpGetNoMessage() { + httpReq = new MockHttpServletRequest("GET", "https://localhost/authhandler"); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + + } + + @Test + public void httpPostNoMessage() { + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostMessageNotSigned() throws IOException { + byte[] bytes = IOUtils.toByteArray(ReceiveMobilePhoneSignatureResponseTask.class + .getResourceAsStream("/data/Response_without_sig_classpath_entityid.xml")); + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(bytes)); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + + } + + @Test + public void httpPostMessageWrongDestinationEndpoint() throws Exception { + initResponse("/data/Response_with_wrong_destination_endpoint.xml", true); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + + } + + @Test + public void httpPostValidSignedNoMetadata() throws Exception { + initResponse("/data/Response_without_sig_classpath_entityid.xml", true); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.11", ((EaafException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostValidSignedAssertionOutDated() throws Exception { + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + initResponse("/data/Response_without_sig_classpath_entityid.xml", false); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostValidSignedAssertionFromWrongIdp() throws Exception { + authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, + "http://wrong.idp/" + RandomStringUtils.randomAlphabetic(5)); + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + initResponse("/data/Response_without_sig_classpath_entityid.xml", true); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.08", ((EaafException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostValidSignedAssertionMissingAttributes() throws Exception { + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + initResponse("/data/Response_without_sig_classpath_entityid.xml", true); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostValidSignedWithError() throws Exception { + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + initResponse("/data/Response_without_sig_with_error.xml", true); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostValidSignedWitUserStopErrorCode() throws Exception { + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + initResponse("/data/Response_without_sig_with_error_userstop.xml", true); + + task.execute(pendingReq, executionContext); + + assertTrue("process not cancelled", executionContext.isProcessCancelled()); + assertTrue("process not stopped by user", pendingReq.isAbortedByUser()); + assertFalse("should not authenticated", pendingReq.isAuthenticated()); + } + + @Test + public void httpPostValidSignedWithErrorAndNoSubCode() throws Exception { + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + initResponse("/data/Response_without_sig_with_error_without_subcode.xml", true); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostValidSignedWithErrorAndEmptySubCode() throws Exception { + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + initResponse("/data/Response_without_sig_with_error_empty_subcode.xml", true); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostValidSignedAssertionEidValidButNameMismatch() throws Exception { + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + initResponse("/data/Response_with_EID.xml", true); + AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + SimpleEidasData eidData = createEidasDataMatchingToSamlResponse(); + eidData.setFamilyName(eidData.getFamilyName() + "notmatching"); + authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + isInstanceOf(InvalidUserInputException.class, e.getOriginalException().getCause()); + } + + @Test + public void httpPostValidSignedAssertionEidValid() throws Exception { + // klar darstellen: was ist input, was ist dann expected output ... eigentlich für alle tasks! + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + initResponse("/data/Response_with_EID.xml", true); + AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + SimpleEidasData eidData = createEidasDataMatchingToSamlResponse(); + authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); + + task.execute(pendingReq, executionContext); + + AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); + assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel()); + assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString()); + + //TODO this is the good case + } + + @NotNull + private SimpleEidasData createEidasDataMatchingToSamlResponse() { + // data from "/data/Response_with_EID.xml" + SimpleEidasData result = new SimpleEidasData(); + result.setFamilyName("Mustermann"); + result.setGivenName("Max"); + result.setDateOfBirth("1940-01-01"); + return result; + } + + private void addSamlResponseToHttpReq(Response response) throws TransformerException, IOException, MarshallingException { + String node = DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)); + String base64encoded = Base64.getEncoder().encodeToString(node.getBytes(StandardCharsets.UTF_8)); + httpReq.addParameter("SAMLResponse", base64encoded); + } + + private void initResponse(String responsePath, boolean validConditions) throws Exception { + InputStream inputStream = ReceiveMobilePhoneSignatureResponseTaskTest.class.getResourceAsStream(responsePath); + ParserPool parserPool = Objects.requireNonNull(XMLObjectProviderRegistrySupport.getParserPool()); + Response response = (Response) XMLObjectSupport.unmarshallFromInputStream(parserPool, inputStream); + response.setIssueInstant(DateTime.now()); + Issuer issuer = Saml2Utils.createSamlObject(Issuer.class); + issuer.setValue("classpath:/data/idp_metadata_classpath_entity.xml"); + response.setIssuer(issuer); + if (validConditions) { + response.getAssertions().get(0).getConditions().setNotOnOrAfter(DateTime.now().plusMinutes(5)); + } + Response signedResponse = Saml2Utils.signSamlObject(response, credentialProvider.getMessageSigningCredential(), true); + addSamlResponseToHttpReq(signedResponse); + } + +} -- cgit v1.2.3 From b9bc937ff9471c60ced2ef9ed7df526cf31059db Mon Sep 17 00:00:00 2001 From: Christian Kollmann Date: Thu, 4 Mar 2021 14:00:53 +0100 Subject: Document input, output, transitions for each task --- .../config/templates/other_login_method.html | 1 + .../specific/modules/auth/eidas/v2/Constants.java | 42 +++++++- .../eidas/v2/service/RegisterSearchService.java | 22 ++-- .../eidas/v2/tasks/CreateIdentityLinkTask.java | 96 +++++++++--------- .../eidas/v2/tasks/CreateNewErnpEntryTask.java | 38 ++++--- .../v2/tasks/GenerateOtherLoginMethodGuiTask.java | 1 + .../auth/eidas/v2/tasks/InitialSearchTask.java | 112 ++++++++++----------- .../ReceiveAustrianResidenceGuiResponseTask.java | 90 ++++++++++++----- .../ReceiveMobilePhoneSignatureResponseTask.java | 77 ++++++++++---- .../ReceiveOtherLoginMethodGuiResponseTask.java | 15 +++ .../resources/eIDAS.Authentication.process.xml | 28 +++--- 11 files changed, 330 insertions(+), 192 deletions(-) (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/connector/src/test/resources/config/templates/other_login_method.html b/connector/src/test/resources/config/templates/other_login_method.html index 3a3f9a4a..56c368c6 100644 --- a/connector/src/test/resources/config/templates/other_login_method.html +++ b/connector/src/test/resources/config/templates/other_login_method.html @@ -231,6 +231,7 @@ + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index c2fc44b9..76c026ae 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -34,9 +34,26 @@ public class Constants { public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA"; public static final String DATA_REQUESTED_LOA_COMPERISON = "req_requestedLoAComperision"; public static final String DATA_FULL_EIDAS_RESPONSE = "resp_fulleIDASResponse"; - public static final String DATA_RESULT_MATCHING_BPK = "matching-result-bpk"; - public static final String DATA_SIMPLE_EIDAS = "simple_eidas_data"; - public static final String DATA_INITIAL_REGISTER_RESULT = "initial_register_result"; + + /** + * Stored when one match from register was found + */ + public static final String DATA_RESULT_MATCHING_BPK = "matching_result_bpk"; + + /** + * Stored before Step 2 from Matching Concept, input from user eIDAS authn + */ + public static final String DATA_SIMPLE_EIDAS = "matching_simple_eidas_data"; + + /** + * Stored after Step 2 from Matching Concept, first results from search with Person Identifier + */ + public static final String DATA_INITIAL_REGISTER_RESULT = "matching_initial_register_result"; + + /** + * Stored after Step 8 from Matching Concept, results from search in registers with MDS + */ + public static final String DATA_FURTHER_REGISTER_RESULT = "matching_further_register_result"; // templates for post-binding forwarding public static final String TEMPLATE_POST_FORWARD_NAME = "eidas_node_forward.html"; @@ -183,13 +200,32 @@ public class Constants { public static final String COUNTRY_CODE_DE = "DE"; public static final String COUNTRY_CODE_IT = "IT"; + /** + * {@link at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateNewErnpEntryTask} + */ public static final String TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK = "TASK_CreateNewErnpEntryTask"; + + /** + * {@link at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateOtherLoginMethodGuiTask} + */ public static final String TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK = "TASK_GenerateOtherLoginMethodGuiTask"; + + /** + * {@link at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAustrianResidenceGuiTask} + */ public static final String TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK = "TASK_GenerateAustrianResidenceGuiTask"; + + /** + * {@link at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateMobilePhoneSignatureRequestTask} + */ public static final String TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK = "TASK_GenerateMobilePhoneSignatureRequestTask"; + + /** + * TODO Second eidas login + */ public static final String TRANSITION_TO_GENERATE_EIDAS_LOGIN = "TASK_TODO"; public static final String REQ_SELECTED_LOGIN_METHOD_PARAMETER = "loginSelection"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java index fad985c2..6b524e36 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java @@ -30,30 +30,32 @@ public class RegisterSearchService { * Automatic process to fix the register entries. * * @param initialSearchResult Result of initial register search - * @param specificDetailSearchResult Result of last register search + * @param specificSearchResult Result of last register search * @param eidasData Received eidas data * @param pendingReq Pending request * @return The bpk * @throws TaskExecutionException if an error occurs during the register update */ public String step7aKittProcess(MergedRegisterSearchResult initialSearchResult, - MergedRegisterSearchResult specificDetailSearchResult, - SimpleEidasData eidasData, IRequest pendingReq) throws TaskExecutionException { + MergedRegisterSearchResult specificSearchResult, + SimpleEidasData eidasData, + IRequest pendingReq) throws TaskExecutionException { + log.trace("Starting step7aKittProcess"); // TODO verify with which data this method gets called try { if (initialSearchResult.getResultCount() != 0) { throw new WorkflowException("initialSearchResult.getResultCount() != 0"); } - if (specificDetailSearchResult.getResultCount() != 1) { - throw new WorkflowException("countrySpecificDetailSearchResult.getResultCount() != 1"); + if (specificSearchResult.getResultCount() != 1) { + throw new WorkflowException("specificSearchResult.getResultCount() != 1"); } - if (specificDetailSearchResult.getResultsZmr().size() == 1) { - zmrClient.update(specificDetailSearchResult.getResultsZmr().get(0), eidasData); + if (specificSearchResult.getResultsZmr().size() == 1) { + zmrClient.update(specificSearchResult.getResultsZmr().get(0), eidasData); } - if (specificDetailSearchResult.getResultsErnp().size() == 1) { - ernpClient.update(specificDetailSearchResult.getResultsErnp().get(0), eidasData); + if (specificSearchResult.getResultsErnp().size() == 1) { + ernpClient.update(specificSearchResult.getResultsErnp().get(0), eidasData); } - return specificDetailSearchResult.getBpk(); + return specificSearchResult.getBpk(); } catch (WorkflowException e) { throw new TaskExecutionException(pendingReq, "Step7a failed.", e); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index b519354c..65e9028f 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -85,6 +85,10 @@ import szrservices.TravelDocumentType; * Task that creates the IdentityLink for an eIDAS authenticated person. * * @author tlenz + * + * TODO Take Constants#DATA_SIMPLE_EIDAS and Constants#DATA_RESULT_MATCHING_BPK + * TODO Only do VSZ Erstellung and eidasBind -- this is always the end of the whole process + * TODO Move Eintragung to separate Task, as it does not happen every time */ @Slf4j @Component("CreateIdentityLinkTask") @@ -96,12 +100,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { private SzrClient szrClient; @Autowired private ICcSpecificEidProcessingService eidPostProcessor; - + @Autowired private AuthBlockSigningService authBlockSigner; private static final String EID_STATUS = "urn:eidgvat:eid.status.eidas"; - + /* * (non-Javadoc) * @@ -131,81 +135,81 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { if (basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) { SzrResultHolder idlResult = createDummyIdentityLinkForTestDeployment(eidData); //inject personal-data into session - authProcessData.setIdentityLink(idlResult.getIdentityLink()); - + authProcessData.setIdentityLink(idlResult.getIdentityLink()); + // set bPK and bPKType into auth session authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix( idlResult.getBpK(), pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier())); authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, pendingReq.getServiceProviderConfiguration() .getAreaSpecificTargetIdentifier()); - + } else { - //build SZR request from eIDAS data + //build SZR request from eIDAS data final PersonInfoType personInfo = generateSzrRequest(eidData); - + //request SZR based on IDL or E-ID mode if (pendingReq.getServiceProviderConfiguration() .isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false)) { // get encrypted baseId String vsz = szrClient.getEncryptedStammzahl(personInfo); - + //write revision-Log entry and extended infos personal-identifier mapping revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_VSZ_RECEIVED); writeExtendedRevisionLogEntry(simpleAttrMap, eidData); - - + + // get eIDAS bind - String signedEidasBind = szrClient.getEidsaBind(vsz, - authBlockSigner.getBase64EncodedPublicKey(), + String signedEidasBind = szrClient.getEidsaBind(vsz, + authBlockSigner.getBase64EncodedPublicKey(), EID_STATUS, eidData); revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_EIDASBIND_RECEIVED); authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind); - + //get signed AuthBlock String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq); revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.TECH_AUCHBLOCK_CREATED); authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature); - + //inject personal-data into session authProcessData.setEidProcess(true); - + } else { //request SZR SzrResultHolder idlResult = requestSzrForIdentityLink(personInfo); - + //write revision-Log entry for personal-identifier mapping writeExtendedRevisionLogEntry(simpleAttrMap, eidData); - + //check result-data and write revision-log based on current state checkStateAndWriteRevisionLog(idlResult); - + //inject personal-data into session - authProcessData.setIdentityLink(idlResult.getIdentityLink()); + authProcessData.setIdentityLink(idlResult.getIdentityLink()); authProcessData.setEidProcess(false); - + // set bPK and bPKType into auth session authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix( idlResult.getBpK(), pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier())); authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, pendingReq.getServiceProviderConfiguration() .getAreaSpecificTargetIdentifier()); - + } } - + //add generic info's into session authProcessData.setForeigner(true); authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, EidasResponseUtils .parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)) .getFirst()); authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance()); - + // store pending-request requestStoreage.storePendingRequest(pendingReq); - - + + } catch (final EidasAttributeException e) { throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e); @@ -229,7 +233,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - + private PersonInfoType generateSzrRequest(ErnbEidData eidData) { log.debug("Starting connecting SZR Gateway"); final PersonInfoType personInfo = new PersonInfoType(); @@ -278,16 +282,16 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - + return personInfo; - + } - private SzrResultHolder requestSzrForIdentityLink(PersonInfoType personInfo) + private SzrResultHolder requestSzrForIdentityLink(PersonInfoType personInfo) throws SzrCommunicationException, EaafException { //request IdentityLink from SZR final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo); - + final Element idlFromSzr = (Element) result.getAssertion(); IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink(); @@ -301,9 +305,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined")); if (!bpkList.isEmpty()) { bpk = bpkList.get(0); - + } - + } else { log.debug("Calculating bPK from baseId ... "); @@ -316,11 +320,11 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { bpk = bpkCalc.getFirst(); } - + return new SzrResultHolder(identityLink, bpk); - + } - + private void checkStateAndWriteRevisionLog(SzrResultHolder idlResult) throws SzrCommunicationException { // write some infos into revision log if (idlResult.getIdentityLink() == null) { @@ -341,9 +345,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED); log.debug("ERnB communication was successfull"); - + } - + private String extendBpkByPrefix(String bpk, String type) { String bpkType = null; @@ -433,20 +437,20 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - + @Data - private static class SzrResultHolder { + private static class SzrResultHolder { final IIdentityLink identityLink; final String bpK; - + } - + /** * Build a dummy IdentityLink and a dummy bPK based on eIDAS information. - * + * *

* FOR LOCAL TESTING ONLY!!! - * + * * @param eidData Information from eIDAS response * @return IdentityLink and bPK * @throws ParserConfigurationException In case of an IDL processing error @@ -454,7 +458,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { * @throws IOException In case of an IDL processing error * @throws EaafException In case of a bPK generation error */ - private SzrResultHolder createDummyIdentityLinkForTestDeployment(ErnbEidData eidData) + private SzrResultHolder createDummyIdentityLinkForTestDeployment(ErnbEidData eidData) throws ParserConfigurationException, SAXException, IOException, EaafException { log.warn("SZR-Dummy IS ACTIVE! IdentityLink is NOT VALID!!!!"); // create fake IdL @@ -495,9 +499,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { .generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(), identityLink.getIdentificationType(), pendingReq.getServiceProviderConfiguration() - .getAreaSpecificTargetIdentifier()); + .getAreaSpecificTargetIdentifier()); return new SzrResultHolder(identityLink, bpkCalc.getFirst()); - + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java index bab1945a..b89af3a0 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java @@ -23,6 +23,7 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -30,18 +31,29 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import lombok.extern.slf4j.Slf4j; -import org.jetbrains.annotations.NotNull; import org.springframework.stereotype.Component; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_SIMPLE_EIDAS; - /** - * Task that searches ErnB and ZMR before adding person to SZR. + * Task that searches ERnP and ZMR before adding person to SZR. + * This corresponds to Step 9 in the eIDAS Matching Concept. + * + * Input: + *
    + *
  • {@link Constants#DATA_SIMPLE_EIDAS}
    • + *
+ * Output: + *
    + *
  • TODO MDS, BPK of new entry
    • + *
+ * + * TODO Import code from CreateIdentityLinkTask + * TODO Nicht mit BMI abgestimmt: ERnP Eintrag über SZR anzulegen? * * @author amarsalek + * @author ckollmann */ @Slf4j @Component("CreateNewErnbEntryTask") @@ -61,25 +73,21 @@ public class CreateNewErnpEntryTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { - // TODO really the correct key? - SimpleEidasData simpleEidasData = getAuthProcessData().getGenericDataFromSession(DATA_SIMPLE_EIDAS, - SimpleEidasData.class); - step9CreateNewErnpEntry(simpleEidasData); + SimpleEidasData simpleEidasData = getInitialEidasData(); + //TODO Does this return the BPK? + ernpClient.createNewEntry(simpleEidasData); } catch (final Exception e) { log.error("Initial search FAILED.", e); throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); } } - @NotNull - private AuthProcessDataWrapper getAuthProcessData() { - return pendingReq.getSessionData(AuthProcessDataWrapper.class); + private SimpleEidasData getInitialEidasData() { + return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class); } - private void step9CreateNewErnpEntry(SimpleEidasData simpleEidasData) { - - //TODO can i get bpk from response? - ernpClient.createNewEntry(simpleEidasData); + private AuthProcessDataWrapper getAuthProcessDataWrapper() { + return pendingReq.getSessionData(AuthProcessDataWrapper.class); } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java index 56aaa2db..8c3cc994 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java @@ -53,6 +53,7 @@ public class GenerateOtherLoginMethodGuiTask extends AbstractAuthServletTask { @Autowired private ISpringMvcGuiFormBuilder guiBuilder; + @Autowired private IConfiguration basicConfig; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index 81035f6d..d7bec42b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -23,6 +23,7 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; @@ -55,10 +56,6 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_FULL_EIDAS_RESPONSE; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_INITIAL_REGISTER_RESULT; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_RESULT_MATCHING_BPK; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_SIMPLE_EIDAS; import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK; import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK; import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.eIDAS_ATTR_BIRTHNAME; @@ -72,6 +69,27 @@ import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.eIDAS_A /** * Task that searches registers (ERnP and ZMR) before adding person to SZR. + *

+ * Input: + *

    + *
  • {@link Constants#DATA_FULL_EIDAS_RESPONSE}
    • + *
+ * Output: + *
    + *
  • {@link Constants#DATA_SIMPLE_EIDAS} converted from Full eIDAS Response
    • + *
  • {@link Constants#DATA_INITIAL_REGISTER_RESULT} results from first search in registers with + * PersonIdentifier
    • + *
  • {@link Constants#DATA_FURTHER_REGISTER_RESULT} results after second search in registers with MDS
    • + *
  • {@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found
    • + *
+ *

+ * Transitions: + *

    + *
  • {@link CreateNewErnpEntryTask} if no results in registers where found for this user
    • + *
  • {@link GenerateOtherLoginMethodGuiTask} if search with MDS returns more than one match, user may provide + * alternative login methods to get an unique match
    • + *
  • {@link CreateIdentityLinkTask} if search in register returned one match, user is uniquely identified
    • + *
* * @author amarsalek * @author ckollmann @@ -102,11 +120,8 @@ public class InitialSearchTask extends AbstractAuthServletTask { throws TaskExecutionException { try { final SimpleEidasData eidasData = convertEidasAttrToSimpleData(); - storeSimpleEidasData(eidasData); + storeInitialEidasData(eidasData); step2RegisterSearchWithPersonIdentifier(executionContext, eidasData); - } catch (final TaskExecutionException e) { - log.error("Initial search failed", e); - throw e; } catch (final Exception e) { log.error("Initial search failed", e); throw new TaskExecutionException(pendingReq, "Initial search failed", e); @@ -117,52 +132,41 @@ public class InitialSearchTask extends AbstractAuthServletTask { ExecutionContext executionContext, SimpleEidasData eidasData) throws TaskExecutionException, EaafStorageException, ManualFixNecessaryException { log.trace("Starting step2RegisterSearchWithPersonIdentifier"); - String personIdentifier = eidasData.getPseudonym(); - MergedRegisterSearchResult registerData = registerSearchService.searchWithPersonIdentifier(eidasData); - storeInitialRegisterResult(registerData); - int resultCount = registerData.getResultCount(); + MergedRegisterSearchResult initialSearchResult = registerSearchService.searchWithPersonIdentifier(eidasData); + storeInitialRegisterResult(initialSearchResult); + int resultCount = initialSearchResult.getResultCount(); if (resultCount == 0) { - step5CheckAndPerformCountrySpecificSearchIfPossible(executionContext, registerData, eidasData); + step5CountrySpecificSearchCheck(executionContext, initialSearchResult, eidasData); } else if (resultCount == 1) { - step3CheckRegisterUpdateNecessary(registerData, eidasData); + step3CheckRegisterUpdateNecessary(initialSearchResult, eidasData); } else { - throw new ManualFixNecessaryException(personIdentifier); + throw new ManualFixNecessaryException(eidasData); } } - private void step3CheckRegisterUpdateNecessary(MergedRegisterSearchResult registerData, SimpleEidasData eidasData) + private void step3CheckRegisterUpdateNecessary( + MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidasData) throws ManualFixNecessaryException { log.trace("Starting step3CheckRegisterUpdateNecessary"); try { - if (eidasData.equalsRegisterData(registerData)) { - String bpk = registerData.getBpk(); - storeMatchingBpk(bpk); + if (eidasData.equalsRegisterData(initialSearchResult)) { + storeMatchingBpk(initialSearchResult.getBpk()); } else { - step4UpdateRegisterData(registerData, eidasData); + // TODO Update "initialSearchResult" in register with "eidasData" from login not possible for now + storeMatchingBpk(initialSearchResult.getBpk()); } } catch (WorkflowException | EaafStorageException e) { throw new ManualFixNecessaryException(eidasData); } } - private void step4UpdateRegisterData(MergedRegisterSearchResult registerData, SimpleEidasData eidasData) - throws WorkflowException, EaafStorageException { - log.trace("Starting step4UpdateRegisterData"); - log.debug("Update {} with {}", registerData, eidasData); - //TODO wann rechtlich möglich? - - String bpk = registerData.getBpk(); - storeMatchingBpk(bpk); - } - - private void step5CheckAndPerformCountrySpecificSearchIfPossible( - ExecutionContext executionContext, MergedRegisterSearchResult registerData, - SimpleEidasData eidasData) + private void step5CountrySpecificSearchCheck( + ExecutionContext executionContext, MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidasData) throws TaskExecutionException, ManualFixNecessaryException, EaafStorageException { log.trace("Starting step5CheckAndPerformCountrySpecificSearchIfPossible"); CountrySpecificDetailSearchProcessor specificHandler = findSpecificProcessor(eidasData); if (specificHandler != null) { - step6CountrySpecificSearch(executionContext, specificHandler, registerData, eidasData); + step6CountrySpecificSearch(executionContext, specificHandler, initialSearchResult, eidasData); } else { step8RegisterSearchWithMds(executionContext, eidasData); } @@ -182,7 +186,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { private void step6CountrySpecificSearch(ExecutionContext executionContext, CountrySpecificDetailSearchProcessor processor, - MergedRegisterSearchResult registerData, + MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidasData) throws TaskExecutionException, ManualFixNecessaryException, EaafStorageException { log.trace("Starting step6CountrySpecificSearch"); @@ -191,57 +195,51 @@ public class InitialSearchTask extends AbstractAuthServletTask { if (resultCount == 0) { step8RegisterSearchWithMds(executionContext, eidasData); } else if (resultCount == 1) { - step7aKittProcess(registerData, countrySearchResult, eidasData); + String bpk = registerSearchService + .step7aKittProcess(initialSearchResult, countrySearchResult, eidasData, pendingReq); + storeMatchingBpk(bpk); } else { throw new ManualFixNecessaryException(eidasData); } } - private void step7aKittProcess(MergedRegisterSearchResult registerData, - MergedRegisterSearchResult countrySpecificDetailSearchResult, - SimpleEidasData eidasData) - throws TaskExecutionException, EaafStorageException { - log.trace("Starting step7aKittProcess"); - String bpk = registerSearchService.step7aKittProcess(registerData, countrySpecificDetailSearchResult, - eidasData, pendingReq); - storeMatchingBpk(bpk); - } - private void step8RegisterSearchWithMds(ExecutionContext executionContext, SimpleEidasData eidasData) throws EaafStorageException { log.trace("Starting step8RegisterSearchWithMds"); MergedRegisterSearchResult registerData = registerSearchService.searchWithMds(eidasData); if (registerData.getResultCount() == 0) { - // TODO really the correct key to store data? - storeSimpleEidasData(eidasData); executionContext.put(TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK, true); } else { + storeFurtherRegisterResults(registerData); executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true); } } - private void storeSimpleEidasData(SimpleEidasData eidasData) throws EaafStorageException { - getAuthProcessData().setGenericDataToSession(DATA_SIMPLE_EIDAS, eidasData); + private void storeInitialRegisterResult(MergedRegisterSearchResult registerData) throws EaafStorageException { + getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_INITIAL_REGISTER_RESULT, registerData); } - private void storeInitialRegisterResult(MergedRegisterSearchResult registerData) throws EaafStorageException { - getAuthProcessData().setGenericDataToSession(DATA_INITIAL_REGISTER_RESULT, registerData); + private void storeFurtherRegisterResults(MergedRegisterSearchResult registerData) throws EaafStorageException { + getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_FURTHER_REGISTER_RESULT, registerData); + } + + private void storeInitialEidasData(SimpleEidasData eidasData) throws EaafStorageException { + getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidasData); } private void storeMatchingBpk(String bpk) throws EaafStorageException { - getAuthProcessData().setGenericDataToSession(DATA_RESULT_MATCHING_BPK, bpk); + getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); } - @NotNull - private AuthProcessDataWrapper getAuthProcessData() { + private AuthProcessDataWrapper getAuthProcessDataWrapper() { return pendingReq.getSessionData(AuthProcessDataWrapper.class); } @NotNull private SimpleEidasData convertEidasAttrToSimpleData() throws EidasAttributeException { - final ILightResponse eidasResponse = getAuthProcessData() - .getGenericDataFromSession(DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); + final ILightResponse eidasResponse = getAuthProcessDataWrapper() + .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); Map simpleMap = convertEidasAttrToSimpleMap(eidasResponse.getAttributes().getAttributeMap()); return convertSimpleMapToSimpleData(simpleMap); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java index d565c329..6d050dc1 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java @@ -31,6 +31,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNeces import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; @@ -46,12 +47,26 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.Enumeration; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_INITIAL_REGISTER_RESULT; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_SIMPLE_EIDAS; /** * Task receives the response of {@link GenerateAustrianResidenceGuiTask} and handles it. * This corresponds to Steps 17B, 18, 19 in the eIDAS Matching Concept. + *

+ * Input: + *

    + *
  • {@link Constants#DATA_SIMPLE_EIDAS} initial login data from user
    • + *
  • {@link Constants#DATA_INITIAL_REGISTER_RESULT} results from search in registers with personIdentifier
    • + *
+ * Output: + *
    + *
  • {@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found
    • + *
+ * Transitions: + *
    + *
  • {@link CreateNewErnpEntryTask}
    • if no results from search with residency data in registers + *
  • {@link CreateIdentityLinkTask}
    • if one exact match between initial register search (with MDS) and results + * from search with residency data in registers exists + *
* * @author amarsalek * @author ckollmann @@ -85,45 +100,68 @@ public class ReceiveAustrianResidenceGuiResponseTask extends AbstractAuthServlet throws TaskExecutionException { log.trace("Starting ReceiveAustrianResidenceGuiResponseTask"); UserInput input = parseHtmlInput(request); - if (input.isFormerResidenceAvailable()) { - if (input.getStreet().isEmpty() || input.getCity().isEmpty() || input.getZipcode().isEmpty()) { - // form should ensure that mandatory fields are field => this should never happen - throw new TaskExecutionException(pendingReq, "Invalid user input", new InvalidUserInputException()); - } - // TODO Also search with MDS? - MergedRegisterSearchResult result = registerSearchService + if (!input.isFormerResidenceAvailable()) { + moveToNextTask(executionContext); + return; + } + if (input.getStreet().isEmpty() || input.getCity().isEmpty() || input.getZipcode().isEmpty()) { + // HTML form should ensure that mandatory fields are set => this should never happen + throw new TaskExecutionException(pendingReq, "Invalid user input", new InvalidUserInputException()); + } + // TODO Also search with MDS? But MDS Search has already happened? + try { + SimpleEidasData eidasData = getInitialEidasData(); + MergedRegisterSearchResult residencyResult = registerSearchService .searchWithResidence(input.zipcode, input.city, input.street); - if (result.getResultCount() == 0) { + if (residencyResult.getResultCount() == 0) { moveToNextTask(executionContext); - return; - } else if (result.getResultCount() == 1) { - compareSearchResultWithInitialData(executionContext, result); + } else if (residencyResult.getResultCount() == 1) { + compareSearchResultWithInitialData(executionContext, residencyResult, eidasData); } else { - throw new TaskExecutionException(pendingReq, "Manual Fix necessary", new ManualFixNecessaryException("todo")); + throw new TaskExecutionException(pendingReq, + "Manual Fix necessary", new ManualFixNecessaryException(eidasData)); } - } else { - moveToNextTask(executionContext); + } catch (EaafStorageException e) { + log.error("Search with residency data failed", e); + throw new TaskExecutionException(pendingReq, "Search with residency data failed", e); } } - private void compareSearchResultWithInitialData(ExecutionContext executionContext, MergedRegisterSearchResult result) - throws TaskExecutionException { + private void compareSearchResultWithInitialData(ExecutionContext executionContext, + MergedRegisterSearchResult residencyResult, SimpleEidasData eidasData) + throws TaskExecutionException, EaafStorageException { try { - AuthProcessDataWrapper authProcessDataWrapper = pendingReq.getSessionData(AuthProcessDataWrapper.class); - MergedRegisterSearchResult initialSearchResult = authProcessDataWrapper - .getGenericDataFromSession(DATA_INITIAL_REGISTER_RESULT, MergedRegisterSearchResult.class); - SimpleEidasData simpleEidasData = authProcessDataWrapper - .getGenericDataFromSession(DATA_SIMPLE_EIDAS, SimpleEidasData.class); - if (simpleEidasData.equalsRegisterData(result)) { - registerSearchService.step7aKittProcess(initialSearchResult, result, simpleEidasData, pendingReq); + MergedRegisterSearchResult initialSearchResult = getInitialRegisterResult(); + // TODO search "residencyResult" in "initialSearchResult"!? + if (eidasData.equalsRegisterData(residencyResult)) { + String bpk = registerSearchService + .step7aKittProcess(initialSearchResult, residencyResult, eidasData, pendingReq); + storeMatchingBpk(bpk); } else { moveToNextTask(executionContext); } } catch (WorkflowException e) { - throw new TaskExecutionException(pendingReq, "Search failed", new ManualFixNecessaryException("todo")); + throw new TaskExecutionException(pendingReq, "Search failed", new ManualFixNecessaryException(eidasData)); } } + private SimpleEidasData getInitialEidasData() { + return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class); + } + + private MergedRegisterSearchResult getInitialRegisterResult() { + return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT, + MergedRegisterSearchResult.class); + } + + private void storeMatchingBpk(String bpk) throws EaafStorageException { + getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); + } + + private AuthProcessDataWrapper getAuthProcessDataWrapper() { + return pendingReq.getSessionData(AuthProcessDataWrapper.class); + } + private void moveToNextTask(ExecutionContext executionContext) { // Later on, this should transition to Step 20 executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK, true); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java index 8c7815be..57531493 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java @@ -37,6 +37,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchSe import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; @@ -73,15 +74,30 @@ import java.io.IOException; import java.util.List; import java.util.Set; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_INITIAL_REGISTER_RESULT; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_SIMPLE_EIDAS; import static at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING; /** * Task that receives the SAML2 response from ID Austria system. * This corresponds to Step 15 in the eIDAS Matching Concept. * + * Input: + *
    + *
  • {@link Constants#DATA_SIMPLE_EIDAS} initial login data from user
    • + *
  • {@link Constants#DATA_INITIAL_REGISTER_RESULT} results from search in registers with personIdentifier
    • + *
+ * Output: + *
    + *
  • {@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found
    • + *
+ * Transitions: + *
    + *
  • {@link GenerateAustrianResidenceGuiTask}
    • if no results in registers were found + *
  • {@link CreateIdentityLinkTask}
    • if one exact match between initial register search (with MDS) data and + * register search with MPS data exists + *
+ * * @author tlenz + * @author ckollmann */ @Slf4j @Component("ReceiveMobilePhoneSignatureResponseTask") @@ -108,6 +124,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet /** * Creates the new task, with autowired dependencies from Spring. */ + @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection") public ReceiveMobilePhoneSignatureResponseTask(SamlVerificationEngine samlVerificationEngine, RegisterSearchService registerSearchService, IdAustriaClientAuthCredentialProvider credentialProvider, @@ -146,22 +163,24 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet * */ - AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); - MergedRegisterSearchResult initialSearchResult = - authProcessData.getGenericDataFromSession(DATA_INITIAL_REGISTER_RESULT, MergedRegisterSearchResult.class); - SimpleEidasData eidasData = authProcessData.getGenericDataFromSession(DATA_SIMPLE_EIDAS, SimpleEidasData.class); - String bpkZp = extractBpkZp(extractor, authProcessData, eidasData); + MergedRegisterSearchResult initialSearchResult = getInitialRegisterResult(); + SimpleEidasData eidasData = getInitialEidasData(); + String bpkZp = extractBpkZp(extractor, eidasData); - MergedRegisterSearchResult result = registerSearchService.searchWithBpkZp(bpkZp); - if (result.getResultCount() == 0) { + // TODO Hier ist wohl keine Register-Suche notwendig, denn das ergibt sicher einen Treffer + // TODO Soll: In den Ergebnissen aus Step8 matchen! Ãœber BPK matchen, und dann schauen, ob zumindest + // Geburtsdatum passt + MergedRegisterSearchResult registerResult = registerSearchService.searchWithBpkZp(bpkZp); + if (registerResult.getResultCount() == 0) { executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); return; - } else if (result.getResultCount() == 1) { - String bpk = registerSearchService.step7aKittProcess(initialSearchResult, result, eidasData, pendingReq); - authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); + } else if (registerResult.getResultCount() == 1) { + String bpk = registerSearchService + .step7aKittProcess(initialSearchResult, registerResult, eidasData, pendingReq); + storeMatchingBpk(bpk); return; - } else if (result.getResultCount() > 1) { - throw new ManualFixNecessaryException("bpkZp: " + bpkZp); + } else if (registerResult.getResultCount() > 1) { + throw new ManualFixNecessaryException(eidasData); } // set NeedConsent to false, because user gives consent during authentication @@ -192,16 +211,31 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet } private String extractBpkZp(AssertionAttributeExtractor extractor, - AuthProcessDataWrapper authProcessData, SimpleEidasData eidasData) throws EaafBuilderException, InvalidUserInputException { - SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData); + SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor); if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) { - //TODO User has cheated? - throw new InvalidUserInputException(); + throw new InvalidUserInputException(); // user has cheated!? } return simpleMobileSignatureData.getBpk(); } + private SimpleEidasData getInitialEidasData() { + return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class); + } + + private MergedRegisterSearchResult getInitialRegisterResult() { + return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT, + MergedRegisterSearchResult.class); + } + + private void storeMatchingBpk(String bpk) throws EaafStorageException { + getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); + } + + private AuthProcessDataWrapper getAuthProcessDataWrapper() { + return pendingReq.getSessionData(AuthProcessDataWrapper.class); + } + @NotNull private InboundMessage decodeAndVerifyMessage(HttpServletRequest request, HttpServletResponse response, IDecoder decoder, EaafUriCompare comparator) throws Exception { @@ -303,8 +337,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet return null; } - private SimpleMobileSignatureData getAuthDataFromInterfederation(AssertionAttributeExtractor extractor, - AuthProcessDataWrapper authProcessData) + private SimpleMobileSignatureData getAuthDataFromInterfederation(AssertionAttributeExtractor extractor) throws EaafBuilderException { List requiredAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES; SimpleMobileSignatureData result = new SimpleMobileSignatureData(); @@ -329,10 +362,10 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet result.setDateOfBirth(extractor.getSingleAttributeValue(attrName)); } if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) { - authProcessData.setQaaLevel(extractor.getSingleAttributeValue(attrName)); + getAuthProcessDataWrapper().setQaaLevel(extractor.getSingleAttributeValue(attrName)); } } - authProcessData.setIssueInstant(extractor.getAssertionIssuingDate()); + getAuthProcessDataWrapper().setIssueInstant(extractor.getAssertionIssuingDate()); return result; } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java index 12eb7a83..b3c994c9 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java @@ -41,6 +41,21 @@ import java.util.Enumeration; * Handles user's selection from {@link GenerateOtherLoginMethodGuiTask}. * This corresponds to Steps 10, 14, 16 in the eIDAS Matching Concept. * + * Input: + *
    + *
  • {@link Constants#DATA_SIMPLE_EIDAS} initial login data from user
    • + *
  • {@link Constants#DATA_INITIAL_REGISTER_RESULT} results from search in registers with personIdentifier
    • + *
+ * Output: + *
    + *
  • {@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found
    • + *
+ * Transitions: + *
    + *
  • {@link GenerateMobilePhoneSignatureRequestTask}
    • if selected by user + *
  • {@link GenerateAustrianResidenceGuiTask}
    • if selected by user + *
+ * * @author amarsalek * @author ckollmann */ diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index f60bb5f9..369af4c4 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -44,37 +44,39 @@ + - - - + - + + + conditionExpression="ctx['TASK_GenerateAustrianResidenceGuiTask']" /> + - - - + conditionExpression="ctx['TASK_CreateNewErnpEntryTask']"/> + -- cgit v1.2.3 From 9f0fa316c8f7adeb3529cb4c3b2c553f085f7d95 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 15 Jun 2021 12:14:51 +0200 Subject: add ZMR client, to some re-factoring, and a lot of bug-fixing --- .../src/main/resources/application.properties | 14 + .../properties/status_messages_en.properties | 5 +- .../connector/test/FullStartUpAndProcessTest.java | 69 +- .../ProcessEngineSignalControllerTest.java | 2 +- .../config/junit_config_1_springboot.properties | 12 + .../config/junit_config_2_springboot.properties | 12 + .../checks/spotbugs-exclude.xml | 7 + eidas_modules/authmodule-eIDAS-v2/pom.xml | 8 +- .../specific/modules/auth/eidas/v2/Constants.java | 64 +- .../auth/eidas/v2/clients/AbstractSoapClient.java | 197 +++++ .../auth/eidas/v2/clients/szr/SzrClient.java | 469 ++++++++++ .../auth/eidas/v2/clients/szr/SzrService.java | 164 ++++ .../auth/eidas/v2/clients/zmr/IZmrClient.java | 89 ++ .../auth/eidas/v2/clients/zmr/ZmrSoapClient.java | 560 ++++++++++++ .../eidas/v2/dao/MergedRegisterSearchResult.java | 75 -- .../modules/auth/eidas/v2/dao/RegisterResult.java | 67 +- .../modules/auth/eidas/v2/dao/SimpleEidasData.java | 28 +- .../eidas/v2/dao/SimpleMobileSignatureData.java | 4 +- .../auth/eidas/v2/ernp/DummyErnpClient.java | 9 +- .../modules/auth/eidas/v2/ernp/IErnpClient.java | 4 +- .../v2/exception/InvalidUserInputException.java | 5 +- .../v2/exception/ManualFixNecessaryException.java | 10 +- .../auth/eidas/v2/exception/WorkflowException.java | 65 +- .../v2/exception/ZmrCommunicationException.java | 38 + .../eidas/v2/handler/AbstractEidProcessor.java | 17 +- .../CountrySpecificDetailSearchProcessor.java | 15 +- .../handler/DeSpecificDetailSearchProcessor.java | 41 +- .../handler/ItSpecificDetailSearchProcessor.java | 30 +- .../eidas/v2/service/RegisterSearchService.java | 328 +++++-- .../modules/auth/eidas/v2/szr/SzrClient.java | 601 ------------- .../modules/auth/eidas/v2/szr/SzrService.java | 164 ---- .../eidas/v2/tasks/CreateIdentityLinkTask.java | 57 +- .../eidas/v2/tasks/CreateNewErnpEntryTask.java | 25 +- .../auth/eidas/v2/tasks/InitialSearchTask.java | 229 +++-- .../ReceiveAustrianResidenceGuiResponseTask.java | 104 ++- .../ReceiveMobilePhoneSignatureResponseTask.java | 159 ++-- .../ReceiveOtherLoginMethodGuiResponseTask.java | 30 +- .../auth/eidas/v2/utils/EidasResponseUtils.java | 46 +- .../auth/eidas/v2/utils/MatchingTaskUtils.java | 88 ++ .../modules/auth/eidas/v2/utils/VersionHolder.java | 40 + .../modules/auth/eidas/v2/zmr/DummyZmrClient.java | 50 +- .../modules/auth/eidas/v2/zmr/IZmrClient.java | 48 -- .../resources/eIDAS.Authentication.process.xml | 100 +-- .../src/main/resources/eidas_v2_auth.beans.xml | 14 +- .../messages/eidas_connector_message.properties | 12 + .../src/main/resources/szr_client/SZR-1.1.WSDL | 939 --------------------- .../src/main/resources/szr_client/SZR-1.WSDL | 901 -------------------- .../src/main/resources/szr_client/SZR_v4.0.wsdl | 441 ---------- .../src/main/resources/szr_client/pvp1.xsd | 133 --- .../src/main/resources/szr_client/pvp19.xsd | 133 --- .../src/main/resources/szr_client/szr.xsd | 388 --------- .../src/main/resources/szr_client/szr_ecdsa.xsd | 30 - .../main/resources/szr_client/szr_persondata.xsd | 54 -- .../src/main/resources/szr_client/szr_pvp_sec.xsd | 10 - .../main/resources/szr_client/szr_v4.0-schemas.xml | 54 -- .../main/resources/szr_client/szr_v4.0-wsdl.xml | 10 - .../src/main/resources/szr_client/szr_v4.0.xsd | 443 ---------- .../src/main/resources/szr_client/szr_xmldsig.xsd | 31 - .../main/resources/wsdl/szr_client/SZR-1.1.WSDL | 939 +++++++++++++++++++++ .../src/main/resources/wsdl/szr_client/SZR-1.WSDL | 901 ++++++++++++++++++++ .../main/resources/wsdl/szr_client/SZR_v4.0.wsdl | 441 ++++++++++ .../src/main/resources/wsdl/szr_client/pvp1.xsd | 133 +++ .../src/main/resources/wsdl/szr_client/pvp19.xsd | 133 +++ .../src/main/resources/wsdl/szr_client/szr.xsd | 388 +++++++++ .../main/resources/wsdl/szr_client/szr_ecdsa.xsd | 30 + .../resources/wsdl/szr_client/szr_persondata.xsd | 54 ++ .../main/resources/wsdl/szr_client/szr_pvp_sec.xsd | 10 + .../resources/wsdl/szr_client/szr_v4.0-schemas.xml | 54 ++ .../resources/wsdl/szr_client/szr_v4.0-wsdl.xml | 10 + .../main/resources/wsdl/szr_client/szr_v4.0.xsd | 443 ++++++++++ .../main/resources/wsdl/szr_client/szr_xmldsig.xsd | 31 + .../resources/wsdl/zmr_client/testxml/soapenv.xsd | 125 +++ .../ablaufendeauskunftssperrenrequest.xml | 22 + .../ablaufendeauskunftssperrenresponse.xml | 194 +++++ .../ablaufendeauskunfssperren/blaetternrequest.xml | 27 + .../blaetternresponse.xml | 195 +++++ .../testxml/zmr/adoption/adoptionrequest.xml | 32 + .../testxml/zmr/adoption/adoptionresponse.xml | 82 ++ .../testxml/zmr/adresssuche/adresssucherequest.xml | 32 + .../zmr/adresssuche/adresssucheresponse.xml | 81 ++ .../behoerdenabfragerequestStufe1.xml | 33 + .../behoerdenabfragerequestStufe2.xml | 27 + .../behoerdenabfrageresponseStufe1.xml | 76 ++ .../behoerdenabfrageresponseStufe2.xml | 200 +++++ .../bestandsaenderungenrequest.xml | 26 + .../bestandsaenderungenresponse.xml | 83 ++ .../testxml/zmr/bpabfrage/bpabfragerequest.xml | 31 + .../testxml/zmr/bpabfrage/bpabfrageresponse.xml | 68 ++ .../zmr/datenabgleich/datenabgleichrequest.xml | 26 + .../zmr/datenabgleich/datenabgleichresponse.xml | 91 ++ .../zmr/fremdenabfrage/fremdenabfragerequest.xml | 31 + .../zmr/fremdenabfrage/fremdenabfrageresponse.xml | 45 + .../gisadressabfrage/gisadressabfragerequest1.xml | 30 + .../gisadressabfrage/gisadressabfragerequest2.xml | 23 + .../gisadressabfrage/gisadressabfrageresponse1.xml | 50 ++ .../gisadressabfrage/gisadressabfrageresponse2.xml | 91 ++ .../hauseigentuemerabfragerequest.xml | 35 + .../hauseigentuemerabfrageresponse.xml | 213 +++++ .../zmr/meldeauskunft/meldeauskunftrequest.xml | 44 + .../zmr/meldeauskunft/meldeauskunftresponse.xml | 75 ++ .../meldebestaetigung/meldebestaetigungrequest.xml | 26 + .../meldebestaetigungresponse.xml | 72 ++ .../zmr/militaerbehoerden/blaetternrequest.xml | 27 + .../wehrpflichtigeAbfragenRequst.xml | 31 + .../zmr_client/testxml/zmr/natuerlicheperson.xml | 30 + .../zmr/personaendern/personaendernrequest1.xml | 40 + .../zmr/personaendern/personaendernrequest2.xml | 42 + .../zmr/personaendern/personaendernresponse1.xml | 85 ++ .../zmr/personaendern/personaendernresponse2.xml | 110 +++ .../zmr/personanlegen/personanlegenrequest.xml | 56 ++ .../zmr/personanlegen/personanlegenresponse.xml | 118 +++ .../zmr/personenabfrage/blaetternrequest.xml | 27 + .../zmr/personenabfrage/blaetternresponse.xml | 210 +++++ .../personenabfragedruckrequest.xml | 23 + .../personenabfragedruckresponse.xml | 51 ++ .../zmr/personenabfrage/personenabfragerequest.xml | 37 + .../personenabfrage/personenabfrageresponse.xml | 209 +++++ .../testxml/zmr/personensuche/blaetternrequest.xml | 27 + .../zmr/personensuche/blaetternresponse.xml | 210 +++++ .../zmr/personensuche/personensucherequest.xml | 37 + .../zmr/personensuche/personensucheresponse.xml | 209 +++++ .../zmr/persontrennen/persontrennenrequest.xml | 37 + .../persontrennen/persontrennensucherequest.xml | 21 + .../personzusammenfuehrenrequest.xml | 37 + .../personzusammenfuehrensucherequest.xml | 22 + .../wohnsitzabmelden/wohnsitzabmeldenrequest.xml | 40 + .../wohnsitzabmelden/wohnsitzabmeldenresponse.xml | 77 ++ .../wohnsitzanmelden/wohnsitzanmeldenrequest.xml | 48 ++ .../wohnsitzanmelden/wohnsitzanmeldenresponse.xml | 79 ++ .../wohnsitzummelden/wohnsitzummeldenrequest.xml | 60 ++ .../wohnsitzummelden/wohnsitzummeldenresponse.xml | 124 +++ .../zuzugsbestaetigungrequest.xml | 25 + .../zuzugsbestaetigungresponse.xml | 64 ++ .../resources/wsdl/zmr_client/wsdl/Messages.xsd | 215 +++++ .../resources/wsdl/zmr_client/wsdl/Service.wsdl | 62 ++ .../main/resources/wsdl/zmr_client/wsdl/secext.xsd | 150 ++++ .../resources/wsdl/zmr_client/wsdl/secext_pvp.xsd | 152 ++++ .../wsdl/zmr_client/xsd/allgemein/Auswertungen.xsd | 200 +++++ .../zmr_client/xsd/allgemein/BasTabelleAbfrage.xsd | 176 ++++ .../xsd/allgemein/Benutzereinstellungen.xsd | 102 +++ .../xsd/allgemein/GeschaeftsprozesseAuflisten.xsd | 64 ++ .../wsdl/zmr_client/xsd/allgemein/Messages.xsd | 27 + .../xsd/allgemein/Organisationseinstellungen.xsd | 151 ++++ .../wsdl/zmr_client/xsd/allgemein/Service.xsd | 40 + .../zmr_client/xsd/eingebunden/AbfrageMuster.xsd | 140 +++ .../xsd/eingebunden/AkademischerGradFelder.xsd | 61 ++ .../wsdl/zmr_client/xsd/eingebunden/Blaettern.xsd | 56 ++ .../zmr_client/xsd/eingebunden/DokumentFelder.xsd | 74 ++ .../xsd/eingebunden/EingebundenProxy.xsd | 28 + .../wsdl/zmr_client/xsd/eingebunden/Entity.xsd | 135 +++ .../zmr_client/xsd/eingebunden/InfoFachlich.xsd | 103 +++ .../zmr_client/xsd/eingebunden/InfoTechnisch.xsd | 103 +++ .../zmr_client/xsd/eingebunden/MeldungFelder.xsd | 283 +++++++ .../zmr_client/xsd/eingebunden/PersonDataZMR.xsd | 741 ++++++++++++++++ .../zmr_client/xsd/eingebunden/PersonExport.xsd | 107 +++ .../zmr_client/xsd/eingebunden/PersonFelder.xsd | 70 ++ .../zmr_client/xsd/eingebunden/Protokollierung.xsd | 496 +++++++++++ .../zmr_client/xsd/eingebunden/SimpleTypes.xsd | 173 ++++ .../zmr_client/xsd/eingebunden/W3C-XMLDSig.xsd | 274 ++++++ .../wsdl/zmr_client/xsd/eingebunden/Workflow.xsd | 200 +++++ .../xsd/eingebunden/gis-schnittstelle.xsd | 171 ++++ .../wsdl/zmr_client/xsd/eingebunden/pvp1.xsd | 174 ++++ .../wsdl/zmr_client/xsd/eingebunden/secext.xsd | 150 ++++ .../wsdl/zmr_client/xsd/eingebunden/soapenv.xsd | 129 +++ .../xsd/zmr/AblaufendeAuskunftssperrenSuche.xsd | 76 ++ .../resources/wsdl/zmr_client/xsd/zmr/Adoption.xsd | 63 ++ .../wsdl/zmr_client/xsd/zmr/Adresssuche.xsd | 128 +++ .../zmr_client/xsd/zmr/Anwendungsintegration.xsd | 97 +++ .../xsd/zmr/AnwendungsintegrationWiederholung.xsd | 117 +++ .../zmr_client/xsd/zmr/AuskunftssperreAendern.xsd | 55 ++ .../wsdl/zmr_client/xsd/zmr/AvisoAendern.xsd | 93 ++ .../wsdl/zmr_client/xsd/zmr/AvisoAnlegen.xsd | 60 ++ .../wsdl/zmr_client/xsd/zmr/AvisoFreigeben.xsd | 69 ++ .../wsdl/zmr_client/xsd/zmr/Avisosuche.xsd | 124 +++ .../wsdl/zmr_client/xsd/zmr/BKMeldeauskunft.xsd | 69 ++ .../wsdl/zmr_client/xsd/zmr/BPKPruefung.xsd | 76 ++ .../wsdl/zmr_client/xsd/zmr/Behoerdenabfrage.xsd | 126 +++ .../xsd/zmr/BehoerdenattributeAendern.xsd | 68 ++ .../zmr_client/xsd/zmr/Bestandsaenderungen.xsd | 140 +++ .../zmr_client/xsd/zmr/BusinesspartnerAnfrage.xsd | 131 +++ .../zmr_client/xsd/zmr/Businesspartnerabfrage.xsd | 94 +++ .../xsd/zmr/BusinesspartnerabfrageErweitert.xsd | 67 ++ .../wsdl/zmr_client/xsd/zmr/Datenabgleich.xsd | 280 ++++++ .../wsdl/zmr_client/xsd/zmr/ErnpAbfrage.xsd | 161 ++++ .../wsdl/zmr_client/xsd/zmr/Fremdenabfrage.xsd | 108 +++ .../wsdl/zmr_client/xsd/zmr/GISAdressabfrage.xsd | 79 ++ .../resources/wsdl/zmr_client/xsd/zmr/GISSuche.xsd | 74 ++ .../zmr_client/xsd/zmr/Gemeindeeinstellungen.xsd | 71 ++ .../xsd/zmr/Gerichtskommissaerabfrage.xsd | 93 ++ .../xsd/zmr/GleichsetzungstabelleWarten.xsd | 185 ++++ .../zmr_client/xsd/zmr/Hauseigentuemerabfrage.xsd | 117 +++ .../wsdl/zmr_client/xsd/zmr/IAPPersonenabfrage.xsd | 120 +++ .../wsdl/zmr_client/xsd/zmr/Meldeauskunft.xsd | 102 +++ .../wsdl/zmr_client/xsd/zmr/Meldebestaetigung.xsd | 127 +++ .../xsd/zmr/MeldebestaetigungenAnfordern.xsd | 55 ++ .../zmr_client/xsd/zmr/MeldungHistKorrigieren.xsd | 112 +++ .../wsdl/zmr_client/xsd/zmr/ORFGISAnforderung.xsd | 65 ++ .../xsd/zmr/ObjektsucheMindestsicherung.xsd | 88 ++ .../xsd/zmr/ObjektsucheSteuerfahndung.xsd | 91 ++ .../wsdl/zmr_client/xsd/zmr/PersonAendern.xsd | 78 ++ .../wsdl/zmr_client/xsd/zmr/PersonAnlegen.xsd | 67 ++ .../wsdl/zmr_client/xsd/zmr/PersonExport.xsd | 74 ++ .../wsdl/zmr_client/xsd/zmr/PersonKorrigieren.xsd | 74 ++ .../wsdl/zmr_client/xsd/zmr/PersonTrennen.xsd | 75 ++ .../zmr_client/xsd/zmr/PersonZusammenfuehren.xsd | 75 ++ .../wsdl/zmr_client/xsd/zmr/PersonenIndex.xsd | 73 ++ .../wsdl/zmr_client/xsd/zmr/Personenabfrage.xsd | 139 +++ .../wsdl/zmr_client/xsd/zmr/Personenlisten.xsd | 131 +++ .../wsdl/zmr_client/xsd/zmr/Personensuche.xsd | 255 ++++++ .../wsdl/zmr_client/xsd/zmr/QKZAuswertung.xsd | 82 ++ .../wsdl/zmr_client/xsd/zmr/QKZBearbeiten.xsd | 71 ++ .../wsdl/zmr_client/xsd/zmr/SZREinzelabfrage.xsd | 85 ++ .../wsdl/zmr_client/xsd/zmr/SZRPersonenbindung.xsd | 84 ++ .../wsdl/zmr_client/xsd/zmr/SZRPersonensuche.xsd | 75 ++ .../wsdl/zmr_client/xsd/zmr/SZRSammelabfrage.xsd | 54 ++ .../wsdl/zmr_client/xsd/zmr/Sperrliste.xsd | 129 +++ .../resources/wsdl/zmr_client/xsd/zmr/Storno.xsd | 146 ++++ .../wsdl/zmr_client/xsd/zmr/SzrAbfrage.xsd | 59 ++ .../wsdl/zmr_client/xsd/zmr/TechnischeAnsicht.xsd | 132 +++ .../zmr_client/xsd/zmr/Ummeldeserviceabfrage.xsd | 79 ++ .../zmr_client/xsd/zmr/WehrpflichtigeAbfragen.xsd | 99 +++ .../wsdl/zmr_client/xsd/zmr/WohnsitzAbmelden.xsd | 68 ++ .../wsdl/zmr_client/xsd/zmr/WohnsitzAnmelden.xsd | 68 ++ .../zmr_client/xsd/zmr/WohnsitzKorrigieren.xsd | 73 ++ .../wsdl/zmr_client/xsd/zmr/WohnsitzUmmelden.xsd | 126 +++ .../wsdl/zmr_client/xsd/zmr/ZMRDatenauszug.xsd | 32 + .../resources/wsdl/zmr_client/xsd/zmr/ZMRProxy.xsd | 96 +++ .../wsdl/zmr_client/xsd/zmr/ZmrBuergerService.xsd | 373 ++++++++ .../wsdl/zmr_client/xsd/zmr/Zuzugsbestaetigung.xsd | 105 +++ .../xsd/zmr/entities/AkademischerGrad.xsd | 84 ++ .../xsd/zmr/entities/Auskunftssperre.xsd | 95 +++ .../wsdl/zmr_client/xsd/zmr/entities/Aviso.xsd | 176 ++++ .../xsd/zmr/entities/Behoerdenattribute.xsd | 67 ++ .../zmr_client/xsd/zmr/entities/ERnPAnschrift.xsd | 73 ++ .../zmr_client/xsd/zmr/entities/ERnPPerson.xsd | 114 +++ .../xsd/zmr/entities/EidasIdentitaet.xsd | 106 +++ .../xsd/zmr/entities/EidasIdentitaet.xsd.svntmp | 106 +++ .../wsdl/zmr_client/xsd/zmr/entities/Meldung.xsd | 189 +++++ .../wsdl/zmr_client/xsd/zmr/entities/Person.xsd | 233 +++++ .../xsd/zmr/entities/Qualifikationskennzeichen.xsd | 75 ++ .../zmr_client/xsd/zmr/entities/Reisedokument.xsd | 82 ++ .../xsd/zmr/entities/Staatsangehoerigkeit.xsd | 73 ++ .../xsd/zmr/entities/Standarddokument.xsd | 74 ++ .../modules/auth/eidas/v2/test/SzrClientTest.java | 2 +- .../eidas/v2/test/SzrClientTestProduction.java | 2 +- .../eidas/v2/test/tasks/InitialSearchTaskTest.java | 505 ++++++----- ...eceiveAustrianResidenceGuiResponseTaskTest.java | 142 +++- ...eceiveMobilePhoneSignatureResponseTaskTest.java | 158 ++-- .../resources/config/junit_config_1.properties | 7 + .../config/junit_config_1_springboot.properties | 13 + .../resources/config/junit_config_2.properties | 6 + .../resources/config/junit_config_3.properties | 6 + .../resources/config/junit_config_4.properties | 6 + .../config/junit_config_de_attributes.properties | 6 + 254 files changed, 24415 insertions(+), 5358 deletions(-) create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/AbstractSoapClient.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrClient.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrService.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/IZmrClient.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ZmrCommunicationException.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrService.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/MatchingTaskUtils.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/VersionHolder.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR-1.1.WSDL delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR-1.WSDL delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR_v4.0.wsdl delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp1.xsd delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp19.xsd delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr.xsd delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_ecdsa.xsd delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_persondata.xsd delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_pvp_sec.xsd delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-schemas.xml delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-wsdl.xml delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0.xsd delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_xmldsig.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/SZR-1.1.WSDL create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/SZR-1.WSDL create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/SZR_v4.0.wsdl create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/pvp1.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/pvp19.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_ecdsa.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_persondata.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_pvp_sec.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_v4.0-schemas.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_v4.0-wsdl.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_v4.0.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_xmldsig.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/soapenv.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/ablaufendeauskunfssperren/ablaufendeauskunftssperrenrequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/ablaufendeauskunfssperren/ablaufendeauskunftssperrenresponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/ablaufendeauskunfssperren/blaetternrequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/ablaufendeauskunfssperren/blaetternresponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/adoption/adoptionrequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/adoption/adoptionresponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/adresssuche/adresssucherequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/adresssuche/adresssucheresponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/behoerdenabfrage/behoerdenabfragerequestStufe1.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/behoerdenabfrage/behoerdenabfragerequestStufe2.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/behoerdenabfrage/behoerdenabfrageresponseStufe1.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/behoerdenabfrage/behoerdenabfrageresponseStufe2.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/bestandsaenderungen/bestandsaenderungenrequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/bestandsaenderungen/bestandsaenderungenresponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/bpabfrage/bpabfragerequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/bpabfrage/bpabfrageresponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/datenabgleich/datenabgleichrequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/datenabgleich/datenabgleichresponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/fremdenabfrage/fremdenabfragerequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/fremdenabfrage/fremdenabfrageresponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/gisadressabfrage/gisadressabfragerequest1.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/gisadressabfrage/gisadressabfragerequest2.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/gisadressabfrage/gisadressabfrageresponse1.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/gisadressabfrage/gisadressabfrageresponse2.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/hauseigentuemerabfrage/hauseigentuemerabfragerequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/hauseigentuemerabfrage/hauseigentuemerabfrageresponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/meldeauskunft/meldeauskunftrequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/meldeauskunft/meldeauskunftresponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/meldebestaetigung/meldebestaetigungrequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/meldebestaetigung/meldebestaetigungresponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/militaerbehoerden/blaetternrequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/militaerbehoerden/wehrpflichtigeAbfragenRequst.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/natuerlicheperson.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personaendern/personaendernrequest1.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personaendern/personaendernrequest2.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personaendern/personaendernresponse1.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personaendern/personaendernresponse2.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personanlegen/personanlegenrequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personanlegen/personanlegenresponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/blaetternrequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/blaetternresponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/personenabfragedruckrequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/personenabfragedruckresponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/personenabfragerequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/personenabfrageresponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personensuche/blaetternrequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personensuche/blaetternresponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personensuche/personensucherequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personensuche/personensucheresponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/persontrennen/persontrennenrequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/persontrennen/persontrennensucherequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personzusammenfuehren/personzusammenfuehrenrequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personzusammenfuehren/personzusammenfuehrensucherequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzabmelden/wohnsitzabmeldenrequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzabmelden/wohnsitzabmeldenresponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzanmelden/wohnsitzanmeldenrequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzanmelden/wohnsitzanmeldenresponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzummelden/wohnsitzummeldenrequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzummelden/wohnsitzummeldenresponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/zuzugsbestaetigung/zuzugsbestaetigungrequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/zuzugsbestaetigung/zuzugsbestaetigungresponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/wsdl/Messages.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/wsdl/Service.wsdl create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/wsdl/secext.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/wsdl/secext_pvp.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/Auswertungen.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/BasTabelleAbfrage.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/Benutzereinstellungen.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/GeschaeftsprozesseAuflisten.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/Messages.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/Organisationseinstellungen.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/Service.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/AbfrageMuster.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/AkademischerGradFelder.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/Blaettern.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/DokumentFelder.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/EingebundenProxy.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/Entity.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/InfoFachlich.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/InfoTechnisch.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/MeldungFelder.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/PersonDataZMR.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/PersonExport.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/PersonFelder.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/Protokollierung.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/SimpleTypes.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/W3C-XMLDSig.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/Workflow.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/gis-schnittstelle.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/pvp1.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/secext.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/soapenv.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AblaufendeAuskunftssperrenSuche.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Adoption.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Adresssuche.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Anwendungsintegration.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AnwendungsintegrationWiederholung.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AuskunftssperreAendern.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AvisoAendern.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AvisoAnlegen.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AvisoFreigeben.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Avisosuche.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/BKMeldeauskunft.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/BPKPruefung.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Behoerdenabfrage.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/BehoerdenattributeAendern.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Bestandsaenderungen.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/BusinesspartnerAnfrage.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Businesspartnerabfrage.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/BusinesspartnerabfrageErweitert.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Datenabgleich.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ErnpAbfrage.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Fremdenabfrage.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/GISAdressabfrage.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/GISSuche.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Gemeindeeinstellungen.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Gerichtskommissaerabfrage.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/GleichsetzungstabelleWarten.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Hauseigentuemerabfrage.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/IAPPersonenabfrage.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Meldeauskunft.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Meldebestaetigung.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/MeldebestaetigungenAnfordern.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/MeldungHistKorrigieren.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ORFGISAnforderung.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ObjektsucheMindestsicherung.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ObjektsucheSteuerfahndung.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonAendern.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonAnlegen.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonExport.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonKorrigieren.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonTrennen.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonZusammenfuehren.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonenIndex.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Personenabfrage.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Personenlisten.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Personensuche.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/QKZAuswertung.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/QKZBearbeiten.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/SZREinzelabfrage.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/SZRPersonenbindung.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/SZRPersonensuche.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/SZRSammelabfrage.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Sperrliste.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Storno.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/SzrAbfrage.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/TechnischeAnsicht.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Ummeldeserviceabfrage.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/WehrpflichtigeAbfragen.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/WohnsitzAbmelden.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/WohnsitzAnmelden.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/WohnsitzKorrigieren.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/WohnsitzUmmelden.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ZMRDatenauszug.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ZMRProxy.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ZmrBuergerService.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Zuzugsbestaetigung.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/AkademischerGrad.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Auskunftssperre.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Aviso.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Behoerdenattribute.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/ERnPAnschrift.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/ERnPPerson.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/EidasIdentitaet.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/EidasIdentitaet.xsd.svntmp create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Meldung.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Person.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Qualifikationskennzeichen.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Reisedokument.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Staatsangehoerigkeit.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Standarddokument.xsd (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index b13b6c18..e9c3afd1 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -82,6 +82,20 @@ eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject=false #eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s + +#### matching###### +# ZMR communication +#eidas.ms.auth.eIDAS.zmrclient.endpoint=http://localhost:1234/demozmr +#eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.type=jks +#eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.path=keys/junit.jks +#eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.password=password +#eidas.ms.auth.eIDAS.zmrclient.ssl.trustStore.path= +#eidas.ms.auth.eIDAS.zmrclient.ssl.trustStore.password= + +#eidas.ms.auth.eIDAS.zmrclient.req.organisation.behoerdennr=jUnit123456 + + + #Raw eIDAS Id data storage eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true diff --git a/connector/src/main/resources/properties/status_messages_en.properties b/connector/src/main/resources/properties/status_messages_en.properties index 9dcbe1a1..f07a8705 100644 --- a/connector/src/main/resources/properties/status_messages_en.properties +++ b/connector/src/main/resources/properties/status_messages_en.properties @@ -5,10 +5,7 @@ eidas.03=No CitizenCountry available. Can not start eIDAS authentication process eidas.04=Request contains no sessionToken. Authentication process stops eidas.05=Received eIDAS response-message is not valid. Reason: {0} eidas.06=LoA from eIDAS response-message {0} does not match to requested LoA -eidas.07=eIDAS Response attribute-validation FAILED. Attribute:{0} Reason: {1} -eidas.08=An unexpected error occurred. -eidas.09=An error occurred while loading your data from official registers. Please contact the support. -eidas.10=Invalid user input. +eidas.07=eIDAS Response attribute-validation FAILED. Attribute:{0} Reason: {1}. config.01=No configuration-file parameter found. Maybe Java SystemD parameter is missing diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java index 37a389b4..b4f39985 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java @@ -7,6 +7,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.lang.reflect.Field; +import java.math.BigInteger; import java.net.URISyntaxException; import java.util.Map; import java.util.Timer; @@ -60,6 +61,18 @@ import at.asitplus.eidas.specific.connector.test.saml2.Pvp2SProfileEndPointTest; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.gv.bmi.namespace.zmr_su.base._20040201.ResponseType; +import at.gv.bmi.namespace.zmr_su.base._20040201.WorkflowInfoServer; +import at.gv.bmi.namespace.zmr_su.base._20040201_.ServicePort; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.EidasIdentitaetErgebnisType; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.NatuerlichePersonErgebnisType; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.NatuerlichePersonErgebnisType.PersonenName; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonErgebnisSatzType; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonErgebnisType; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenResponse; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.Personendaten; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonensuchergebnisType; +import at.gv.e_government.reference.namespace.persondata.de._20040201.IdentificationType; import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.exceptions.EaafException; @@ -99,7 +112,7 @@ import szrservices.SignContentResponseType; @ActiveProfiles(profiles = {"JUNIT", "jUnitTestMode"}) public class FullStartUpAndProcessTest { - private static final String FINAL_REDIRECT = "http://localhost/finalizeAuthProtocol?pendingid="; + private static final String FINAL_REDIRECT = "http://localhost/public/secure/finalizeAuthProtocol?pendingid="; @Autowired private WebApplicationContext wac; @Autowired private PvpEndPointCredentialProvider credentialProvider; @@ -116,6 +129,7 @@ public class FullStartUpAndProcessTest { public final SoapServiceRule soap = SoapServiceRule.newInstance(); private SZR szrMock; + private ServicePort zmrClient; private String cc; private String givenName; @@ -186,7 +200,7 @@ public class FullStartUpAndProcessTest { } szrMock = soap.mock(SZR.class, "http://localhost:1234/demoszr"); - + zmrClient = soap.mock(ServicePort.class, "http://localhost:1234/demozmr"); cc = RandomStringUtils.randomAlphabetic(2).toUpperCase(); @@ -337,8 +351,9 @@ public class FullStartUpAndProcessTest { RequestContextHolder.resetRequestAttributes(); RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(eidasNodeRespReq, finalizeResp)); - injectSzrResponse(); - + injectZmrResponse(); + injectSzrResponse(); + //excute eIDAS node response eidasSignal.restoreEidasAuthProcess(eidasNodeRespReq, finalizeResp); @@ -405,6 +420,52 @@ public class FullStartUpAndProcessTest { when(szrMock.signContent(any(), any(), any())).thenReturn(signContentResp); } + + private void injectZmrResponse() throws Exception { + ResponseType resp = new ResponseType(); + + WorkflowInfoServer workflow = new WorkflowInfoServer(); + workflow.setProzessInstanzID(new BigInteger(RandomStringUtils.randomNumeric(10))); + resp.setWorkflowInfoServer(workflow); + + PersonSuchenResponse persRespObj = new PersonSuchenResponse(); + PersonensuchergebnisType searchResult = new PersonensuchergebnisType(); + PersonErgebnisSatzType personInfoObj = new PersonErgebnisSatzType(); + resp.setPersonSuchenResponse(persRespObj); + persRespObj.setPersonensuchergebnis(searchResult); + + searchResult.setGefundeneSaetzeERnP(0); + searchResult.setGefundeneSaetze(1); + searchResult.getPersonErgebnisSatz().add(personInfoObj); + + PersonErgebnisType personInfo = new PersonErgebnisType(); + Personendaten personDataObj = new Personendaten(); + personInfoObj.setPersonendaten(personDataObj); + personDataObj.getPersonErgebnis().add(personInfo); + + EidasIdentitaetErgebnisType eidasPersonalIdentifier = new EidasIdentitaetErgebnisType(); + personInfo.getEidasIdentitaet().add(eidasPersonalIdentifier); + eidasPersonalIdentifier.setDokumentNummer(personalId); + eidasPersonalIdentifier.setEidasArt(Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER); + eidasPersonalIdentifier.setStaatscode3(cc); + + NatuerlichePersonErgebnisType natInfo = new NatuerlichePersonErgebnisType(); + IdentificationType bpk = new IdentificationType(); + PersonenName natName = new PersonenName(); + natInfo.getIdentification().add(bpk); + natInfo.setPersonenName(natName); + personInfo.setNatuerlichePerson(natInfo); + + bpk.setType(EaafConstants.URN_PREFIX_CDID + "ZP"); + bpk.setValue(RandomStringUtils.randomAlphabetic(10)); + natInfo.setGeburtsdatum(dateOfBirth); + natName.setFamilienname(familyName); + natName.setVorname(givenName); + + when(zmrClient.service(any(), any())).thenReturn(resp); + + } + private String validateEidasNodeRequestAndBuildResponse(String eidasNodeReqToken) throws SpecificCommunicationException, URISyntaxException { diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java index d2c4aff2..546d2824 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java @@ -69,7 +69,7 @@ public class ProcessEngineSignalControllerTest { Assert.assertEquals("http StatusCode", 302, httpResp.getStatus()); Assert.assertNotNull("redirect header", httpResp.getHeaderValue("Location")); Assert.assertTrue("wrong redirect header", - httpResp.getHeader("Location").startsWith("http://localhost/errorHandling?errorid=")); + httpResp.getHeader("Location").startsWith("http://localhost//public/secure/errorHandling?errorid=")); } diff --git a/connector/src/test/resources/config/junit_config_1_springboot.properties b/connector/src/test/resources/config/junit_config_1_springboot.properties index fc0c7241..9e4ec415 100644 --- a/connector/src/test/resources/config/junit_config_1_springboot.properties +++ b/connector/src/test/resources/config/junit_config_1_springboot.properties @@ -43,6 +43,18 @@ eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false +#### matching###### +# ZMR communication +eidas.ms.auth.eIDAS.zmrclient.endpoint=http://localhost:1234/demozmr +eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.type=jks +eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.path=keys/junit.jks +eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.password=password +eidas.ms.auth.eIDAS.zmrclient.ssl.trustStore.path= +eidas.ms.auth.eIDAS.zmrclient.ssl.trustStore.password= + +eidas.ms.auth.eIDAS.zmrclient.req.organisation.behoerdennr=jUnit123456 + + ## PVP2 S-Profile end-point configuration eidas.ms.pvp2.keystore.type=jks diff --git a/connector/src/test/resources/config/junit_config_2_springboot.properties b/connector/src/test/resources/config/junit_config_2_springboot.properties index 4c2be39b..2300630f 100644 --- a/connector/src/test/resources/config/junit_config_2_springboot.properties +++ b/connector/src/test/resources/config/junit_config_2_springboot.properties @@ -43,6 +43,18 @@ eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false +#### matching###### +# ZMR communication +eidas.ms.auth.eIDAS.zmrclient.endpoint=http://localhost:1234/demozmr +eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.type=jks +eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.path=keys/junit.jks +eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.password=password +eidas.ms.auth.eIDAS.zmrclient.ssl.trustStore.path= +eidas.ms.auth.eIDAS.zmrclient.ssl.trustStore.password= + +eidas.ms.auth.eIDAS.zmrclient.req.organisation.behoerdennr=jUnit123456 + + ## PVP2 S-Profile end-point configuration eidas.ms.pvp2.keystore.type=jks diff --git a/eidas_modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml b/eidas_modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml index 82306a57..b60fe888 100644 --- a/eidas_modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml +++ b/eidas_modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml @@ -1,5 +1,12 @@ + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml index 1e5d6864..0477ee23 100644 --- a/eidas_modules/authmodule-eIDAS-v2/pom.xml +++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml @@ -264,7 +264,13 @@ ${project.build.directory}/generated/cxf - ${basedir}/src/main/resources/szr_client/SZR_v4.0.wsdl + ${basedir}/src/main/resources/wsdl/szr_client/SZR_v4.0.wsdl + + -verbose + + + + ${basedir}/src/main/resources/wsdl/zmr_client/wsdl/Service.wsdl -verbose diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 3a267d29..3e20a132 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -27,6 +27,9 @@ import at.gv.egiz.eaaf.core.api.data.EaafConstants; public class Constants { + //TODO: should we make it configurable? + public static final String MATCHING_INTERNAL_BPK_TARGET = EaafConstants.URN_PREFIX_CDID + "ZP"; + public static final String ERRORCODE_00 = "module.eidasauth.00"; public static final String DATA_REQUESTERID = "req_requesterId"; @@ -91,6 +94,42 @@ public class Constants { public static final String FORWARD_METHOD_POST = "POST"; public static final String FORWARD_METHOD_GET = "GET"; + // ZMR Client configuration properties + public static final String CONIG_PROPS_EIDAS_ZMRCLIENT = CONIG_PROPS_EIDAS_PREFIX + ".zmrclient"; + public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_ENDPOINT = CONIG_PROPS_EIDAS_ZMRCLIENT + + ".endpoint"; + public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_DEBUG_TRACEMESSAGES = CONIG_PROPS_EIDAS_ZMRCLIENT + + ".debug.logfullmessages"; + public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_TIMEOUT_CONNECTION = CONIG_PROPS_EIDAS_ZMRCLIENT + + ".timeout.connection"; + public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_TIMEOUT_RESPONSE = CONIG_PROPS_EIDAS_ZMRCLIENT + + ".timeout.response"; + public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYSTORE_PATH = CONIG_PROPS_EIDAS_ZMRCLIENT + + ".ssl.keyStore.path"; + public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYSTORE_PASSWORD = CONIG_PROPS_EIDAS_ZMRCLIENT + + ".ssl.keyStore.password"; + public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYSTORE_TYPE = CONIG_PROPS_EIDAS_ZMRCLIENT + + ".ssl.keyStore.type"; + public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYSTORE_NAME = CONIG_PROPS_EIDAS_ZMRCLIENT + + ".ssl.keyStore.name"; + public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYS_ALIAS = CONIG_PROPS_EIDAS_ZMRCLIENT + + ".ssl.key.alias"; + public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEY_PASSWORD = CONIG_PROPS_EIDAS_ZMRCLIENT + + ".ssl.key.password"; + public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_PATH = CONIG_PROPS_EIDAS_ZMRCLIENT + + ".ssl.trustStore.path"; + public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_PASSWORD = CONIG_PROPS_EIDAS_ZMRCLIENT + + ".ssl.trustStore.password"; + public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_TYPE = CONIG_PROPS_EIDAS_ZMRCLIENT + + ".ssl.trustStore.type"; + public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_NAME = CONIG_PROPS_EIDAS_ZMRCLIENT + + ".ssl.trustStore.name"; + + public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_REQ_ORGANIZATION_NR = CONIG_PROPS_EIDAS_ZMRCLIENT + + ".req.organisation.behoerdennr"; + + + // SZR Client configuration properties public static final String CONIG_PROPS_EIDAS_SZRCLIENT = CONIG_PROPS_EIDAS_PREFIX + ".szrclient"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE = CONIG_PROPS_EIDAS_SZRCLIENT + ".useTestService"; @@ -112,11 +151,23 @@ public class Constants { + ".ssl.keyStore.path"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PASSWORD = CONIG_PROPS_EIDAS_SZRCLIENT + ".ssl.keyStore.password"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_TYPE = CONIG_PROPS_EIDAS_SZRCLIENT + + ".ssl.keyStore.type"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_NAME = CONIG_PROPS_EIDAS_SZRCLIENT + + ".ssl.keyStore.name"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYS_ALIAS = CONIG_PROPS_EIDAS_SZRCLIENT + + ".ssl.key.alias"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEY_PASSWORD = CONIG_PROPS_EIDAS_SZRCLIENT + + ".ssl.key.password"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PATH = CONIG_PROPS_EIDAS_SZRCLIENT + ".ssl.trustStore.path"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PASSWORD = CONIG_PROPS_EIDAS_SZRCLIENT + ".ssl.trustStore.password"; - + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_TYPE = CONIG_PROPS_EIDAS_SZRCLIENT + + ".ssl.trustStore.type"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_NAME = CONIG_PROPS_EIDAS_SZRCLIENT + + ".ssl.trustStore.name"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE = CONIG_PROPS_EIDAS_SZRCLIENT + ".params.documenttype"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ = CONIG_PROPS_EIDAS_SZRCLIENT @@ -153,7 +204,7 @@ public class Constants { // eIDAS request parameters public static final String eIDAS_REQ_NAMEID_FORMAT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"; - // eIDAS attribute names + // eIDAS attribute names public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier"; public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth"; public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName"; @@ -166,6 +217,15 @@ public class Constants { public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier"; public static final String eIDAS_ATTR_LEGALNAME = "LegalName"; + + //eIDAS attribute URN + public static final String eIDAS_ATTRURN_PREFIX = "http://eidas.europa.eu/attributes/"; + public static final String eIDAS_ATTRURN_PREFIX_NATURAL = eIDAS_ATTRURN_PREFIX + "naturalperson/"; + + public static final String eIDAS_ATTRURN_PERSONALIDENTIFIER = + eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_PERSONALIDENTIFIER; + + public static final String eIDAS_REQ_PARAM_SECTOR_PUBLIC = "public"; public static final String eIDAS_REQ_PARAM_SECTOR_PRIVATE = "private"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/AbstractSoapClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/AbstractSoapClient.java new file mode 100644 index 00000000..bfdf3991 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/AbstractSoapClient.java @@ -0,0 +1,197 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.clients; + +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.net.ssl.SSLContext; +import javax.xml.ws.BindingProvider; +import javax.xml.ws.handler.Handler; + +import org.apache.commons.lang3.StringUtils; +import org.apache.cxf.configuration.jsse.TLSClientParameters; +import org.apache.cxf.endpoint.Client; +import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.jaxws.DispatchImpl; +import org.apache.cxf.transport.http.HTTPConduit; +import org.apache.cxf.transports.http.configuration.HTTPClientPolicy; +import org.apache.http.ssl.SSLContextBuilder; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.lang.Nullable; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.LoggingHandler; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.http.HttpUtils; +import lombok.Builder; +import lombok.Getter; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class AbstractSoapClient { + + @Autowired + protected IConfiguration basicConfig; + @Autowired + EaafKeyStoreFactory keyStoreFactory; + + @Builder + @Getter + public static class HttpClientConfig { + + private final String clientName; + + private final String clientUrl; + private final String clientType; + + private final String connectionTimeout; + private final String responseTimeout; + + private final KeyStoreConfiguration keyStoreConfig; + private final String keyAlias; + private final String keyPassword; + + private final KeyStoreConfiguration trustStoreConfig; + + @Builder.Default + private final boolean trustAll = false; + + } + + /** + * Build a validated KeyStore Configuration-Object from configuration keys. + * + * @param keyStoreTypeKey Configuration key for type + * @param keyStorePathKey Configuration key for path + * @param keyStorePasswordKey Configuration key for password + * @param keyStoreNameKey Configuration key for name + * @param friendlyName Friendlyname for logging and errorhandling + * @return Valid KeyStore configuration or null if no type was + * defined + * @throws EaafConfigurationException In case of validation error + */ + @Nullable + protected KeyStoreConfiguration buildKeyStoreConfiguration(String keyStoreTypeKey, String keyStorePathKey, + String keyStorePasswordKey, String keyStoreNameKey, String friendlyName) + throws EaafConfigurationException { + if (StringUtils.isNotEmpty(basicConfig.getBasicConfiguration(keyStoreTypeKey))) { + final KeyStoreConfiguration config = new KeyStoreConfiguration(); + config.setFriendlyName(friendlyName); + config.setKeyStoreType(basicConfig.getBasicConfiguration(keyStoreTypeKey, KeyStoreType.PKCS12.name())); + config.setKeyStoreName(basicConfig.getBasicConfiguration(keyStoreNameKey)); + config.setSoftKeyStoreFilePath(basicConfig.getBasicConfiguration(keyStorePathKey)); + config.setSoftKeyStorePassword(basicConfig.getBasicConfiguration(keyStorePasswordKey)); + + // validate keystore configuration + config.validate(); + + return config; + + } else { + return null; + + } + + } + + protected void injectHttpClient(Object raw, HttpClientConfig config) { + // extract client from implementation + Client client; + if (raw instanceof DispatchImpl) { + client = ((DispatchImpl) raw).getClient(); + } else if (raw instanceof Client) { + client = ClientProxy.getClient(raw); + } else { + throw new RuntimeException("SOAP Client for SZR connection is of UNSUPPORTED type: " + raw.getClass() + .getName()); + } + + // set basic connection policies + final HTTPConduit http = (HTTPConduit) client.getConduit(); + + // set timeout policy + final HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); + httpClientPolicy.setConnectionTimeout(Integer.parseInt(config.getConnectionTimeout()) * 1000L); + httpClientPolicy.setReceiveTimeout(Integer.parseInt(config.getResponseTimeout()) * 1000L); + http.setClient(httpClientPolicy); + + // inject SSL context in case of https + if (config.getClientUrl().toLowerCase().startsWith("https")) { + try { + log.debug("Adding SSLContext to client: " + config.getClientType() + " ... "); + + final TLSClientParameters tlsParams = new TLSClientParameters(); + if (config.getKeyStoreConfig() != null) { + final SSLContext sslContext = HttpUtils.buildSslContextWithSslClientAuthentication( + keyStoreFactory.buildNewKeyStore(config.getKeyStoreConfig()), + config.getKeyAlias(), + config.getKeyPassword(), + loadTrustStore(config.getTrustStoreConfig(), config.getClientName()), + config.isTrustAll(), + config.getClientName()); + tlsParams.setSSLSocketFactory(sslContext.getSocketFactory()); + + } else { + log.debug( + "No KeyStore for SSL Client Auth. found. Initializing SSLContext for: {} without authentication ... ", + config.getClientName()); + tlsParams.setSSLSocketFactory(SSLContextBuilder.create().build().getSocketFactory()); + + } + + http.setTlsClientParameters(tlsParams); + log.info("SSLContext initialized for client: " + config.getClientType()); + + } catch (EaafException | KeyManagementException | NoSuchAlgorithmException e) { + log.error("SSLContext initialization FAILED.", e); + throw new RuntimeException("SSLContext initialization FAILED.", e); + + } + } + } + + private Pair loadTrustStore(KeyStoreConfiguration trustStoreConfig, String friendlyName) + throws EaafException { + if (trustStoreConfig != null) { + log.info("Build custom SSL truststore for: {}", friendlyName); + return keyStoreFactory.buildNewKeyStore(trustStoreConfig); + + } else { + log.info("Use default SSL truststore for: {}", friendlyName); + return null; + + } + + } + + protected void injectBindingProvider(BindingProvider bindingProvider, String clientType, String szrUrl, + boolean enableTraceLogging) { + final Map requestContext = bindingProvider.getRequestContext(); + requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, szrUrl); + + log.trace("Adding JAX-WS request/response trace handler to client: " + clientType); + List handlerList = bindingProvider.getBinding().getHandlerChain(); + if (handlerList == null) { + handlerList = new ArrayList<>(); + bindingProvider.getBinding().setHandlerChain(handlerList); + + } + + // add logging handler to trace messages if required + if (enableTraceLogging) { + final LoggingHandler loggingHandler = new LoggingHandler(); + handlerList.add(loggingHandler); + + } + bindingProvider.getBinding().setHandlerChain(handlerList); + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrClient.java new file mode 100644 index 00000000..2230f30a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrClient.java @@ -0,0 +1,469 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.net.URL; +import java.nio.charset.StandardCharsets; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.annotation.PostConstruct; +import javax.xml.XMLConstants; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.Marshaller; +import javax.xml.namespace.QName; +import javax.xml.transform.Source; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.stream.StreamResult; +import javax.xml.transform.stream.StreamSource; +import javax.xml.ws.BindingProvider; +import javax.xml.ws.Dispatch; + +import org.apache.commons.lang3.StringUtils; +import org.apache.xpath.XPathAPI; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Service; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.AbstractSoapClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.AbstractSoapClient.HttpClientConfig.HttpClientConfigBuilder; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; +import at.gv.e_government.reference.namespace.persondata._20020228.AlternativeNameType; +import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; +import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.XmlNamespaceConstants; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import szrservices.GetBPK; +import szrservices.GetBPKResponse; +import szrservices.GetIdentityLinkEidas; +import szrservices.GetIdentityLinkEidasResponse; +import szrservices.IdentityLinkType; +import szrservices.JwsHeaderParam; +import szrservices.ObjectFactory; +import szrservices.PersonInfoType; +import szrservices.SZR; +import szrservices.SZRException_Exception; +import szrservices.SignContent; +import szrservices.SignContentEntry; +import szrservices.SignContentResponseType; +import szrservices.TravelDocumentType; + + +@Service("SZRClientForeIDAS") +public class SzrClient extends AbstractSoapClient { + private static final Logger log = LoggerFactory.getLogger(SzrClient.class); + + private static final String CLIENT_DEFAULT = "DefaultClient"; + private static final String CLIENT_RAW = "RawClient"; + + private static final String ATTR_NAME_VSZ = "urn:eidgvat:attributes.vsz.value"; + private static final String ATTR_NAME_PUBKEYS = "urn:eidgvat:attributes.user.pubkeys"; + private static final String ATTR_NAME_STATUS = "urn:eidgvat:attributes.eid.status"; + private static final String KEY_BC_BIND = "bcBindReq"; + private static final String JOSE_HEADER_USERCERTPINNING_TYPE = "urn:at.gv.eid:bindtype"; + private static final String JOSE_HEADER_USERCERTPINNING_EIDASBIND = "urn:at.gv.eid:eidasBind"; + public static final String ATTR_NAME_MDS = "urn:eidgvat:mds"; + + // client for anything, without identitylink + private SZR szr = null; + + // RAW client is needed for identitylink + private Dispatch dispatch = null; + + final ObjectMapper mapper = new ObjectMapper(); + + /** + * Get IdentityLink of a person. + * + * + * @param eidData minimum dataset of person + * @return IdentityLink + * @throws SzrCommunicationException In case of a SZR error + */ + public IdentityLinkType getIdentityLinkInRawMode(SimpleEidasData eidData) + throws SzrCommunicationException { + try { + final GetIdentityLinkEidas getIdl = new GetIdentityLinkEidas(); + getIdl.setPersonInfo(generateSzrRequest(eidData)); + + final JAXBContext jaxbContext = JAXBContext.newInstance(ObjectFactory.class); + final Marshaller jaxbMarshaller = jaxbContext.createMarshaller(); + + final ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); + jaxbMarshaller.marshal(getIdl, outputStream); + outputStream.flush(); + + final Source source = new StreamSource(new ByteArrayInputStream(outputStream.toByteArray())); + outputStream.close(); + + log.trace("Requesting SZR ... "); + final Source response = dispatch.invoke(source); + log.trace("Receive RAW response from SZR"); + + final byte[] szrResponse = sourceToByteArray(response); + final GetIdentityLinkEidasResponse jaxbElement = (GetIdentityLinkEidasResponse) jaxbContext + .createUnmarshaller().unmarshal(new ByteArrayInputStream(szrResponse)); + + // build response + log.trace(new String(szrResponse, StandardCharsets.UTF_8)); + + // ok, we have success + final Document doc = DomUtils.parseDocument( + new ByteArrayInputStream(szrResponse), + true, + XmlNamespaceConstants.ALL_SCHEMA_LOCATIONS + " " + Constants.SZR_SCHEMA_LOCATIONS, + null, null); + final String xpathExpression = "//saml:Assertion"; + final Element nsNode = doc.createElementNS("urn:oasis:names:tc:SAML:1.0:assertion", "saml:NSNode"); + + log.trace("Selecting signed doc " + xpathExpression); + final Element documentNode = (Element) XPathAPI.selectSingleNode(doc, + xpathExpression, nsNode); + log.trace("Signed document: " + DomUtils.serializeNode(documentNode)); + + final IdentityLinkType idl = new IdentityLinkType(); + idl.setAssertion(documentNode); + idl.setPersonInfo(jaxbElement.getGetIdentityLinkReturn().getPersonInfo()); + + return idl; + + } catch (final Exception e) { + log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); + throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); + + } + + } + + /** + * Get bPK of person. + * + * + * @param eidData Minimum dataset of person + * @param target requested bPK target + * @param vkz Verfahrenskennzeichen + * @return bPK for this person + * @throws SzrCommunicationException In case of a SZR error + */ + public List getBpk(SimpleEidasData eidData, String target, String vkz) + throws SzrCommunicationException { + try { + final GetBPK parameters = new GetBPK(); + parameters.setPersonInfo(generateSzrRequest(eidData)); + parameters.getBereichsKennung().add(target); + parameters.setVKZ(vkz); + final GetBPKResponse result = this.szr.getBPK(parameters); + + return result.getGetBPKReturn(); + + } catch (final SZRException_Exception e) { + log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); + throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); + + } + + } + + /** + * Creates a new ERnP entry. + * TODO Is this correct? Ask BMI. + * + * @param eidasData Minimum dataset of person + * @return encrypted baseId + * @throws SzrCommunicationException In case of a SZR error + */ + public String createNewErnpEntry(final SimpleEidasData eidasData) throws SzrCommunicationException { + final String resp; + try { + resp = this.szr.getStammzahlEncrypted(generateSzrRequest(eidasData), true); + } catch (SZRException_Exception e) { + throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); + } + if (StringUtils.isEmpty(resp)) { + throw new SzrCommunicationException("ernb.01", new Object[]{"Stammzahl response empty"}); // TODO error handling + } + return resp; + } + + /** + * Request a encrypted baseId from SZR. + * + * Note: Previously, this method did create a new ERnP entry, if it did not exist. This is + * not the case any more. See {@link #createNewErnpEntry(SimpleEidasData)} for that functionality. + * + * @param eidData Minimum dataset of person + * @return encrypted baseId + * @throws SzrCommunicationException In case of a SZR error + */ + public String getEncryptedStammzahl(final SimpleEidasData eidData) + throws SzrCommunicationException { + final String resp; + try { + resp = this.szr.getStammzahlEncrypted(generateSzrRequest(eidData), false); + } catch (SZRException_Exception e) { + throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); + } + + if (StringUtils.isEmpty(resp)) { + throw new SzrCommunicationException("ernb.01", new Object[]{"Stammzahl response empty"}); // TODO error handling + } + + return resp; + + } + + /** + * Sign an eidasBind data-structure that combines vsz with user's pubKey and E-ID status. + * + * @param vsz encrypted baseId + * @param bindingPubKey binding PublicKey as PKCS1# (ASN.1) container + * @param eidStatus Status of the E-ID + * @param eidData eID information that was used for ERnP registration + * @return bPK for this person + * @throws SzrCommunicationException In case of a SZR error + */ + public String getEidasBind(final String vsz, final String bindingPubKey, final String eidStatus, + SimpleEidasData eidData)throws SzrCommunicationException { + + final Map eidsaBindMap = new HashMap<>(); + eidsaBindMap.put(ATTR_NAME_VSZ, vsz); + eidsaBindMap.put(ATTR_NAME_STATUS, eidStatus); + eidsaBindMap.put(ATTR_NAME_PUBKEYS, Collections.singletonList(bindingPubKey)); + eidsaBindMap.put(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, eidData.getCitizenCountryCode()); + injectMdsIfAvailableAndActive(eidsaBindMap, eidData); + + try { + final String serializedEidasBind = mapper.writeValueAsString(eidsaBindMap); + final SignContent req = new SignContent(); + final SignContentEntry eidasBindInfo = new SignContentEntry(); + eidasBindInfo.setKey(KEY_BC_BIND); + eidasBindInfo.setValue(serializedEidasBind); + req.getIn().add(eidasBindInfo); + req.setAppendCert(false); + final JwsHeaderParam eidasBindJoseHeader = new JwsHeaderParam(); + eidasBindJoseHeader.setKey(JOSE_HEADER_USERCERTPINNING_TYPE); + eidasBindJoseHeader.setValue(JOSE_HEADER_USERCERTPINNING_EIDASBIND); + req.getJWSHeaderParam().add(eidasBindJoseHeader); + + log.trace("Requesting SZR to sign bcBind datastructure ... "); + final SignContentResponseType resp = szr.signContent(req.isAppendCert(), req.getJWSHeaderParam(), req.getIn()); + log.trace("Receive SZR response on bcBind siging operation "); + + if (resp == null || resp.getOut() == null + || resp.getOut().isEmpty() + || StringUtils.isEmpty(resp.getOut().get(0).getValue())) { + throw new SzrCommunicationException("ernb.01", new Object[]{"BcBind response empty"}); + } + + return resp.getOut().get(0).getValue(); + + } catch (final JsonProcessingException | SZRException_Exception e) { + log.warn("Requesting bcBind by using SZR FAILED.", e); + throw new SzrCommunicationException("ernb.02", + new Object[]{e.getMessage()}, e); + } + } + + private PersonInfoType generateSzrRequest(SimpleEidasData eidData) { + log.debug("Starting connecting SZR Gateway"); + final PersonInfoType personInfo = new PersonInfoType(); + final PersonNameType personName = new PersonNameType(); + final PhysicalPersonType naturalPerson = new PhysicalPersonType(); + final TravelDocumentType eDocument = new TravelDocumentType(); + + naturalPerson.setName(personName); + personInfo.setPerson(naturalPerson); + personInfo.setTravelDocument(eDocument); + + // person information + personName.setFamilyName(eidData.getFamilyName()); + personName.setGivenName(eidData.getGivenName()); + naturalPerson.setDateOfBirth(eidData.getDateOfBirth()); + eDocument.setIssuingCountry(eidData.getCitizenCountryCode()); + eDocument.setDocumentNumber(eidData.getPseudonym()); + + // eID document information + String documentType = basicConfig + .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, + Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE); + eDocument.setDocumentType(documentType); + + // set PlaceOfBirth if available + if (eidData.getPlaceOfBirth() != null) { + log.trace("Find 'PlaceOfBirth' attribute: " + eidData.getPlaceOfBirth()); + boolean setPlaceOfBirth = basicConfig + .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE, true); + if (setPlaceOfBirth) { + naturalPerson.setPlaceOfBirth(eidData.getPlaceOfBirth()); + log.trace("Adding 'PlaceOfBirth' to ERnB request ... "); + } + } + + // set BirthName if available + if (eidData.getBirthName() != null) { + log.trace("Find 'BirthName' attribute: " + eidData.getBirthName()); + boolean setBirthName = basicConfig + .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE, true); + if (setBirthName) { + final AlternativeNameType alternativeName = new AlternativeNameType(); + naturalPerson.setAlternativeName(alternativeName); + alternativeName.setFamilyName(eidData.getBirthName()); + log.trace("Adding 'BirthName' to ERnB request ... "); + } + } + + return personInfo; + } + + @PostConstruct + private void initialize() throws EaafConfigurationException { + log.info("Starting SZR-Client initialization .... "); + final URL url = SzrClient.class.getResource("/wsdl/szr_client/SZR_v4.0.wsdl"); + + final boolean useTestSzr = basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE, + true); + + SzrService szrService; + QName qname; + String szrUrl; + if (useTestSzr) { + log.debug("Initializing SZR test environment configuration."); + qname = SzrService.SZRTestumgebung; + szrService = new SzrService(url, new QName("urn:SZRServices", "SZRService")); + szr = szrService.getSzrTestumgebung(); + szrUrl = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_TEST); + + } else { + log.debug("Initializing SZR productive configuration."); + qname = SzrService.SZRProduktionsumgebung; + szrService = new SzrService(url, new QName("urn:SZRServices", "SZRService")); + szr = szrService.getSzrProduktionsumgebung(); + szrUrl = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_PROD); + + } + + // create raw client; + dispatch = szrService.createDispatch(qname, Source.class, javax.xml.ws.Service.Mode.PAYLOAD); + + if (StringUtils.isEmpty(szrUrl)) { + log.error("No SZR service-URL found. SZR-Client initalisiation failed."); + throw new RuntimeException("No SZR service URL found. SZR-Client initalisiation failed."); + + } + + // check if Clients can be initialized + if (szr == null) { + log.error("SZR " + CLIENT_DEFAULT + " is 'NULL'. Something goes wrong"); + throw new RuntimeException("SZR " + CLIENT_DEFAULT + " is 'NULL'. Something goes wrong"); + + } + if (dispatch == null) { + log.error("SZR " + CLIENT_RAW + " is 'NULL'. Something goes wrong"); + throw new RuntimeException("SZR " + CLIENT_RAW + " is 'NULL'. Something goes wrong"); + + } + + // inject handler + log.info("Use SZR service-URL: " + szrUrl); + injectBindingProvider((BindingProvider) szr, CLIENT_DEFAULT, szrUrl, + basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_TRACEMESSAGES, false)); + injectBindingProvider(dispatch, CLIENT_RAW, szrUrl, + basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_TRACEMESSAGES, false)); + + // inject http parameters and SSL context + log.debug("Inject HTTP client settings ... "); + HttpClientConfigBuilder httpClientBuilder = HttpClientConfig.builder() + .clientName("SZR Client") + .clientUrl(szrUrl) + .connectionTimeout(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION, + Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION)) + .responseTimeout(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE, + Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE)) + .keyStoreConfig(buildKeyStoreConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_TYPE, + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PATH, + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PASSWORD, + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_NAME, + "SZR SSL Client-Authentication KeyStore")) + .keyAlias(basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYS_ALIAS)) + .keyPassword(basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEY_PASSWORD)) + .trustAll(false) + .trustStoreConfig(buildKeyStoreConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_TYPE, + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PATH, + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PASSWORD, + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_NAME, + "SZR SSL Client-Authentication KeyStore")); + + injectHttpClient(szr, httpClientBuilder.clientType(CLIENT_DEFAULT).build()); + injectHttpClient(dispatch, httpClientBuilder.clientType(CLIENT_RAW).build()); + + log.info("SZR-Client initialization successfull"); + } + + private void injectMdsIfAvailableAndActive(Map eidsaBindMap, SimpleEidasData eidData) { + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SET_MDS_TO_EIDASBIND, false)) { + log.info("Injecting MDS into eidasBind ... "); + final Map mds = new HashMap<>(); + mds.put(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, eidData.getFamilyName()); + mds.put(PvpAttributeDefinitions.GIVEN_NAME_NAME, eidData.getGivenName()); + mds.put(PvpAttributeDefinitions.BIRTHDATE_NAME, eidData.getDateOfBirth()); + eidsaBindMap.put(ATTR_NAME_MDS, mds); + + } + } + + private byte[] sourceToByteArray(Source result) throws TransformerException { + final TransformerFactory factory = TransformerFactory.newInstance(); + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + final Transformer transformer = factory.newTransformer(); + transformer.setOutputProperty("omit-xml-declaration", "yes"); + transformer.setOutputProperty("method", "xml"); + final ByteArrayOutputStream out = new ByteArrayOutputStream(); + final StreamResult streamResult = new StreamResult(); + streamResult.setOutputStream(out); + transformer.transform(result, streamResult); + return out.toByteArray(); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrService.java new file mode 100644 index 00000000..590f88a4 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrService.java @@ -0,0 +1,164 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr; + +import java.net.URL; + +import javax.xml.namespace.QName; +import javax.xml.ws.Service; +import javax.xml.ws.WebEndpoint; +import javax.xml.ws.WebServiceClient; +import javax.xml.ws.WebServiceFeature; + +import szrservices.SZR; + +/** + * This class was generated by Apache CXF 3.1.16 2018-07-10T09:36:01.466+02:00 + * Generated source version: 3.1.16 + * + */ +@WebServiceClient(name = "SZRService", + wsdlLocation = "./src/main/resources/szr_client/SZR-1.WSDL", + targetNamespace = "urn:SZRServices") +public class SzrService extends Service { + + public static final URL WSDL_LOCATION; + + public static final QName SERVICE = new QName("urn:SZRServices", "SZRService"); + public static final QName SZRProduktionsumgebung = new QName("urn:SZRServices", "SZRProduktionsumgebung"); + public static final QName SZRTestumgebung = new QName("urn:SZRServices", "SZRTestumgebung"); + public static final QName SZRBusinesspartnerTestumgebung = new QName("urn:SZRServices", + "SZRBusinesspartnerTestumgebung"); + + static { + URL url = SzrService.class.getResource("./src/main/resources/wsdl/szr_client/SZR-1.WSDL"); + if (url == null) { + url = SzrService.class.getClassLoader().getResource("/szr_client/SZR-1.WSDL"); + } + if (url == null) { + java.util.logging.Logger.getLogger(SzrService.class.getName()) + .log(java.util.logging.Level.INFO, + "Can not initialize the default wsdl from {0}", "/szr_client/SZR-1.WSDL"); + } + WSDL_LOCATION = url; + + } + + public SzrService(URL wsdlLocation) { + super(wsdlLocation, SERVICE); + } + + public SzrService(URL wsdlLocation, QName serviceName) { + super(wsdlLocation, serviceName); + } + + public SzrService() { + super(WSDL_LOCATION, SERVICE); + } + + public SzrService(WebServiceFeature... features) { + super(WSDL_LOCATION, SERVICE, features); + } + + public SzrService(URL wsdlLocation, WebServiceFeature... features) { + super(wsdlLocation, SERVICE, features); + } + + public SzrService(URL wsdlLocation, QName serviceName, WebServiceFeature... features) { + super(wsdlLocation, serviceName, features); + } + + /** + * Get SZR Web-Service. + * + * @return returns SZR + */ + @WebEndpoint(name = "SZRProduktionsumgebung") + public SZR getSzrProduktionsumgebung() { + return super.getPort(SZRProduktionsumgebung, SZR.class); + } + + /** + * Get SZR Web-Service. + * + * @param features A list of {@link javax.xml.ws.WebServiceFeature} to configure + * on the proxy. Supported features not in the + * features parameter will have their default + * values. + * @return returns SZR + */ + @WebEndpoint(name = "SZRProduktionsumgebung") + public SZR getSzrProduktionsumgebung(WebServiceFeature... features) { + return super.getPort(SZRProduktionsumgebung, SZR.class, features); + } + + /** + *Get SZR Web-Service. + * + * @return returns SZR + */ + @WebEndpoint(name = "SZRTestumgebung") + public SZR getSzrTestumgebung() { + return super.getPort(SZRTestumgebung, SZR.class); + } + + /** + * Get SZR Web-Service. + * + * @param features A list of {@link javax.xml.ws.WebServiceFeature} to configure + * on the proxy. Supported features not in the + * features parameter will have their default + * values. + * @return returns SZR + */ + @WebEndpoint(name = "SZRTestumgebung") + public SZR getSzrTestumgebung(WebServiceFeature... features) { + return super.getPort(SZRTestumgebung, SZR.class, features); + } + + /** + * Get SZR Web-Service. + * + * @return returns SZR + */ + @WebEndpoint(name = "SZRBusinesspartnerTestumgebung") + public SZR getSzrBusinesspartnerTestumgebung() { + return super.getPort(SZRBusinesspartnerTestumgebung, SZR.class); + } + + /** + * Get SZR Web-Service. + * + * @param features A list of {@link javax.xml.ws.WebServiceFeature} to configure + * on the proxy. Supported features not in the + * features parameter will have their default + * values. + * @return returns SZR + */ + @WebEndpoint(name = "SZRBusinesspartnerTestumgebung") + public SZR getSzrBusinesspartnerTestumgebung(WebServiceFeature... features) { + return super.getPort(SZRBusinesspartnerTestumgebung, SZR.class, features); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/IZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/IZmrClient.java new file mode 100644 index 00000000..18bcbacc --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/IZmrClient.java @@ -0,0 +1,89 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr; + +import java.math.BigInteger; + +import javax.annotation.Nonnull; +import javax.annotation.Nullable; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.ZmrSoapClient.ZmrRegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest; + +public interface IZmrClient { + + /** + * Search person based on eIDAS personal identifier. + * + * @param zmrProzessId ProcessId from ZMR or null if no processId exists + * @param personIdentifier Full eIDAS personal identifier with prefix + * @return Search result but never null + * @throws EidasSAuthenticationException In case of a communication error + */ + @Nonnull + ZmrRegisterResult searchWithPersonIdentifier(@Nullable BigInteger zmrProzessId, @Nonnull String personIdentifier) + throws EidasSAuthenticationException; + + /** + * Search person based on eIDSA MDS information. + * + * @param zmrProzessId ProcessId from ZMR or null if no processId exists + * @param givenName eIDAS given name + * @param familyName eIDAS principle name + * @param dateOfBirth eIDAS date-of-birth + * @param citizenCountryCode CountryCode of the eIDAS proxy-service + * @return Search result but never null + * @throws EidasSAuthenticationException In case of a communication error + */ + @Nonnull + ZmrRegisterResult searchWithMds(@Nullable BigInteger zmrProzessId, @Nonnull String givenName, + @Nonnull String familyName, @Nonnull String dateOfBirth, @Nonnull String citizenCountryCode) + throws EidasSAuthenticationException; + + /** + * Search person based on country-specific natural person set. + * + * @param zmrProzessId ProcessId from ZMR or null if no processId exists + * @param personSearchDao Specific set of natural person informations. + * @param citizenCountryCode CountryCode of the eIDAS proxy-service + * @return Search result but never null + * @throws EidasSAuthenticationException In case of a communication error + */ + @Nonnull + ZmrRegisterResult searchCountrySpecific(@Nullable BigInteger zmrProzessId, + @Nonnull PersonSuchenRequest personSearchDao, @Nonnull String citizenCountryCode) + throws EidasSAuthenticationException; + + + void update(@Nullable BigInteger zmrProzessId, RegisterResult registerResult, SimpleEidasData eidData); + + ZmrRegisterResult searchWithBpkZp(@Nullable BigInteger zmrProzessId, String bpkzp); + + ZmrRegisterResult searchWithResidenceData(@Nullable BigInteger zmrProzessId, String givenName, String familyName, + String dateOfBirth, String zipcode, String city, String street); + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java new file mode 100644 index 00000000..014d202b --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java @@ -0,0 +1,560 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr; + +import java.math.BigInteger; +import java.net.URL; +import java.text.MessageFormat; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.Objects; +import java.util.stream.Collectors; + +import javax.annotation.Nonnull; +import javax.annotation.PostConstruct; +import javax.xml.ws.BindingProvider; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.lang.NonNull; +import org.springframework.lang.Nullable; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.AbstractSoapClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ZmrCommunicationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.VersionHolder; +import at.gv.bmi.namespace.zmr_su.base._20040201.ClientInfoType; +import at.gv.bmi.namespace.zmr_su.base._20040201.Organisation; +import at.gv.bmi.namespace.zmr_su.base._20040201.RequestType; +import at.gv.bmi.namespace.zmr_su.base._20040201.ResponseType; +import at.gv.bmi.namespace.zmr_su.base._20040201.WorkflowInfoClient; +import at.gv.bmi.namespace.zmr_su.base._20040201.WorkflowInfoServer; +import at.gv.bmi.namespace.zmr_su.base._20040201_.Service; +import at.gv.bmi.namespace.zmr_su.base._20040201_.ServiceFault; +import at.gv.bmi.namespace.zmr_su.base._20040201_.ServicePort; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.EidasSuchdatenType; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.ErgebniskriterienType; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.NatuerlichePersonErgebnisType; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonErgebnisSatzType; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonErgebnisType; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenResponse; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonensucheInfoType; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.SuchkriterienType; +import at.gv.e_government.reference.namespace.persondata.de._20040201.NatuerlichePersonTyp; +import at.gv.e_government.reference.namespace.persondata.de._20040201.PersonenNameTyp; +import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.extern.slf4j.Slf4j; + +/** + * ZMR client implementation for eIDAS matching operations. + * + * @author tlenz + * + */ +@Slf4j +public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient { + + private static final String ERROR_MATCHING_00 = "module.eidasauth.matching.00"; + private static final String ERROR_MATCHING_01 = "module.eidasauth.matching.01"; + private static final String ERROR_MATCHING_02 = "module.eidasauth.matching.02"; + private static final String ERROR_MATCHING_99 = "module.eidasauth.matching.99"; + + private static final String LOGMSG_MISSING_CONFIG = "Missing configuration with key: {0}"; + + private static final String LOGMSG_ZMR_ERROR = + "Receive an error from ZMR during '{}' operation with msg: {}"; + private static final String LOGMSG_ZMR_RESP_PROCESS = + "Proces ZMR response during '{}' operation failes with msg: {}"; + + private static final String LOGMSG_ZMR_SOAP_ERROR = + "ZMR anwser for transaction: {} with code: {} and message: {}"; + + private static final String PROCESS_GENERAL = "eIDAS_Matching"; + private static final String PROCESS_SEARCH_PERSONAL_IDENTIFIER = + "Searching " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER; + private static final String PROCESS_SEARCH_MDS_ONLY = "Searching with MDS only"; + private static final String PROCESS_SEARCH_COUNTRY_SPECIFIC = "Searching {} specific"; + + private static final String CLIENT_INFO = "eIDAS MS-Connector v{0}"; + private static final String CLIENT_DEFAULT = "ZMR Client"; + + + @Autowired VersionHolder versionHolder; + + private ServicePort zmrClient; + + + @AllArgsConstructor + @Getter + public static class ZmrRegisterResult { + private final List personResult; + private final BigInteger processId; + + } + + @Override + public ZmrRegisterResult searchWithPersonIdentifier(BigInteger zmrProzessId, String personIdentifier) + throws EidasSAuthenticationException { + + try { + // build search request + final RequestType req = new RequestType(); + + // set eIDAS person information + final PersonSuchenRequest searchPersonReq = new PersonSuchenRequest(); + req.setPersonSuchenRequest(searchPersonReq); + final EidasSuchdatenType eidasInfos = new EidasSuchdatenType(); + searchPersonReq.setEidasSuchdaten(eidasInfos); + eidasInfos.setEidasArt(Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER); + eidasInfos.setEidasNummer(personIdentifier); + + // set work-flow client information + req.setWorkflowInfoClient(generateWorkFlowInfos(PROCESS_SEARCH_PERSONAL_IDENTIFIER, null)); + req.setClientInfo(generateClientInfos()); + + // set additionl search parameters + searchPersonReq.setPersonensucheInfo(generateSearchCriteria(false, true, false)); + + // request ZMR + log.trace("Requesting ZMR for '{}' operation", PROCESS_SEARCH_PERSONAL_IDENTIFIER); + final ResponseType resp = zmrClient.service(req, null); + + // parse ZMR response + return processZmrResponse(resp, EidasResponseUtils.parseEidasPersonalIdentifier(personIdentifier) + .getFirst(), + true, PROCESS_SEARCH_PERSONAL_IDENTIFIER); + + } catch (final ServiceFault e) { + final String errorMsg = extractReasonFromError(e); + log.warn(LOGMSG_ZMR_ERROR, PROCESS_SEARCH_PERSONAL_IDENTIFIER, errorMsg); + throw new ZmrCommunicationException(ERROR_MATCHING_01, new Object[] { errorMsg }, e); + + } catch (final EaafAuthenticationException e) { + log.warn(LOGMSG_ZMR_RESP_PROCESS, PROCESS_SEARCH_PERSONAL_IDENTIFIER, e.getMessage()); + throw new EidasSAuthenticationException(ERROR_MATCHING_99, new Object[] { e.getMessage() }, e); + + } + } + + @Override + public ZmrRegisterResult searchWithMds(BigInteger zmrProzessId, String givenName, String familyName, + String dateOfBirth, String citizenCountryCode) throws EidasSAuthenticationException { + try { + // build search request + final RequestType req = new RequestType(); + + // set eIDAS person information + final PersonSuchenRequest searchPersonReq = new PersonSuchenRequest(); + req.setPersonSuchenRequest(searchPersonReq); + + final NatuerlichePersonTyp searchNatPerson = new NatuerlichePersonTyp(); + searchPersonReq.setNatuerlichePerson(searchNatPerson); + final PersonenNameTyp searchNatPersonName = new PersonenNameTyp(); + searchNatPerson.setPersonenName(searchNatPersonName); + + searchNatPersonName.setFamilienname(familyName); + searchNatPersonName.setVorname(givenName); + searchNatPerson.setGeburtsdatum(dateOfBirth); + + // set work-flow client information + req.setWorkflowInfoClient(generateWorkFlowInfos(PROCESS_SEARCH_MDS_ONLY, zmrProzessId)); + req.setClientInfo(generateClientInfos()); + + // set additionl search parameters + searchPersonReq.setPersonensucheInfo(generateSearchCriteria(false, true, false)); + + // request ZMR + log.trace("Requesting ZMR for '{}' operation", PROCESS_SEARCH_MDS_ONLY); + final ResponseType resp = zmrClient.service(req, null); + + // parse ZMR response + return processZmrResponse(resp, citizenCountryCode, false, PROCESS_SEARCH_MDS_ONLY); + + } catch (final ServiceFault e) { + final String errorMsg = extractReasonFromError(e); + log.warn(LOGMSG_ZMR_ERROR, PROCESS_SEARCH_MDS_ONLY, errorMsg); + throw new ZmrCommunicationException(ERROR_MATCHING_01, new Object[] { errorMsg }, e); + + } catch (final EaafAuthenticationException e) { + log.warn(LOGMSG_ZMR_RESP_PROCESS, PROCESS_SEARCH_MDS_ONLY, e.getMessage()); + throw new EidasSAuthenticationException(ERROR_MATCHING_99, new Object[] { e.getMessage() }, e); + + } + + } + + @Override + public ZmrRegisterResult searchCountrySpecific(BigInteger zmrProzessId, PersonSuchenRequest personSearchDao, + String citizenCountryCode) + throws EidasSAuthenticationException { + final String friendlyMsg = MessageFormat.format(PROCESS_SEARCH_COUNTRY_SPECIFIC, citizenCountryCode); + + try { + // build search request + final RequestType req = new RequestType(); + + // set eIDAS person information + req.setPersonSuchenRequest(personSearchDao); + + // set work-flow client information + req.setWorkflowInfoClient(generateWorkFlowInfos(friendlyMsg, zmrProzessId)); + req.setClientInfo(generateClientInfos()); + + // set additionl search parameters + personSearchDao.setPersonensucheInfo(generateSearchCriteria(false, true, false)); + + // request ZMR + log.trace("Requesting ZMR for '{}' operation", friendlyMsg); + final ResponseType resp = zmrClient.service(req, null); + + // parse ZMR response + return processZmrResponse(resp, citizenCountryCode, true, + friendlyMsg); + + } catch (final ServiceFault e) { + final String errorMsg = extractReasonFromError(e); + log.warn(LOGMSG_ZMR_ERROR, friendlyMsg, errorMsg); + throw new ZmrCommunicationException(ERROR_MATCHING_01, new Object[] { errorMsg }, e); + + } catch (final EaafAuthenticationException e) { + log.warn(LOGMSG_ZMR_RESP_PROCESS, friendlyMsg, e.getMessage()); + throw new EidasSAuthenticationException(ERROR_MATCHING_99, new Object[] { e.getMessage() }, e); + + } + } + + @Override + public void update(BigInteger zmrProzessId, RegisterResult registerResult, SimpleEidasData eidData) { + // TODO Auto-generated method stub + + } + + @Override + public ZmrRegisterResult searchWithBpkZp(BigInteger zmrProzessId, String bpkzp) { + // TODO Auto-generated method stub + return null; + } + + @Override + public ZmrRegisterResult searchWithResidenceData(BigInteger zmrProzessId, String givenName, String familyName, + String dateOfBirth, String zipcode, String city, String street) { + // TODO Auto-generated method stub + return null; + } + + @PostConstruct + private void initialize() throws EaafConfigurationException { + // set-up the ZMR client + initializeTechnicalZmrClient(); + + // validate additional ZMR communication parameters + valdiateAdditionalConfigParameters(); + + } + + private void initializeTechnicalZmrClient() throws EaafConfigurationException { + log.info("Starting ZMR-Client initialization .... "); + final URL url = ZmrSoapClient.class.getResource("/wsdl/zmr_client/wsdl/Service.wsdl"); + final Service zmrService = new Service(url); + zmrClient = zmrService.getService(); + + final String zmrServiceUrl = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_ENDPOINT); + if (StringUtils.isEmpty(zmrServiceUrl)) { + log.error("No ZMR service-URL found. ZMR-Client initalisiation failed."); + throw new RuntimeException("No ZMR service URL found. ZMR-Client initalisiation failed."); + + } + + // inject handler + log.info("Use ZMR service-URL: " + zmrServiceUrl); + injectBindingProvider((BindingProvider) zmrClient, CLIENT_DEFAULT, zmrServiceUrl, + basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_DEBUG_TRACEMESSAGES, + false)); + + // inject http parameters and SSL context + log.debug("Inject HTTP client settings ... "); + injectHttpClient(zmrClient, HttpClientConfig.builder() + .clientName(CLIENT_DEFAULT) + .clientType(CLIENT_DEFAULT) + .clientUrl(zmrServiceUrl) + .connectionTimeout(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_TIMEOUT_CONNECTION, + Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION)) + .responseTimeout(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_TIMEOUT_RESPONSE, + Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE)) + .keyStoreConfig(buildKeyStoreConfiguration( + Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYSTORE_TYPE, + Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYSTORE_PATH, + Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYSTORE_PASSWORD, + Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYSTORE_NAME, + "ZMR SSL Client-Authentication KeyStore")) + .keyAlias(basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYS_ALIAS)) + .keyPassword(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEY_PASSWORD)) + .trustAll(false) + .trustStoreConfig(buildKeyStoreConfiguration( + Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_TYPE, + Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_PATH, + Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_PASSWORD, + Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_NAME, + "ZMR SSL Client-Authentication TrustStore")) + .build()); + + } + + private void valdiateAdditionalConfigParameters() { + checkConfigurationValue(Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_REQ_ORGANIZATION_NR); + + } + + private void checkConfigurationValue(String key) { + if (StringUtils.isEmpty(basicConfig.getBasicConfiguration(key))) { + throw new RuntimeException(MessageFormat.format(LOGMSG_MISSING_CONFIG, key)); + + } + } + + @Nonnull + private WorkflowInfoClient generateWorkFlowInfos(@Nonnull String subStepName, + @Nullable BigInteger prozessInstanzId) { + final WorkflowInfoClient infos = new WorkflowInfoClient(); + infos.setProzessName(PROCESS_GENERAL); + infos.setVorgangName(subStepName); + + //set processId that we received from ZMR before, if already available + if (prozessInstanzId != null) { + infos.setProzessInstanzID(prozessInstanzId); + + } + + return infos; + + } + + @Nonnull + private PersonensucheInfoType generateSearchCriteria(boolean searchInErnp, + boolean searchInZmrHistory, boolean includeHistoryResults) { + final PersonensucheInfoType personSearchInfo = new PersonensucheInfoType(); + final SuchkriterienType searchCriteria = new SuchkriterienType(); + final ErgebniskriterienType resultCriteria = new ErgebniskriterienType(); + personSearchInfo.setSuchkriterien(searchCriteria); + personSearchInfo.setErgebniskriterien(resultCriteria); + + // TODO: are these flags valid? + searchCriteria.setInclusivERnP(searchInErnp); + searchCriteria.setInclusivHistorie(searchInZmrHistory); + + // TODO: check 'processSearchPersonResponse' if we change this to 'true' + resultCriteria.setInclusivHistorie(includeHistoryResults); + + return personSearchInfo; + + } + + @Nonnull + private ClientInfoType generateClientInfos() { + final ClientInfoType clientInfo = new ClientInfoType(); + final Organisation clientOrganisation = new Organisation(); + clientInfo.setOrganisation(clientOrganisation); + + // set client information + clientInfo.setClient(MessageFormat.format(CLIENT_INFO, versionHolder.getVersion())); + + // set Behoerdennummer as organization identifier + clientOrganisation.setBehoerdenNr(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_REQ_ORGANIZATION_NR)); + + return clientInfo; + } + + @Nonnull + private String extractReasonFromError(ServiceFault e) { + if (e.getFaultInfo() != null) { + return MessageFormat.format(LOGMSG_ZMR_SOAP_ERROR, + e.getFaultInfo().getServerTransaktionNr(), + e.getFaultInfo().getErrorCode(), + e.getFaultInfo().getErrorMessage()); + + } else { + log.error("ZMR response without error code", e); + return e.getMessage(); + + } + } + + @Nonnull + private ZmrRegisterResult processZmrResponse(@Nonnull ResponseType resp, + @Nonnull String citizenCountryCode, + boolean forceSinglePersonMatch, @Nonnull String processStepFiendlyname) + throws EaafAuthenticationException { + final PersonSuchenResponse searchPersonResp = resp.getPersonSuchenResponse(); + if (searchPersonResp.getPersonensuchergebnis() == null + || searchPersonResp.getPersonensuchergebnis().getPersonErgebnisSatz().isEmpty()) { + log.debug("ZMR result contains NO 'Personensuchergebnis' or 'PersonErgebnisSatz' is empty"); + return new ZmrRegisterResult(Collections.emptyList(), extractZmrProcessId(resp.getWorkflowInfoServer())); + + } else { + // TODO: what we to with ERnP results? + log.debug("Get #{} person results from '{}' operation", + searchPersonResp.getPersonensuchergebnis().getGefundeneSaetze(), processStepFiendlyname); + + if (forceSinglePersonMatch) { + return new ZmrRegisterResult(processSearchPersonResponseSingleResult( + searchPersonResp.getPersonensuchergebnis().getPersonErgebnisSatz(), citizenCountryCode), + extractZmrProcessId(resp.getWorkflowInfoServer())); + + } else { + return new ZmrRegisterResult(processSearchPersonResponse( + searchPersonResp.getPersonensuchergebnis().getPersonErgebnisSatz(), citizenCountryCode), + extractZmrProcessId(resp.getWorkflowInfoServer())); + + } + } + } + + private BigInteger extractZmrProcessId(WorkflowInfoServer workflowInfoServer) { + return workflowInfoServer != null ? workflowInfoServer.getProzessInstanzID() : null; + + } + + @Nonnull + private List processSearchPersonResponse( + @Nonnull List personErgebnisSatz, + @Nonnull String citizenCountryCode) throws EaafAuthenticationException { + + return personErgebnisSatz.stream() + .map(el -> { + try { + return processPersonResult(el, citizenCountryCode); + + } catch (final EaafAuthenticationException e) { + log.warn("Skip ZMR person result by reason: {}", e.getMessage(), e); + return null; + + } + }) + .filter(Objects::nonNull) + .collect(Collectors.toList()); + + } + + @NonNull + private List processSearchPersonResponseSingleResult( + @Nonnull List personErgebnisSatz, + @Nonnull String citizenCountryCode) throws EaafAuthenticationException { + if (personErgebnisSatz.size() > 1) { + log.error("Find more than on person with eIDAS personalIdentifier."); + throw new EaafAuthenticationException(ERROR_MATCHING_00, null); + + } else { + return Arrays.asList(processPersonResult(personErgebnisSatz.get(0), citizenCountryCode)); + + } + } + + @Nonnull + private RegisterResult processPersonResult( + @Nonnull PersonErgebnisSatzType personEl, @Nonnull String citizenCountryCode) + throws EaafAuthenticationException { + // TODO: maybe check on 'null' if ERnP data is also allowed + log.debug("Find #{} data sets in person information", + personEl.getPersonendaten().getPersonErgebnis().size()); + + if (personEl.getPersonendaten().getPersonErgebnis().size() > 1) { + log.error("Find more than on person with eIDAS personalIdentifier."); + throw new EaafAuthenticationException(ERROR_MATCHING_02, null); + + } else { + return mapZmrResponseToRegisterResult( + personEl.getPersonendaten().getPersonErgebnis().get(0), citizenCountryCode); + + } + + } + + @Nonnull + private RegisterResult mapZmrResponseToRegisterResult(@Nonnull PersonErgebnisType person, + @Nonnull String citizenCountryCode) { + // TODO: kann ich bei historischen daten davon ausgehen dass die Reihenfolge der + // Ergebnisse von aktuell --> alt ist? + + // build result + return RegisterResult.builder() + .pseudonym(selectAllEidasDocument(person, citizenCountryCode, + Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER)) + .familyName(person.getNatuerlichePerson().getPersonenName().getFamilienname()) + .givenName(person.getNatuerlichePerson().getPersonenName().getVorname()) + .dateOfBirth(person.getNatuerlichePerson().getGeburtsdatum()) + .bpk(extractBpkZp(person.getNatuerlichePerson())) + .placeOfBirth(selectSingleEidasDocument(person, citizenCountryCode, + Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER)) + .birthName(selectSingleEidasDocument(person, citizenCountryCode, + Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER)) + .build(); + + } + + private String extractBpkZp(NatuerlichePersonErgebnisType natuerlichePerson) { + String bpk = natuerlichePerson.getIdentification().stream() + .filter(el -> Constants.MATCHING_INTERNAL_BPK_TARGET.equals(el.getType())) + .findFirst() + .map(el -> el.getValue()) + .orElse(null); + if (StringUtils.isEmpty(bpk)) { + log.warn("ZMR response contains no 'bPK' for target: 'ZP'"); + + } + return bpk; + + } + + /** + * Get all eIDAS document with the specified country code and document type. + * + * @param person Person information from ZMR + * @param citizenCountryCode Country code of the eIDAS attribute + * @param eidasAttrurnPersonalidentifier eIDAS attribute identifier + * @return {@link List} of eIDAS attribute values or an empty list if's not + * found + */ + @NonNull + private List selectAllEidasDocument(PersonErgebnisType person, String citizenCountryCode, + String eidasAttrurnPersonalidentifier) { + return person.getEidasIdentitaet().stream() + .filter(el -> eidasAttrurnPersonalidentifier.equals(el.getEidasArt()) + && el.getStaatscode3().equals(citizenCountryCode)) + .map(el -> el.getDokumentNummer()) + .collect(Collectors.toList()); + + } + + /** + * Get the first eIDAS document with the specified country code and document + * type. + * + * @param person Person information from ZMR + * @param citizenCountryCode Country code of the eIDAS attribute + * @param eidasAttrurnPersonalidentifier eIDAS attribute identifier + * @return Value of this eIDAS attribute or null if's not found + */ + @Nullable + private String selectSingleEidasDocument(PersonErgebnisType person, String citizenCountryCode, + String eidasAttrurnPersonalidentifier) { + return person.getEidasIdentitaet().stream() + .filter(el -> eidasAttrurnPersonalidentifier.equals(el.getEidasArt()) + && el.getStaatscode3().equals(citizenCountryCode)) + .findFirst() + .map(el -> el.getDokumentNummer()) + .orElse(null); + + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java deleted file mode 100644 index 0c977016..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright 2020 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; -import lombok.Data; - -import java.util.List; - -@Data -public class MergedRegisterSearchResult { - - private final List resultsZmr; - private final List resultsErnp; - - public MergedRegisterSearchResult(List resultsZmr, List resultsErnp) { - this.resultsZmr = resultsZmr; - this.resultsErnp = resultsErnp; - } - - public int getResultCount() { - return resultsZmr.size() + resultsErnp.size(); - } - - /** - * Verifies that there is only one match and returns the bpk. - * - * @return bpk bpk of the match - * @throws WorkflowException if multiple results have been found - */ - public String getBpk() throws WorkflowException { - if (getResultCount() != 1) { - throw new WorkflowException("getResultCount() != 1"); - } - return getResult().getBpk(); - } - - /** - * Returns the results, if there is exactly one, throws exception otherwise. - * - * @return The result - * @throws WorkflowException Results does not contain exactly one result - */ - public RegisterResult getResult() throws WorkflowException { - if (getResultCount() != 1) { - throw new WorkflowException("getResultCount() != 1"); - } - if (resultsZmr.size() == 1) { - return resultsZmr.get(0); - } else { - return resultsErnp.get(0); - } - } -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java index 369a4e31..4959d72f 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java @@ -23,70 +23,29 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; +import java.util.List; + import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; -import lombok.Data; +import lombok.Builder; +import lombok.Getter; -@Data +@Builder +@Getter public class RegisterResult { // MDS - private final String pseudonym; + private final List pseudonym; private final String givenName; private final String familyName; private final String dateOfBirth; // additional attributes - private final String placeOfBirth; - private final String birthName; - private final String taxNumber; - private final PostalAddressType address; - - private final String bpk; + private String placeOfBirth; + private String birthName; + private String taxNumber; + private PostalAddressType address; - /** - * Register search result. - * - * @param bpk The bpk - * @param pseudonym The pseudonym - * @param givenName The givenName - * @param familyName The familyName - * @param dateOfBirth The dateOfBirth - */ - public RegisterResult(String bpk, String pseudonym, String givenName, String familyName, String dateOfBirth) { - this.bpk = bpk; - this.pseudonym = pseudonym; - this.givenName = givenName; - this.familyName = familyName; - this.dateOfBirth = dateOfBirth; - this.placeOfBirth = null; - this.birthName = null; - this.taxNumber = null; - this.address = null; - } + private String bpk; - /** - * Register search result. - * - * @param bpk The bpk - * @param pseudonym The pseudonym - * @param givenName The givenName - * @param familyName The familyName - * @param dateOfBirth The dateOfBirth - * @param placeOfBirth The placeOfBirth - * @param birthName The birthName - * @param taxNumber The taxNumber - * @param address The address - */ - public RegisterResult(String bpk, String pseudonym, String givenName, String familyName, String dateOfBirth, - String placeOfBirth, String birthName, String taxNumber, PostalAddressType address) { - this.bpk = bpk; - this.pseudonym = pseudonym; - this.givenName = givenName; - this.familyName = familyName; - this.dateOfBirth = dateOfBirth; - this.placeOfBirth = placeOfBirth; - this.birthName = birthName; - this.taxNumber = taxNumber; - this.address = address; - } + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java index ecf5007a..ab84a45f 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java @@ -23,20 +23,32 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; +import org.apache.commons.lang3.builder.EqualsBuilder; + import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterSearchResult; import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; import lombok.Builder; import lombok.Data; -import org.apache.commons.lang3.builder.EqualsBuilder; @Data @Builder public class SimpleEidasData { + /** + * Full eIDAS personal identifier with prefix. + */ private final String personalIdentifier; + + /** + * Citizen country-code from eIDAS personal-identifier. + */ private final String citizenCountryCode; // MDS + /** + * eIDAS personal identifier without prefix. + */ private final String pseudonym; private final String givenName; private final String familyName; @@ -55,16 +67,24 @@ public class SimpleEidasData { * @return true or false depending of the data matches * @throws WorkflowException if multiple results have been found */ - public boolean equalsRegisterData(MergedRegisterSearchResult result) throws WorkflowException { + public boolean equalsRegisterData(RegisterSearchResult result) throws WorkflowException { + /*TODO: maybe this is check is not valid, because only the minimum data-set (personalIdentifer, givenName, + * familyName, dateOfBirth) has to be always available. Any other attributes are optional. + * This check will always evaluate to false if register has more information as current eIDAS process!!! + */ + return new EqualsBuilder() - .append(result.getResult().getPseudonym(), pseudonym) .append(result.getResult().getGivenName(), givenName) .append(result.getResult().getFamilyName(), familyName) .append(result.getResult().getDateOfBirth(), dateOfBirth) .append(result.getResult().getPlaceOfBirth(), placeOfBirth) .append(result.getResult().getBirthName(), birthName) .append(result.getResult().getTaxNumber(), taxNumber) - .isEquals(); + .isEquals() && result.getResult().getPseudonym().stream() + .filter(el -> el.equals(pseudonym)) + .findFirst() + .isPresent(); + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java index 4a27e60e..92e727ea 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java @@ -23,15 +23,15 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; +import org.apache.commons.lang3.builder.EqualsBuilder; + import lombok.Builder; import lombok.Data; -import org.apache.commons.lang3.builder.EqualsBuilder; @Data @Builder public class SimpleMobileSignatureData { - private final String citizenCountryCode; private final String bpk; private final String givenName; private final String familyName; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java index 3536b0dc..065b17a2 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java @@ -23,13 +23,14 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import org.springframework.stereotype.Service; - import java.util.Collections; import java.util.List; +import org.springframework.stereotype.Service; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; + @Service("ErnbClientForeIDAS") public class DummyErnpClient implements IErnpClient { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java index 218a9f41..b3b0c033 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java @@ -23,11 +23,11 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp; +import java.util.List; + import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import java.util.List; - public interface IErnpClient { List searchWithPersonIdentifier(String personIdentifier); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java index f28d8afa..c7df56d0 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java @@ -26,8 +26,9 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; public class InvalidUserInputException extends EidasSAuthenticationException { private static final long serialVersionUID = 1L; - public InvalidUserInputException() { - super("eidas.10", null); + public InvalidUserInputException(String errorCode) { + super(errorCode, null); + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java index 2fecaa6b..cf69bd2c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java @@ -28,11 +28,17 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; public class ManualFixNecessaryException extends EidasSAuthenticationException { private static final long serialVersionUID = 1L; + //TODO: should we pass some infos? public ManualFixNecessaryException(String personIdentifier) { - super("eidas.09", new Object[] { personIdentifier }); + super("module.eidasauth.matching.04", new Object[] { personIdentifier }); } public ManualFixNecessaryException(SimpleEidasData eidData) { - super("eidas.09", new Object[] { eidData.getPseudonym() });//TODO what info to pass??? + super("module.eidasauth.matching.04", new Object[] { eidData.getPseudonym() }); } + + public ManualFixNecessaryException(SimpleEidasData eidData, Throwable e) { + super("module.eidasauth.matching.04", new Object[] { eidData.getPseudonym() }, e); + } + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/WorkflowException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/WorkflowException.java index b6f3309b..795b4386 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/WorkflowException.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/WorkflowException.java @@ -23,11 +23,72 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; +import lombok.Getter; + +@Getter public class WorkflowException extends EidasSAuthenticationException { private static final long serialVersionUID = 1L; - public WorkflowException(String data) { - super("eidas.08", new Object[]{data}); + private String processStepName; + private String errorReason; + private boolean requiresManualFix = false; + + /** + * In case of a error during matching work-flow. + * + * @param processStep Matching step identifier + * @param errorReason Reason for this error + */ + public WorkflowException(String processStep, String errorReason) { + super("module.eidasauth.matching.03", new Object[]{processStep, errorReason}); + this.processStepName = processStep; + this.errorReason = errorReason; + } + /** + * In case of a error during matching work-flow. + * + * @param processStep Matching step identifier + * @param errorReason Reason for this error + * @param e Catched exception + */ + public WorkflowException(String processStep, String errorReason, Throwable e) { + super("module.eidasauth.matching.03", new Object[]{processStep, errorReason}, e); + this.processStepName = processStep; + this.errorReason = errorReason; + + } + + /** + * In case of a error during matching work-flow. + * + * @param processStep Matching step identifier + * @param errorReason Reason for this error + * @param needsManualFix Mark this work-flow as manually fixable + */ + public WorkflowException(String processStep, String errorReason, boolean needsManualFix) { + super("module.eidasauth.matching.03", new Object[]{processStep, errorReason}); + this.processStepName = processStep; + this.errorReason = errorReason; + this.requiresManualFix = needsManualFix; + + } + + /** + * In case of a error during matching work-flow. + * + * @param processStep Matching step identifier + * @param errorReason Reason for this error + * @param needsManualFix Mark this work-flow as manually fixable + * @param e Catched exception + */ + public WorkflowException(String processStep, String errorReason, boolean needsManualFix, Throwable e) { + super("module.eidasauth.matching.03", new Object[]{processStep, errorReason}, e); + this.processStepName = processStep; + this.errorReason = errorReason; + this.requiresManualFix = needsManualFix; + + } + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ZmrCommunicationException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ZmrCommunicationException.java new file mode 100644 index 00000000..a6978458 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ZmrCommunicationException.java @@ -0,0 +1,38 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; + +public class ZmrCommunicationException extends EidasSAuthenticationException { + + private static final long serialVersionUID = 1L; + + public ZmrCommunicationException(String internalMsgId, Object[] params) { + super(internalMsgId, params); + } + + public ZmrCommunicationException(String internalMsgId, Object[] params, Throwable e) { + super(internalMsgId, params, e); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java index 05254fe2..1050f8d9 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java @@ -24,11 +24,13 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processCountryCode; +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processDateOfBirthToString; + import java.util.Map; import java.util.regex.Matcher; import java.util.regex.Pattern; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; import org.slf4j.Logger; @@ -37,7 +39,9 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.lang.NonNull; import com.google.common.collect.ImmutableSortedSet; + import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; @@ -47,15 +51,11 @@ import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; - import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.light.impl.LightRequest.Builder; import eu.eidas.auth.commons.protocol.eidas.SpType; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processCountryCode; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processDateOfBirthToString; - public abstract class AbstractEidProcessor implements INationalEidProcessor { private static final Logger log = LoggerFactory.getLogger(AbstractEidProcessor.class); @@ -77,19 +77,26 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { public final SimpleEidasData postProcess(Map eidasAttrMap) throws EidPostProcessingException, EidasAttributeException { SimpleEidasData.SimpleEidasDataBuilder builder = SimpleEidasData.builder() + .personalIdentifier(EidasResponseUtils.processPersonalIdentifier( + eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))) + // MDS attributes .citizenCountryCode(processCountryCode(eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))) .pseudonym(processPseudonym(eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))) .familyName(processFamilyName(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))) .givenName(processGivenName(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME))) .dateOfBirth(processDateOfBirthToString(eidasAttrMap.get(Constants.eIDAS_ATTR_DATEOFBIRTH))) + // additional attributes .placeOfBirth(processPlaceOfBirth(eidasAttrMap.get(Constants.eIDAS_ATTR_PLACEOFBIRTH))) .birthName(processBirthName(eidasAttrMap.get(Constants.eIDAS_ATTR_BIRTHNAME))) .address(processAddress(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTADDRESS))); + if (eidasAttrMap.containsKey(Constants.eIDAS_ATTR_TAXREFERENCE)) { builder.taxNumber(EidasResponseUtils.processTaxReference(eidasAttrMap.get(Constants.eIDAS_ATTR_TAXREFERENCE))); + } + return builder.build(); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java index 6e8f7fce..c2a62f5c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java @@ -23,8 +23,10 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; +import javax.annotation.Nonnull; + import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest; public interface CountrySpecificDetailSearchProcessor { @@ -37,11 +39,18 @@ public interface CountrySpecificDetailSearchProcessor { * Check if this postProcessor is sensitive for a specific country. * * @param countryCode of the eID data that should be processed - * @param eidData eID data + * @param eidData eID information from eIDAS Proxy-Service * @return true if this implementation can handle the country, otherwise false */ boolean canHandle(String countryCode, SimpleEidasData eidData); - MergedRegisterSearchResult search(SimpleEidasData eidData); + /** + * Builds a country-specific search person request for ZMR. + * + * @param eidData eID information from eIDAS Proxy-Service + * @return {@link PersonSuchenRequest} but never null + */ + @Nonnull + PersonSuchenRequest generateSearchRequest(SimpleEidasData eidData); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java index 904c41a1..802fde14 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java @@ -23,40 +23,39 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; +import org.apache.commons.lang3.StringUtils; + import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.EidasSuchdatenType; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest; public class DeSpecificDetailSearchProcessor implements CountrySpecificDetailSearchProcessor { - private final RegisterSearchService registerSearchService; - - public DeSpecificDetailSearchProcessor(RegisterSearchService registerSearchService) { - this.registerSearchService = registerSearchService; - } - @Override public String getName() { - return this.getClass().getName(); + return this.getClass().getSimpleName(); } @Override public boolean canHandle(String countryCode, SimpleEidasData eidData) { - if (!countryCode.equalsIgnoreCase(Constants.COUNTRY_CODE_DE)) { - return false; - } - if (eidData.getBirthName() == null || eidData.getBirthName().isEmpty()) { - return false; - } - if (eidData.getPlaceOfBirth() == null || eidData.getPlaceOfBirth().isEmpty()) { - return false; - } - return true; + return countryCode.equalsIgnoreCase(Constants.COUNTRY_CODE_DE) + && StringUtils.isNotEmpty(eidData.getBirthName()) + && StringUtils.isNotEmpty(eidData.getPlaceOfBirth()); + } @Override - public MergedRegisterSearchResult search(SimpleEidasData eidData) { - return registerSearchService.searchDeSpecific(eidData); + public PersonSuchenRequest generateSearchRequest(SimpleEidasData eidData) { + + PersonSuchenRequest req = new PersonSuchenRequest(); + EidasSuchdatenType eidasInfos = new EidasSuchdatenType(); + req.setEidasSuchdaten(eidasInfos); + + + //TODO: how we can search for more than one eIDAS attribute as a Set + + + return req; } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java index 7e74a85c..b49c355d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java @@ -23,37 +23,31 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; +import org.apache.commons.lang3.StringUtils; + import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest; public class ItSpecificDetailSearchProcessor implements CountrySpecificDetailSearchProcessor { - private final RegisterSearchService registerSearchService; - - public ItSpecificDetailSearchProcessor(RegisterSearchService registerSearchService) { - this.registerSearchService = registerSearchService; - } - @Override public String getName() { - return this.getClass().getName(); + return this.getClass().getSimpleName(); } @Override public boolean canHandle(String countryCode, SimpleEidasData eidData) { - if (!countryCode.equalsIgnoreCase(Constants.COUNTRY_CODE_IT)) { - return false; - } - if (eidData.getTaxNumber() == null || eidData.getTaxNumber().isEmpty()) { - return false; - } - return true; + return countryCode.equalsIgnoreCase(Constants.COUNTRY_CODE_IT) + && StringUtils.isNotEmpty(eidData.getTaxNumber()); + } @Override - public MergedRegisterSearchResult search(SimpleEidasData eidData) { - return registerSearchService.searchItSpecific(eidData); + public PersonSuchenRequest generateSearchRequest(SimpleEidasData eidData) { + + //TODO: add IT specific search request if TaxNumber attribute is defined by IT + return new PersonSuchenRequest(); + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java index 6b524e36..166ffafb 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java @@ -1,18 +1,28 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.service; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; +import java.math.BigInteger; +import java.util.Collections; +import java.util.List; + +import javax.annotation.Nonnull; + +import org.jetbrains.annotations.Nullable; +import org.springframework.stereotype.Service; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.IZmrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.ZmrSoapClient.ZmrRegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ZmrCommunicationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificDetailSearchProcessor; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.RequiredArgsConstructor; +import lombok.Setter; import lombok.extern.slf4j.Slf4j; -import org.springframework.stereotype.Service; - -import java.util.Collections; -import java.util.List; @Slf4j @Service("registerSearchService") @@ -21,99 +31,277 @@ public class RegisterSearchService { private final IZmrClient zmrClient; private final IErnpClient ernpClient; - public RegisterSearchService(IZmrClient zmrClient, IErnpClient ernpClient) { + private final List handlers; + + /** + * Service that combines ZMR and ERnP register search operations. + * + * @param handlers Available country-specific search processors + * @param zmrClient ZMR client + * @param ernpClient ERnP client + */ + public RegisterSearchService(List handlers, IZmrClient zmrClient, + IErnpClient ernpClient) { this.zmrClient = zmrClient; this.ernpClient = ernpClient; + this.handlers = handlers; + log.info("Init with #{} search services for country-specific details", handlers.size()); + } /** - * Automatic process to fix the register entries. + * Search with Person Identifier (eIDAS Pseudonym) in ZMR and ERnP. * - * @param initialSearchResult Result of initial register search - * @param specificSearchResult Result of last register search - * @param eidasData Received eidas data - * @param pendingReq Pending request - * @return The bpk - * @throws TaskExecutionException if an error occurs during the register update + * @param eidasData Received eIDAS data + * @throws WorkflowException In case of a register interaction error */ - public String step7aKittProcess(MergedRegisterSearchResult initialSearchResult, - MergedRegisterSearchResult specificSearchResult, - SimpleEidasData eidasData, - IRequest pendingReq) throws TaskExecutionException { - log.trace("Starting step7aKittProcess"); - // TODO verify with which data this method gets called + @Nonnull + public RegisterSearchResult searchWithPersonIdentifier(SimpleEidasData eidasData) + throws WorkflowException { try { - if (initialSearchResult.getResultCount() != 0) { - throw new WorkflowException("initialSearchResult.getResultCount() != 0"); - } - if (specificSearchResult.getResultCount() != 1) { - throw new WorkflowException("specificSearchResult.getResultCount() != 1"); - } - if (specificSearchResult.getResultsZmr().size() == 1) { - zmrClient.update(specificSearchResult.getResultsZmr().get(0), eidasData); - } - if (specificSearchResult.getResultsErnp().size() == 1) { - ernpClient.update(specificSearchResult.getResultsErnp().get(0), eidasData); - } - return specificSearchResult.getBpk(); - } catch (WorkflowException e) { - throw new TaskExecutionException(pendingReq, "Step7a failed.", e); + final ZmrRegisterResult resultsZmr = zmrClient.searchWithPersonIdentifier( + null, eidasData.getPersonalIdentifier()); + final List resultsErnp = ernpClient.searchWithPersonIdentifier( + eidasData.getPersonalIdentifier()); + + return new RegisterSearchResult(new RegisterOperationStatus(resultsZmr.getProcessId()), + resultsZmr.getPersonResult(), resultsErnp); + + } catch (final EidasSAuthenticationException e) { + throw new WorkflowException("searchWithPersonalIdentifier", e.getMessage(), + !(e instanceof ZmrCommunicationException), e); + } } /** * Search with MDS (Given Name, Family Name, Date of Birth) in ZMR and ERnP. + * + * @param operationStatus Current register-operation status that contains processing informations + * @param eidasData Received eIDAS data + * @throws WorkflowException In case of a register interaction error */ - public MergedRegisterSearchResult searchWithMds(SimpleEidasData eidasData) { - List resultsZmr = - zmrClient.searchWithMds(eidasData.getGivenName(), eidasData.getFamilyName(), eidasData.getDateOfBirth()); - List resultsErnp = - ernpClient.searchWithMds(eidasData.getGivenName(), eidasData.getFamilyName(), eidasData.getDateOfBirth()); - return new MergedRegisterSearchResult(resultsZmr, resultsErnp); + @Nonnull + public RegisterSearchResult searchWithMds(RegisterOperationStatus operationStatus, SimpleEidasData eidasData) + throws WorkflowException { + try { + final ZmrRegisterResult resultsZmr = + zmrClient.searchWithMds(operationStatus.getZmrProcessId(), eidasData.getGivenName(), + eidasData.getFamilyName(), eidasData.getDateOfBirth(), eidasData.getCitizenCountryCode()); + + final List resultsErnp = + ernpClient.searchWithMds(eidasData.getGivenName(), eidasData.getFamilyName(), eidasData + .getDateOfBirth()); + + return new RegisterSearchResult(new RegisterOperationStatus(resultsZmr.getProcessId()), + resultsZmr.getPersonResult(), resultsErnp); + + } catch (final EidasSAuthenticationException e) { + throw new WorkflowException("searchWithMDSOnly", e.getMessage(), + !(e instanceof ZmrCommunicationException), e); + + } } /** - * Search with Person Identifier (eIDAS Pseudonym) in ZMR and ERnP. + * Search with country-specific parameters based on information from available + * {@link CountrySpecificDetailSearchProcessor} implementations. + * + * @param operationStatus Current register-operation status that contains processing informations + * @param eidasData Receive eIDAS eID information + * @return Results from ZMR or ERnP search + * @throws WorkflowException In case of a register interaction error */ - public MergedRegisterSearchResult searchWithPersonIdentifier(SimpleEidasData eidasData) { - List resultsZmr = zmrClient.searchWithPersonIdentifier(eidasData.getPseudonym()); - List resultsErnp = ernpClient.searchWithPersonIdentifier(eidasData.getPseudonym()); - return new MergedRegisterSearchResult(resultsZmr, resultsErnp); + @Nonnull + public RegisterSearchResult searchWithCountrySpecifics(RegisterOperationStatus operationStatus, + SimpleEidasData eidasData) throws WorkflowException { + try { + @Nullable + final CountrySpecificDetailSearchProcessor ccSpecificProcessor = findSpecificProcessor(eidasData); + if (ccSpecificProcessor != null) { + log.debug("Selecting country-specific search processor: {}", ccSpecificProcessor.getName()); + final ZmrRegisterResult resultsZmr = + zmrClient.searchCountrySpecific(operationStatus.getZmrProcessId(), + ccSpecificProcessor.generateSearchRequest(eidasData), + eidasData.getCitizenCountryCode()); + + // TODO: add search procesfor for ERnP searching + return new RegisterSearchResult(operationStatus, resultsZmr.getPersonResult(), Collections.emptyList()); + + } else { + return new RegisterSearchResult(operationStatus, Collections.emptyList(), Collections.emptyList()); + + } + + } catch (final EidasSAuthenticationException e) { + throw new WorkflowException("searchWithCountrySpecifics", e.getMessage(), + !(e instanceof ZmrCommunicationException), e); + + } } /** - * Search with Tax Number in ZMR and ERnP. + * Search with BPK-ZP in BMR and ERnP. */ - public MergedRegisterSearchResult searchItSpecific(SimpleEidasData eidasData) { - List resultsZmr = zmrClient.searchItSpecific(eidasData.getTaxNumber()); - List resultsErnb = ernpClient.searchItSpecific(eidasData.getTaxNumber()); - return new MergedRegisterSearchResult(resultsZmr, resultsErnb); + public RegisterSearchResult searchWithBpkZp(RegisterOperationStatus operationStatus, String bpkZp) { + final ZmrRegisterResult resultsZmr = zmrClient.searchWithBpkZp( + operationStatus.getZmrProcessId(), bpkZp); + final List resultsErnp = ernpClient.searchWithBpkZp(bpkZp); + return new RegisterSearchResult(operationStatus, resultsZmr.getPersonResult(), resultsErnp); + } /** - * Search with Given Name, Family Name, Date of Birth, Place of Birth and Birth Name in ZMR and ERnP. + * Search with residence infos. + * + * @param operationStatus Current register-operation status that contains processing informations + * @param zipcode Provided Zipcode + * @param city Provided City + * @param street Provided street + * @return Results from ZMR or ERnP search */ - public MergedRegisterSearchResult searchDeSpecific(SimpleEidasData eidasData) { - List resultsZmr = - zmrClient.searchDeSpecific(eidasData.getGivenName(), eidasData.getFamilyName(), eidasData.getDateOfBirth(), - eidasData.getPlaceOfBirth(), eidasData.getBirthName()); - List resultsErnb = - ernpClient.searchDeSpecific(eidasData.getGivenName(), eidasData.getFamilyName(), eidasData.getDateOfBirth(), - eidasData.getPlaceOfBirth(), eidasData.getBirthName()); - return new MergedRegisterSearchResult(resultsZmr, resultsErnb); + public RegisterSearchResult searchWithResidence(RegisterOperationStatus operationStatus, SimpleEidasData eidasData, + String zipcode, String city, String street) { + final ZmrRegisterResult resultsZmr = zmrClient.searchWithResidenceData( + operationStatus.getZmrProcessId(), eidasData.getGivenName(), eidasData.getFamilyName(), + eidasData.getDateOfBirth(), zipcode, city, street); + return new RegisterSearchResult(operationStatus, resultsZmr.getPersonResult(), Collections.emptyList()); + } /** - * Search with BPK-ZP in BMR and ERnP. + * Automatic process to fix the register entries. + * + * @param specificSearchResult Result of last register search + * @param eidasData Received eidas data + */ + public void step7aKittProcess(RegisterSearchResult specificSearchResult, + SimpleEidasData eidasData) throws WorkflowException { + log.trace("Starting step7aKittProcess"); + // TODO verify with which data this method gets called + if (specificSearchResult.getResultCount() != 1) { + throw new WorkflowException("step7aKittProcess", "getResultCount() != 1"); + + } + + if (specificSearchResult.getResultsZmr().size() == 1) { + zmrClient.update(specificSearchResult.getOperationStatus().getZmrProcessId(), + + specificSearchResult.getResultsZmr().get(0), eidasData); + } + + if (specificSearchResult.getResultsErnp().size() == 1) { + ernpClient.update(specificSearchResult.getResultsErnp().get(0), eidasData); + + } + + } + + @Nullable + private CountrySpecificDetailSearchProcessor findSpecificProcessor(SimpleEidasData eidasData) { + final String citizenCountry = eidasData.getCitizenCountryCode(); + for (final CountrySpecificDetailSearchProcessor processor : handlers) { + if (processor.canHandle(citizenCountry, eidasData)) { + log.debug("Found suitable search handler for {} by using: {}", citizenCountry, processor.getName()); + return processor; + } + } + return null; + } + + /** + * Register releated information that are needed for any request. + * + * @author tlenz + * */ - public MergedRegisterSearchResult searchWithBpkZp(String bpkZp) { - List resultsZmr = zmrClient.searchWithBpkZp(bpkZp); - List resultsErnp = ernpClient.searchWithBpkZp(bpkZp); - return new MergedRegisterSearchResult(resultsZmr, resultsErnp); + @AllArgsConstructor + @Getter + public static class RegisterOperationStatus { + + /** + * ZMR internal processId that is required for any further request in the same process. + */ + private BigInteger zmrProcessId; + + } + + /** + * Response container for {@link RegisterSearchService}. + * + * @author tlenz + * + */ + @Getter + @RequiredArgsConstructor + public static class RegisterSearchResult { + + /** + * Mark the register result finished. + */ + @Setter + private boolean matchingFinished = false; + + /** + * Operation status for this result. + */ + private final RegisterOperationStatus operationStatus; + + /** + * Current ZMR search result. + */ + private final List resultsZmr; + + /** + * Current ERnP search result. + */ + private final List resultsErnp; + + + /** + * Get sum of ZMR and ERnP results. + * + * @return number of results + */ + public int getResultCount() { + return resultsZmr.size() + resultsErnp.size(); + } + + /** + * Verifies that there is only one match and returns the bpk. + * + * @return bpk bpk of the match + * @throws WorkflowException if multiple results have been found or matching is not marked as finished + */ + public String getBpk() throws WorkflowException { + if (getResultCount() != 1 || !matchingFinished) { + throw new WorkflowException("readRegisterResults", + matchingFinished ? "getResultCount() != 1" : "matching prozess not finished yet"); + + } + return getResult().getBpk(); + } - public MergedRegisterSearchResult searchWithResidence(String zipcode, String city, String street) { - List resultsZmr = zmrClient.searchWithResidenceData(zipcode, city, street); - return new MergedRegisterSearchResult(resultsZmr, Collections.emptyList()); + /** + * Returns the results, if there is exactly one, throws exception otherwise. + * + * @return The result + * @throws WorkflowException Results does not contain exactly one result + */ + public RegisterResult getResult() throws WorkflowException { + if (getResultCount() != 1) { + throw new WorkflowException("readRegisterResults", "getResultCount() != 1"); + } + if (resultsZmr.size() == 1) { + return resultsZmr.get(0); + + } else { + return resultsErnp.get(0); + + } + } + } + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java deleted file mode 100644 index 2d612f0c..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java +++ /dev/null @@ -1,601 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.modules.auth.eidas.v2.szr; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.net.URL; -import java.nio.charset.StandardCharsets; -import java.security.KeyManagementException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; -import java.security.UnrecoverableKeyException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import javax.annotation.PostConstruct; -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; -import javax.xml.XMLConstants; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.Marshaller; -import javax.xml.namespace.QName; -import javax.xml.transform.Source; -import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.stream.StreamResult; -import javax.xml.transform.stream.StreamSource; -import javax.xml.ws.BindingProvider; -import javax.xml.ws.Dispatch; -import javax.xml.ws.handler.Handler; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.gv.e_government.reference.namespace.persondata._20020228.AlternativeNameType; -import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; -import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; -import org.apache.commons.lang3.StringUtils; -import org.apache.cxf.configuration.jsse.TLSClientParameters; -import org.apache.cxf.endpoint.Client; -import org.apache.cxf.frontend.ClientProxy; -import org.apache.cxf.jaxws.DispatchImpl; -import org.apache.cxf.transport.http.HTTPConduit; -import org.apache.cxf.transports.http.configuration.HTTPClientPolicy; -import org.apache.xpath.XPathAPI; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; -import org.w3c.dom.Document; -import org.w3c.dom.Element; - -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.LoggingHandler; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.data.XmlNamespaceConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.impl.utils.DomUtils; -import at.gv.egiz.eaaf.core.impl.utils.FileUtils; -import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; -import szrservices.GetBPK; -import szrservices.GetBPKResponse; -import szrservices.GetIdentityLinkEidas; -import szrservices.GetIdentityLinkEidasResponse; -import szrservices.IdentityLinkType; -import szrservices.JwsHeaderParam; -import szrservices.ObjectFactory; -import szrservices.PersonInfoType; -import szrservices.SZR; -import szrservices.SZRException_Exception; -import szrservices.SignContent; -import szrservices.SignContentEntry; -import szrservices.SignContentResponseType; -import szrservices.TravelDocumentType; - - -@Service("SZRClientForeIDAS") -public class SzrClient { - private static final Logger log = LoggerFactory.getLogger(SzrClient.class); - - private static final String CLIENT_DEFAULT = "DefaultClient"; - private static final String CLIENT_RAW = "RawClient"; - - private static final String ATTR_NAME_VSZ = "urn:eidgvat:attributes.vsz.value"; - private static final String ATTR_NAME_PUBKEYS = "urn:eidgvat:attributes.user.pubkeys"; - private static final String ATTR_NAME_STATUS = "urn:eidgvat:attributes.eid.status"; - private static final String KEY_BC_BIND = "bcBindReq"; - private static final String JOSE_HEADER_USERCERTPINNING_TYPE = "urn:at.gv.eid:bindtype"; - private static final String JOSE_HEADER_USERCERTPINNING_EIDASBIND = "urn:at.gv.eid:eidasBind"; - public static final String ATTR_NAME_MDS = "urn:eidgvat:mds"; - - @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection") - @Autowired - private IConfiguration basicConfig; - - // client for anything, without identitylink - private SZR szr = null; - - // RAW client is needed for identitylink - private Dispatch dispatch = null; - - final ObjectMapper mapper = new ObjectMapper(); - - /** - * Get IdentityLink of a person. - * - * - * @param eidData minimum dataset of person - * @return IdentityLink - * @throws SzrCommunicationException In case of a SZR error - */ - public IdentityLinkType getIdentityLinkInRawMode(SimpleEidasData eidData) - throws SzrCommunicationException { - try { - final GetIdentityLinkEidas getIdl = new GetIdentityLinkEidas(); - getIdl.setPersonInfo(generateSzrRequest(eidData)); - - final JAXBContext jaxbContext = JAXBContext.newInstance(ObjectFactory.class); - final Marshaller jaxbMarshaller = jaxbContext.createMarshaller(); - - final ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); - jaxbMarshaller.marshal(getIdl, outputStream); - outputStream.flush(); - - final Source source = new StreamSource(new ByteArrayInputStream(outputStream.toByteArray())); - outputStream.close(); - - log.trace("Requesting SZR ... "); - final Source response = dispatch.invoke(source); - log.trace("Receive RAW response from SZR"); - - final byte[] szrResponse = sourceToByteArray(response); - final GetIdentityLinkEidasResponse jaxbElement = (GetIdentityLinkEidasResponse) jaxbContext - .createUnmarshaller().unmarshal(new ByteArrayInputStream(szrResponse)); - - // build response - log.trace(new String(szrResponse, StandardCharsets.UTF_8)); - - // ok, we have success - final Document doc = DomUtils.parseDocument( - new ByteArrayInputStream(szrResponse), - true, - XmlNamespaceConstants.ALL_SCHEMA_LOCATIONS + " " + Constants.SZR_SCHEMA_LOCATIONS, - null, null); - final String xpathExpression = "//saml:Assertion"; - final Element nsNode = doc.createElementNS("urn:oasis:names:tc:SAML:1.0:assertion", "saml:NSNode"); - - log.trace("Selecting signed doc " + xpathExpression); - final Element documentNode = (Element) XPathAPI.selectSingleNode(doc, - xpathExpression, nsNode); - log.trace("Signed document: " + DomUtils.serializeNode(documentNode)); - - final IdentityLinkType idl = new IdentityLinkType(); - idl.setAssertion(documentNode); - idl.setPersonInfo(jaxbElement.getGetIdentityLinkReturn().getPersonInfo()); - - return idl; - - } catch (final Exception e) { - log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); - throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); - - } - - } - - /** - * Get bPK of person. - * - * - * @param eidData Minimum dataset of person - * @param target requested bPK target - * @param vkz Verfahrenskennzeichen - * @return bPK for this person - * @throws SzrCommunicationException In case of a SZR error - */ - public List getBpk(SimpleEidasData eidData, String target, String vkz) - throws SzrCommunicationException { - try { - final GetBPK parameters = new GetBPK(); - parameters.setPersonInfo(generateSzrRequest(eidData)); - parameters.getBereichsKennung().add(target); - parameters.setVKZ(vkz); - final GetBPKResponse result = this.szr.getBPK(parameters); - - return result.getGetBPKReturn(); - - } catch (final SZRException_Exception e) { - log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); - throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); - - } - - } - - /** - * Creates a new ERnP entry. - * TODO Is this correct? Ask BMI. - * - * @param eidasData Minimum dataset of person - * @return encrypted baseId - * @throws SzrCommunicationException In case of a SZR error - */ - public String createNewErnpEntry(final SimpleEidasData eidasData) throws SzrCommunicationException { - final String resp; - try { - resp = this.szr.getStammzahlEncrypted(generateSzrRequest(eidasData), true); - } catch (SZRException_Exception e) { - throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); - } - if (StringUtils.isEmpty(resp)) { - throw new SzrCommunicationException("ernb.01", new Object[]{"Stammzahl response empty"}); // TODO error handling - } - return resp; - } - - /** - * Request a encrypted baseId from SZR. - * - * Note: Previously, this method did create a new ERnP entry, if it did not exist. This is - * not the case any more. See {@link #createNewErnpEntry(SimpleEidasData)} for that functionality. - * - * @param eidData Minimum dataset of person - * @return encrypted baseId - * @throws SzrCommunicationException In case of a SZR error - */ - public String getEncryptedStammzahl(final SimpleEidasData eidData) - throws SzrCommunicationException { - final String resp; - try { - resp = this.szr.getStammzahlEncrypted(generateSzrRequest(eidData), false); - } catch (SZRException_Exception e) { - throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); - } - - if (StringUtils.isEmpty(resp)) { - throw new SzrCommunicationException("ernb.01", new Object[]{"Stammzahl response empty"}); // TODO error handling - } - - return resp; - - } - - /** - * Sign an eidasBind data-structure that combines vsz with user's pubKey and E-ID status. - * - * @param vsz encrypted baseId - * @param bindingPubKey binding PublicKey as PKCS1# (ASN.1) container - * @param eidStatus Status of the E-ID - * @param eidData eID information that was used for ERnP registration - * @return bPK for this person - * @throws SzrCommunicationException In case of a SZR error - */ - public String getEidasBind(final String vsz, final String bindingPubKey, final String eidStatus, - SimpleEidasData eidData)throws SzrCommunicationException { - - final Map eidsaBindMap = new HashMap<>(); - eidsaBindMap.put(ATTR_NAME_VSZ, vsz); - eidsaBindMap.put(ATTR_NAME_STATUS, eidStatus); - eidsaBindMap.put(ATTR_NAME_PUBKEYS, Collections.singletonList(bindingPubKey)); - eidsaBindMap.put(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, eidData.getCitizenCountryCode()); - injectMdsIfAvailableAndActive(eidsaBindMap, eidData); - - try { - final String serializedEidasBind = mapper.writeValueAsString(eidsaBindMap); - final SignContent req = new SignContent(); - final SignContentEntry eidasBindInfo = new SignContentEntry(); - eidasBindInfo.setKey(KEY_BC_BIND); - eidasBindInfo.setValue(serializedEidasBind); - req.getIn().add(eidasBindInfo); - req.setAppendCert(false); - final JwsHeaderParam eidasBindJoseHeader = new JwsHeaderParam(); - eidasBindJoseHeader.setKey(JOSE_HEADER_USERCERTPINNING_TYPE); - eidasBindJoseHeader.setValue(JOSE_HEADER_USERCERTPINNING_EIDASBIND); - req.getJWSHeaderParam().add(eidasBindJoseHeader); - - log.trace("Requesting SZR to sign bcBind datastructure ... "); - final SignContentResponseType resp = szr.signContent(req.isAppendCert(), req.getJWSHeaderParam(), req.getIn()); - log.trace("Receive SZR response on bcBind siging operation "); - - if (resp == null || resp.getOut() == null - || resp.getOut().isEmpty() - || StringUtils.isEmpty(resp.getOut().get(0).getValue())) { - throw new SzrCommunicationException("ernb.01", new Object[]{"BcBind response empty"}); - } - - return resp.getOut().get(0).getValue(); - - } catch (final JsonProcessingException | SZRException_Exception e) { - log.warn("Requesting bcBind by using SZR FAILED.", e); - throw new SzrCommunicationException("ernb.02", - new Object[]{e.getMessage()}, e); - } - } - - private PersonInfoType generateSzrRequest(SimpleEidasData eidData) { - log.debug("Starting connecting SZR Gateway"); - final PersonInfoType personInfo = new PersonInfoType(); - final PersonNameType personName = new PersonNameType(); - final PhysicalPersonType naturalPerson = new PhysicalPersonType(); - final TravelDocumentType eDocument = new TravelDocumentType(); - - naturalPerson.setName(personName); - personInfo.setPerson(naturalPerson); - personInfo.setTravelDocument(eDocument); - - // person information - personName.setFamilyName(eidData.getFamilyName()); - personName.setGivenName(eidData.getGivenName()); - naturalPerson.setDateOfBirth(eidData.getDateOfBirth()); - eDocument.setIssuingCountry(eidData.getCitizenCountryCode()); - eDocument.setDocumentNumber(eidData.getPseudonym()); - - // eID document information - String documentType = basicConfig - .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, - Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE); - eDocument.setDocumentType(documentType); - - // set PlaceOfBirth if available - if (eidData.getPlaceOfBirth() != null) { - log.trace("Find 'PlaceOfBirth' attribute: " + eidData.getPlaceOfBirth()); - boolean setPlaceOfBirth = basicConfig - .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE, true); - if (setPlaceOfBirth) { - naturalPerson.setPlaceOfBirth(eidData.getPlaceOfBirth()); - log.trace("Adding 'PlaceOfBirth' to ERnB request ... "); - } - } - - // set BirthName if available - if (eidData.getBirthName() != null) { - log.trace("Find 'BirthName' attribute: " + eidData.getBirthName()); - boolean setBirthName = basicConfig - .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE, true); - if (setBirthName) { - final AlternativeNameType alternativeName = new AlternativeNameType(); - naturalPerson.setAlternativeName(alternativeName); - alternativeName.setFamilyName(eidData.getBirthName()); - log.trace("Adding 'BirthName' to ERnB request ... "); - } - } - - return personInfo; - } - - @PostConstruct - private void initialize() { - log.info("Starting SZR-Client initialization .... "); - final URL url = SzrClient.class.getResource("/szr_client/SZR_v4.0.wsdl"); - - final boolean useTestSzr = basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE, - true); - - SzrService szrService; - QName qname; - String szrUrl; - if (useTestSzr) { - log.debug("Initializing SZR test environment configuration."); - qname = SzrService.SZRTestumgebung; - szrService = new SzrService(url, new QName("urn:SZRServices", "SZRService")); - szr = szrService.getSzrTestumgebung(); - szrUrl = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_TEST); - - } else { - log.debug("Initializing SZR productive configuration."); - qname = SzrService.SZRProduktionsumgebung; - szrService = new SzrService(url, new QName("urn:SZRServices", "SZRService")); - szr = szrService.getSzrProduktionsumgebung(); - szrUrl = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_PROD); - - } - - // create raw client; - dispatch = szrService.createDispatch(qname, Source.class, javax.xml.ws.Service.Mode.PAYLOAD); - - if (StringUtils.isEmpty(szrUrl)) { - log.error("No SZR service-URL found. SZR-Client initalisiation failed."); - throw new RuntimeException("No SZR service URL found. SZR-Client initalisiation failed."); - - } - - // check if Clients can be initialized - if (szr == null) { - log.error("SZR " + CLIENT_DEFAULT + " is 'NULL'. Something goes wrong"); - throw new RuntimeException("SZR " + CLIENT_DEFAULT + " is 'NULL'. Something goes wrong"); - - } - if (dispatch == null) { - log.error("SZR " + CLIENT_RAW + " is 'NULL'. Something goes wrong"); - throw new RuntimeException("SZR " + CLIENT_RAW + " is 'NULL'. Something goes wrong"); - - } - - // inject handler - log.info("Use SZR service-URL: " + szrUrl); - injectBindingProvider((BindingProvider) szr, CLIENT_DEFAULT, szrUrl); - injectBindingProvider(dispatch, CLIENT_RAW, szrUrl); - - // inject http parameters and SSL context - log.debug("Inject HTTP client settings ... "); - injectHttpClient(szr, CLIENT_DEFAULT, szrUrl); - injectHttpClient(dispatch, CLIENT_RAW, szrUrl); - - log.info("SZR-Client initialization successfull"); - } - - private void injectHttpClient(Object raw, String clientType, String szrUrl) { - // extract client from implementation - Client client; - if (raw instanceof DispatchImpl) { - client = ((DispatchImpl) raw).getClient(); - } else if (raw instanceof Client) { - client = ClientProxy.getClient(raw); - } else { - throw new RuntimeException("SOAP Client for SZR connection is of UNSUPPORTED type: " + raw.getClass() - .getName()); - } - - // set basic connection policies - final HTTPConduit http = (HTTPConduit) client.getConduit(); - - // set timeout policy - final HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); - String connectionTimeout = basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION, Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION); - httpClientPolicy.setConnectionTimeout(Integer.parseInt(connectionTimeout) * 1000L); - String responseTimeout = basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE, Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE); - httpClientPolicy.setReceiveTimeout(Integer.parseInt(responseTimeout) * 1000L); - http.setClient(httpClientPolicy); - - // inject SSL context in case of https - if (szrUrl.toLowerCase().startsWith("https")) { - log.debug("Adding SSLContext to client: " + clientType + " ... "); - final TLSClientParameters tlsParams = new TLSClientParameters(); - tlsParams.setSSLSocketFactory(createSslContext(clientType).getSocketFactory()); - http.setTlsClientParameters(tlsParams); - log.info("SSLContext initialized for client: " + clientType); - - } - - } - - private void injectBindingProvider(BindingProvider bindingProvider, String clientType, String szrUrl) { - final Map requestContext = bindingProvider.getRequestContext(); - requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, szrUrl); - - log.trace("Adding JAX-WS request/response trace handler to client: " + clientType); - List handlerList = bindingProvider.getBinding().getHandlerChain(); - if (handlerList == null) { - handlerList = new ArrayList<>(); - bindingProvider.getBinding().setHandlerChain(handlerList); - - } - - // add logging handler to trace messages if required - if (basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_TRACEMESSAGES, - false)) { - final LoggingHandler loggingHandler = new LoggingHandler(); - handlerList.add(loggingHandler); - - } - bindingProvider.getBinding().setHandlerChain(handlerList); - } - - private SSLContext createSslContext(String clientType) { - try { - final SSLContext context = SSLContext.getInstance("TLS"); - - // initialize key-mangager for SSL client-authentication - KeyManager[] keyManager = null; - final String keyStorePath = basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PATH); - final String keyStorePassword = basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PASSWORD); - if (StringUtils.isNotEmpty(keyStorePath)) { - log.trace("Find keyStore path: " + keyStorePath + " Injecting SSL client certificate ... "); - try { - final KeyStore keyStore = KeyStoreUtils.loadKeyStore( - FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig.getConfigurationRootDirectory()), - keyStorePassword); - - final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - kmf.init(keyStore, keyStorePassword.toCharArray()); - keyManager = kmf.getKeyManagers(); - log.debug("SSL client certificate injected to client: " + clientType); - - } catch (KeyStoreException | IOException | UnrecoverableKeyException e) { - log.error("Can NOT load SSL client certificate from path: " + keyStorePath); - throw new RuntimeException("Can NOT load SSL client certificate from path: " + keyStorePath, e); - - } - } else { - log.debug( - "No KeyStore for SSL Client Auth. found. Initializing SSLContext without authentication ... "); - - } - - // initialize SSL TrustStore - TrustManager[] trustManager = null; - final String trustStorePath = basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PATH); - final String trustStorePassword = basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PASSWORD); - if (StringUtils.isNotEmpty(trustStorePath)) { - log.trace("Find trustStore path: " + trustStorePath + " Injecting SSL TrustStore ... "); - try { - final KeyStore trustStore = KeyStoreUtils.loadKeyStore( - FileUtils.makeAbsoluteUrl(trustStorePath, basicConfig.getConfigurationRootDirectory()), - trustStorePassword); - - final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); - tmf.init(trustStore); - trustManager = tmf.getTrustManagers(); - log.debug("SSL TrustStore injected to client: " + clientType); - - } catch (KeyStoreException | IOException e) { - log.error("Can NOT open SSL TrustStore from path: " + trustStorePath); - throw new RuntimeException("Can NOT open SSL TrustStore from path: " + trustStorePath, e); - - } - - } else { - log.debug("No custom SSL TrustStore found. Initializing SSLContext with JVM default truststore ... "); - - } - - context.init(keyManager, trustManager, new SecureRandom()); - return context; - - } catch (NoSuchAlgorithmException | KeyManagementException e) { - log.error("SSLContext initialization FAILED.", e); - throw new RuntimeException("SSLContext initialization FAILED.", e); - - } - - } - - private void injectMdsIfAvailableAndActive(Map eidsaBindMap, SimpleEidasData eidData) { - if (basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SET_MDS_TO_EIDASBIND, false)) { - log.info("Injecting MDS into eidasBind ... "); - final Map mds = new HashMap<>(); - mds.put(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, eidData.getFamilyName()); - mds.put(PvpAttributeDefinitions.GIVEN_NAME_NAME, eidData.getGivenName()); - mds.put(PvpAttributeDefinitions.BIRTHDATE_NAME, eidData.getDateOfBirth()); - eidsaBindMap.put(ATTR_NAME_MDS, mds); - - } - } - - private byte[] sourceToByteArray(Source result) throws TransformerException { - final TransformerFactory factory = TransformerFactory.newInstance(); - factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - final Transformer transformer = factory.newTransformer(); - transformer.setOutputProperty("omit-xml-declaration", "yes"); - transformer.setOutputProperty("method", "xml"); - final ByteArrayOutputStream out = new ByteArrayOutputStream(); - final StreamResult streamResult = new StreamResult(); - streamResult.setOutputStream(out); - transformer.transform(result, streamResult); - return out.toByteArray(); - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrService.java deleted file mode 100644 index dde868b1..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrService.java +++ /dev/null @@ -1,164 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.modules.auth.eidas.v2.szr; - -import java.net.URL; - -import javax.xml.namespace.QName; -import javax.xml.ws.Service; -import javax.xml.ws.WebEndpoint; -import javax.xml.ws.WebServiceClient; -import javax.xml.ws.WebServiceFeature; - -import szrservices.SZR; - -/** - * This class was generated by Apache CXF 3.1.16 2018-07-10T09:36:01.466+02:00 - * Generated source version: 3.1.16 - * - */ -@WebServiceClient(name = "SZRService", - wsdlLocation = "./src/main/resources/szr_client/SZR-1.WSDL", - targetNamespace = "urn:SZRServices") -public class SzrService extends Service { - - public static final URL WSDL_LOCATION; - - public static final QName SERVICE = new QName("urn:SZRServices", "SZRService"); - public static final QName SZRProduktionsumgebung = new QName("urn:SZRServices", "SZRProduktionsumgebung"); - public static final QName SZRTestumgebung = new QName("urn:SZRServices", "SZRTestumgebung"); - public static final QName SZRBusinesspartnerTestumgebung = new QName("urn:SZRServices", - "SZRBusinesspartnerTestumgebung"); - - static { - URL url = SzrService.class.getResource("./src/main/resources/szr_client/SZR-1.WSDL"); - if (url == null) { - url = SzrService.class.getClassLoader().getResource("/szr_client/SZR-1.WSDL"); - } - if (url == null) { - java.util.logging.Logger.getLogger(SzrService.class.getName()) - .log(java.util.logging.Level.INFO, - "Can not initialize the default wsdl from {0}", "/szr_client/SZR-1.WSDL"); - } - WSDL_LOCATION = url; - - } - - public SzrService(URL wsdlLocation) { - super(wsdlLocation, SERVICE); - } - - public SzrService(URL wsdlLocation, QName serviceName) { - super(wsdlLocation, serviceName); - } - - public SzrService() { - super(WSDL_LOCATION, SERVICE); - } - - public SzrService(WebServiceFeature... features) { - super(WSDL_LOCATION, SERVICE, features); - } - - public SzrService(URL wsdlLocation, WebServiceFeature... features) { - super(wsdlLocation, SERVICE, features); - } - - public SzrService(URL wsdlLocation, QName serviceName, WebServiceFeature... features) { - super(wsdlLocation, serviceName, features); - } - - /** - * Get SZR Web-Service. - * - * @return returns SZR - */ - @WebEndpoint(name = "SZRProduktionsumgebung") - public SZR getSzrProduktionsumgebung() { - return super.getPort(SZRProduktionsumgebung, SZR.class); - } - - /** - * Get SZR Web-Service. - * - * @param features A list of {@link javax.xml.ws.WebServiceFeature} to configure - * on the proxy. Supported features not in the - * features parameter will have their default - * values. - * @return returns SZR - */ - @WebEndpoint(name = "SZRProduktionsumgebung") - public SZR getSzrProduktionsumgebung(WebServiceFeature... features) { - return super.getPort(SZRProduktionsumgebung, SZR.class, features); - } - - /** - *Get SZR Web-Service. - * - * @return returns SZR - */ - @WebEndpoint(name = "SZRTestumgebung") - public SZR getSzrTestumgebung() { - return super.getPort(SZRTestumgebung, SZR.class); - } - - /** - * Get SZR Web-Service. - * - * @param features A list of {@link javax.xml.ws.WebServiceFeature} to configure - * on the proxy. Supported features not in the - * features parameter will have their default - * values. - * @return returns SZR - */ - @WebEndpoint(name = "SZRTestumgebung") - public SZR getSzrTestumgebung(WebServiceFeature... features) { - return super.getPort(SZRTestumgebung, SZR.class, features); - } - - /** - * Get SZR Web-Service. - * - * @return returns SZR - */ - @WebEndpoint(name = "SZRBusinesspartnerTestumgebung") - public SZR getSzrBusinesspartnerTestumgebung() { - return super.getPort(SZRBusinesspartnerTestumgebung, SZR.class); - } - - /** - * Get SZR Web-Service. - * - * @param features A list of {@link javax.xml.ws.WebServiceFeature} to configure - * on the proxy. Supported features not in the - * features parameter will have their default - * values. - * @return returns SZR - */ - @WebEndpoint(name = "SZRBusinesspartnerTestumgebung") - public SZR getSzrBusinesspartnerTestumgebung(WebServiceFeature... features) { - return super.getPort(SZRBusinesspartnerTestumgebung, SZR.class, features); - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index 97769cc2..41bf4409 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -23,15 +23,40 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import java.io.IOException; +import java.io.InputStream; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.parsers.ParserConfigurationException; + +import org.apache.commons.lang3.StringUtils; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; +import org.joda.time.DateTime; +import org.jose4j.lang.JoseException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.xml.sax.SAXException; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSet; + import at.asitplus.eidas.specific.connector.MsConnectorEventCodes; import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.AuthBlockSigningService; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; @@ -48,36 +73,14 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.DomUtils; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.google.common.collect.ImmutableMap; -import com.google.common.collect.ImmutableSet; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.AttributeValue; import eu.eidas.auth.commons.light.ILightResponse; import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; import lombok.Data; import lombok.extern.slf4j.Slf4j; -import org.apache.commons.lang3.StringUtils; -import org.jetbrains.annotations.NotNull; -import org.jetbrains.annotations.Nullable; -import org.joda.time.DateTime; -import org.jose4j.lang.JoseException; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.xml.sax.SAXException; import szrservices.IdentityLinkType; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.parsers.ParserConfigurationException; -import java.io.IOException; -import java.io.InputStream; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - /** * Task that creates the IdentityLink for an eIDAS authenticated person. * Input: @@ -127,10 +130,14 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { + + /*TODO: needs refactoring because we has to be operate on national identifiers + * because matching and insert ERnP was already done!! + */ final ILightResponse eidasResponse = getAuthProcessDataWrapper() .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); final Map eidasAttributes = convertEidasAttrToSimpleMap( - eidasResponse.getAttributes().getAttributeMap()); + eidasResponse.getAttributes().getAttributeMap()); final SimpleEidasData eidData = eidPostProcessor.postProcess(eidasAttributes); //final SimpleEidasData eidData = // getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class); @@ -192,7 +199,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { private void executeEidMode(SimpleEidasData eidData, String personalIdentifier) throws JsonProcessingException, EaafException, JoseException { - // get encrypted baseId + // get encrypted baseId String vsz = szrClient.getEncryptedStammzahl(eidData); //write revision-Log entry and extended infos personal-identifier mapping diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java index 025f3475..69b127d8 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java @@ -23,18 +23,19 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Component; + import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import lombok.extern.slf4j.Slf4j; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; /** * Task that searches ERnP and ZMR before adding person to SZR. @@ -69,9 +70,11 @@ public class CreateNewErnpEntryTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { - SimpleEidasData simpleEidasData = getInitialEidasData(); + SimpleEidasData simpleEidasData = MatchingTaskUtils.getInitialEidasData(pendingReq); + // TODO When to do eidPostProcessor.postProcess on the eidas attributes? String vsz = szrClient.createNewErnpEntry(simpleEidasData); + // TODO what to do with the VSZ now log.info("VSZ: {}", vsz); } catch (final Exception e) { @@ -80,12 +83,4 @@ public class CreateNewErnpEntryTask extends AbstractAuthServletTask { } } - private SimpleEidasData getInitialEidasData() { - return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class); - } - - private AuthProcessDataWrapper getAuthProcessDataWrapper() { - return pendingReq.getSessionData(AuthProcessDataWrapper.class); - } - } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index a6e0bca8..1563d6df 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -23,43 +23,44 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK; +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK; + +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.jetbrains.annotations.NotNull; +import org.joda.time.DateTime; +import org.springframework.stereotype.Component; + +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSet; + import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificDetailSearchProcessor; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterOperationStatus; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import com.google.common.collect.ImmutableMap; -import com.google.common.collect.ImmutableSet; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.AttributeValue; import eu.eidas.auth.commons.light.ILightResponse; import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; import lombok.extern.slf4j.Slf4j; -import org.apache.commons.lang3.StringUtils; -import org.jetbrains.annotations.NotNull; -import org.jetbrains.annotations.Nullable; -import org.joda.time.DateTime; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK; /** * Task that searches registers (ERnP and ZMR) before adding person to SZR. @@ -91,23 +92,19 @@ import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSIT @SuppressWarnings("PMD.TooManyStaticImports") public class InitialSearchTask extends AbstractAuthServletTask { - private final List handlers; private final RegisterSearchService registerSearchService; private final ICcSpecificEidProcessingService eidPostProcessor; /** * Constructor. - * @param handlers List of countrySpecificSearchProcessors * @param registerSearchService Service for register search access * @param eidPostProcessor Country-Specific post processing of attributes */ - public InitialSearchTask(List handlers, - RegisterSearchService registerSearchService, + public InitialSearchTask(RegisterSearchService registerSearchService, ICcSpecificEidProcessingService eidPostProcessor) { this.registerSearchService = registerSearchService; - this.handlers = handlers; this.eidPostProcessor = eidPostProcessor; - log.info("Init with {} country specific detail search services", handlers.size()); + } @Override @@ -115,126 +112,124 @@ public class InitialSearchTask extends AbstractAuthServletTask { throws TaskExecutionException { try { final SimpleEidasData eidasData = convertEidasAttrToSimpleData(); - storeInitialEidasData(eidasData); + MatchingTaskUtils.storeInitialEidasData(pendingReq, eidasData); step2RegisterSearchWithPersonIdentifier(executionContext, eidasData); + + } catch (WorkflowException e) { + throw new TaskExecutionException(pendingReq, "Initial search failed", e); + } catch (final Exception e) { log.error("Initial search failed", e); - throw new TaskExecutionException(pendingReq, "Initial search failed", e); + throw new TaskExecutionException(pendingReq, "Initial search failed with a generic error", e); + } } private void step2RegisterSearchWithPersonIdentifier( - ExecutionContext executionContext, SimpleEidasData eidasData) - throws TaskExecutionException, EaafStorageException, ManualFixNecessaryException { - log.trace("Starting step2RegisterSearchWithPersonIdentifier"); - MergedRegisterSearchResult initialSearchResult = registerSearchService.searchWithPersonIdentifier(eidasData); - storeInitialRegisterResult(initialSearchResult); - int resultCount = initialSearchResult.getResultCount(); - if (resultCount == 0) { - step5CountrySpecificSearchCheck(executionContext, initialSearchResult, eidasData); - } else if (resultCount == 1) { - step3CheckRegisterUpdateNecessary(initialSearchResult, eidasData); - } else { - throw new ManualFixNecessaryException(eidasData); - } - } - - private void step3CheckRegisterUpdateNecessary( - MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidasData) - throws ManualFixNecessaryException { - log.trace("Starting step3CheckRegisterUpdateNecessary"); - try { - if (eidasData.equalsRegisterData(initialSearchResult)) { - storeMatchingBpk(initialSearchResult.getBpk()); + ExecutionContext executionContext, SimpleEidasData eidasData) throws WorkflowException, EaafStorageException { + try { + log.trace("Starting step2RegisterSearchWithPersonIdentifier"); + RegisterSearchResult initialSearchResult = registerSearchService.searchWithPersonIdentifier(eidasData); + int resultCount = initialSearchResult.getResultCount(); + if (resultCount == 0) { + step6CountrySpecificSearch(executionContext, initialSearchResult.getOperationStatus(), eidasData); + + } else if (resultCount == 1) { + // find person by PersonalIdentifier --> finalize first matching task + initialSearchResult.setMatchingFinished(true); + foundMatchFinializeTask(initialSearchResult, eidasData); + } else { - // TODO Update "initialSearchResult" in register with "eidasData" from login not possible for now - log.info("Update in Register"); - storeMatchingBpk(initialSearchResult.getBpk()); + throw new WorkflowException("step2RegisterSearchWithPersonIdentifier", + "More than one entry with unique personal-identifier", true); + } - } catch (WorkflowException | EaafStorageException e) { - throw new ManualFixNecessaryException(eidasData); + + } catch (WorkflowException e) { + //TODO: what we do in case of a workflow error and manual matching are necessary?? + + log.warn("Workflow error during matching step: {}. Reason: {}", e.getProcessStepName(), e.getErrorReason()); + throw e; + } } - - private void step5CountrySpecificSearchCheck( - ExecutionContext executionContext, MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidasData) - throws TaskExecutionException, ManualFixNecessaryException, EaafStorageException { - log.trace("Starting step5CheckAndPerformCountrySpecificSearchIfPossible"); - CountrySpecificDetailSearchProcessor specificHandler = findSpecificProcessor(eidasData); - if (specificHandler != null) { - step6CountrySpecificSearch(executionContext, specificHandler, initialSearchResult, eidasData); + + private void step6CountrySpecificSearch( + ExecutionContext executionContext, RegisterOperationStatus registerOperationStatus, SimpleEidasData eidasData) + throws EaafStorageException, WorkflowException { + + log.trace("Starting 'step6CountrySpecificSearch' ... "); + RegisterSearchResult countrySpecificResult = registerSearchService.searchWithCountrySpecifics( + registerOperationStatus, eidasData); + if (countrySpecificResult.getResultCount() == 0) { + log.trace("'step6CountrySpecificSearch' ends with no result. Forward to next matching step ... "); + step8RegisterSearchWithMds(executionContext, countrySpecificResult.getOperationStatus(), eidasData); + + } else if (countrySpecificResult.getResultCount() == 1) { + log.trace("'step6CountrySpecificSearch' finds a person. Forward to 'step7aKittProcess' step ... "); + registerSearchService.step7aKittProcess(countrySpecificResult, eidasData); + + // find person by country-specific information --> finalize first matching task + countrySpecificResult.setMatchingFinished(true); + foundMatchFinializeTask(countrySpecificResult, eidasData); + } else { - step8RegisterSearchWithMds(executionContext, eidasData); - } + throw new WorkflowException("step6CountrySpecificSearch", + "More than one entry with unique country-specific informations", true); + + } } - @Nullable - private CountrySpecificDetailSearchProcessor findSpecificProcessor(SimpleEidasData eidasData) { - final String citizenCountry = eidasData.getCitizenCountryCode(); - for (final CountrySpecificDetailSearchProcessor processor : handlers) { - if (processor.canHandle(citizenCountry, eidasData)) { - log.debug("Found suitable search handler for {} by using: {}", citizenCountry, processor.getName()); - return processor; - } - } - return null; - } - - private void step6CountrySpecificSearch(ExecutionContext executionContext, - CountrySpecificDetailSearchProcessor processor, - MergedRegisterSearchResult initialSearchResult, - SimpleEidasData eidasData) - throws TaskExecutionException, ManualFixNecessaryException, EaafStorageException { - log.trace("Starting step6CountrySpecificSearch"); - MergedRegisterSearchResult countrySearchResult = processor.search(eidasData); - int resultCount = countrySearchResult.getResultCount(); - if (resultCount == 0) { - step8RegisterSearchWithMds(executionContext, eidasData); - } else if (resultCount == 1) { - String bpk = registerSearchService - .step7aKittProcess(initialSearchResult, countrySearchResult, eidasData, pendingReq); - storeMatchingBpk(bpk); - } else { - throw new ManualFixNecessaryException(eidasData); - } - } - - private void step8RegisterSearchWithMds(ExecutionContext executionContext, SimpleEidasData eidasData) - throws EaafStorageException { + private void step8RegisterSearchWithMds(ExecutionContext executionContext, + RegisterOperationStatus registerOperationStatus, SimpleEidasData eidasData) + throws EaafStorageException, WorkflowException { log.trace("Starting step8RegisterSearchWithMds"); - MergedRegisterSearchResult registerData = registerSearchService.searchWithMds(eidasData); + RegisterSearchResult registerData = registerSearchService.searchWithMds(registerOperationStatus, eidasData); + if (registerData.getResultCount() == 0) { + log.debug("Matching step: 'step8RegisterSearchWithMds' has no result. Forward to create new ERnP entry ... "); executionContext.put(TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK, true); + } else { - storeFurtherRegisterResults(registerData); + log.debug("Matching step: 'step8RegisterSearchWithMds' has #{} results. " + + "Forward to GUI based matching steps ... ", registerData.getResultCount()); + + MatchingTaskUtils.storeInitialRegisterResult(pendingReq, registerData); executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true); + } } - private void storeInitialRegisterResult(MergedRegisterSearchResult registerData) throws EaafStorageException { - getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_INITIAL_REGISTER_RESULT, registerData); - } - - private void storeFurtherRegisterResults(MergedRegisterSearchResult registerData) throws EaafStorageException { - getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_FURTHER_REGISTER_RESULT, registerData); - } - private void storeInitialEidasData(SimpleEidasData eidasData) throws EaafStorageException { - getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidasData); - } - private void storeMatchingBpk(String bpk) throws EaafStorageException { - getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); + private void foundMatchFinializeTask(RegisterSearchResult searchResult, SimpleEidasData eidasData) + throws WorkflowException, EaafStorageException { + // check if register update is required + step3CheckRegisterUpdateNecessary(searchResult, eidasData); + + // store search result + MatchingTaskUtils.storeInitialRegisterResult(pendingReq, searchResult); + } - - private AuthProcessDataWrapper getAuthProcessDataWrapper() { - return pendingReq.getSessionData(AuthProcessDataWrapper.class); + + private void step3CheckRegisterUpdateNecessary(RegisterSearchResult initialSearchResult, + SimpleEidasData eidasData) throws WorkflowException { + log.trace("Starting step3CheckRegisterUpdateNecessary"); + if (!eidasData.equalsRegisterData(initialSearchResult)) { + // TODO Update "initialSearchResult" in register with "eidasData" from login not possible for now + log.info("Skipping update-register-information step, because it's not supported yet"); + + } else { + log.debug("Register information match to eIDAS information. No update requird"); + + } + } - + @NotNull private SimpleEidasData convertEidasAttrToSimpleData() throws EidasAttributeException, EidPostProcessingException { - final ILightResponse eidasResponse = getAuthProcessDataWrapper() + final ILightResponse eidasResponse = MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq) .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); Map simpleMap = convertEidasAttrToSimpleMap(eidasResponse.getAttributes().getAttributeMap()); return eidPostProcessor.postProcess(simpleMap); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java index 3b7f361c..b18104fa 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java @@ -23,29 +23,31 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import java.util.Enumeration; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringEscapeUtils; +import org.jetbrains.annotations.NotNull; +import org.springframework.stereotype.Component; + import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import lombok.AllArgsConstructor; import lombok.Data; import lombok.NoArgsConstructor; import lombok.extern.slf4j.Slf4j; -import org.apache.commons.lang.StringEscapeUtils; -import org.jetbrains.annotations.NotNull; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.util.Enumeration; /** @@ -69,6 +71,7 @@ import java.util.Enumeration; * * @author amarsalek * @author ckollmann + * @author tlenz */ @Slf4j @Component("ReceiveAustrianResidenceGuiResponseTask") @@ -98,72 +101,88 @@ public class ReceiveAustrianResidenceGuiResponseTask extends AbstractAuthServlet public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { log.trace("Starting ReceiveAustrianResidenceGuiResponseTask"); - UserInput input = parseHtmlInput(request); + + UserInput input = parseHtmlInput(request); if (!input.isFormerResidenceAvailable()) { moveToNextTask(executionContext); return; + } + + //TODO: Here, we need an error handling an can not stop full process if form input was invalid + //TODO: check minimum form elements + /*TODO: maybe we can switch to custom controller and use WebMVC form-binding feature. + * Binding element can be add as attribute to this request + */ if (input.getStreet().isEmpty() || input.getCity().isEmpty() || input.getZipcode().isEmpty()) { // HTML form should ensure that mandatory fields are set => this should never happen - throw new TaskExecutionException(pendingReq, "Invalid user input", new InvalidUserInputException()); + throw new TaskExecutionException(pendingReq, "Invalid user input", + new InvalidUserInputException("module.eidasauth.matching.06")); + } - // TODO Also search with MDS? But MDS Search has already happened? + + + try { - SimpleEidasData eidasData = getInitialEidasData(); - MergedRegisterSearchResult residencyResult = registerSearchService - .searchWithResidence(input.zipcode, input.city, input.street); + SimpleEidasData eidasData = MatchingTaskUtils.getInitialEidasData(pendingReq); + RegisterSearchResult initialSearchResult = MatchingTaskUtils.getInitialRegisterResult(pendingReq); + + RegisterSearchResult residencyResult = + registerSearchService.searchWithResidence(initialSearchResult.getOperationStatus(), + eidasData, input.zipcode, input.city, input.street); if (residencyResult.getResultCount() == 0) { + //TODO: her we should add a GUI step of result is zero to inform user an forward process by click moveToNextTask(executionContext); + } else if (residencyResult.getResultCount() == 1) { compareSearchResultWithInitialData(executionContext, residencyResult, eidasData); + } else { + /*TODO: align with form generation task and to better error handling in case of more-than-one result. + * Maybe the user has to provide more information. + */ throw new TaskExecutionException(pendingReq, "Manual Fix necessary", new ManualFixNecessaryException(eidasData)); + } + } catch (EaafStorageException e) { log.error("Search with residency data failed", e); throw new TaskExecutionException(pendingReq, "Search with residency data failed", e); + } } - private void compareSearchResultWithInitialData(ExecutionContext executionContext, - MergedRegisterSearchResult residencyResult, SimpleEidasData eidasData) + private void compareSearchResultWithInitialData(ExecutionContext executionContext, + RegisterSearchResult residencyResult, SimpleEidasData eidasData) throws TaskExecutionException, EaafStorageException { - try { - MergedRegisterSearchResult initialSearchResult = getInitialRegisterResult(); - // TODO search "residencyResult" in "initialSearchResult"!? + try { + /*TODO: check 'equalsRegisterData' because this method maybe this method evaluate to an invalid result. + * See TODO in methods body + */ if (eidasData.equalsRegisterData(residencyResult)) { - String bpk = registerSearchService - .step7aKittProcess(initialSearchResult, residencyResult, eidasData, pendingReq); - storeMatchingBpk(bpk); + // update register information + registerSearchService.step7aKittProcess(residencyResult, eidasData); + + // store search result to re-used in CreateIdentityLink step, because there we need bPK and MDS + residencyResult.setMatchingFinished(true); + MatchingTaskUtils.storeInitialRegisterResult(pendingReq, residencyResult); + } else { moveToNextTask(executionContext); + } + } catch (WorkflowException e) { throw new TaskExecutionException(pendingReq, "Search failed", new ManualFixNecessaryException(eidasData)); + } } - private SimpleEidasData getInitialEidasData() { - return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class); - } - - private MergedRegisterSearchResult getInitialRegisterResult() { - return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT, - MergedRegisterSearchResult.class); - } - - private void storeMatchingBpk(String bpk) throws EaafStorageException { - getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); - } - - private AuthProcessDataWrapper getAuthProcessDataWrapper() { - return pendingReq.getSessionData(AuthProcessDataWrapper.class); - } - private void moveToNextTask(ExecutionContext executionContext) { // Later on, this should transition to Step 20 executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK, true); + } private @NotNull UserInput parseHtmlInput(HttpServletRequest request) { @@ -174,15 +193,20 @@ public class ReceiveAustrianResidenceGuiResponseTask extends AbstractAuthServlet String escaped = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); if (PARAM_FORMER_RESIDENCE_AVAILABLE.equalsIgnoreCase(paramName)) { result.setFormerResidenceAvailable(Boolean.parseBoolean(escaped)); + } else if (PARAM_STREET.equalsIgnoreCase(paramName)) { result.setStreet(escaped); + } else if (PARAM_CITY.equalsIgnoreCase(paramName)) { result.setCity(escaped); + } else if (PARAM_ZIPCODE.equalsIgnoreCase(paramName)) { result.setZipcode(escaped); + } } return result; + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java index a6ff345d..fd469f49 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java @@ -23,24 +23,45 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING; + +import java.io.IOException; +import java.util.List; +import java.util.Set; +import java.util.stream.Collectors; +import java.util.stream.Stream; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.TransformerException; + +import org.apache.commons.lang3.StringUtils; +import org.jetbrains.annotations.NotNull; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.messaging.decoder.MessageDecodingException; +import org.opensaml.saml.saml2.core.Response; +import org.opensaml.saml.saml2.core.StatusCode; +import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; +import org.springframework.stereotype.Component; + import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleMobileSignatureData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthEventConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; -import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; @@ -58,23 +79,6 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import lombok.extern.slf4j.Slf4j; -import org.apache.commons.lang3.StringUtils; -import org.jetbrains.annotations.NotNull; -import org.opensaml.core.xml.io.MarshallingException; -import org.opensaml.messaging.decoder.MessageDecodingException; -import org.opensaml.saml.saml2.core.Response; -import org.opensaml.saml.saml2.core.StatusCode; -import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.TransformerException; -import java.io.IOException; -import java.util.List; -import java.util.Set; - -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING; /** * Task that receives the SAML2 response from ID Austria system. @@ -144,95 +148,84 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet InboundMessage inboundMessage = decodeAndVerifyMessage(request, response, decoder, comparator); Pair processedMsg = validateAssertion((PvpSProfileResponse) inboundMessage); if (processedMsg.getSecond()) { - stopProcessFromUserDecision(executionContext, request, response); + // forward to next matching step in case of ID Autria authentication was stopped by user + executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); return; + } + // validate SAML2 response validateEntityId(inboundMessage); + log.info("Receive a valid assertion from IDP " + inboundMessage.getEntityID()); + + // load already existing information from session + SimpleEidasData eidasData = MatchingTaskUtils.getInitialEidasData(pendingReq); + RegisterSearchResult initialSearchResult = MatchingTaskUtils.getInitialRegisterResult(pendingReq); + + // extract user information from ID Austria authentication AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(processedMsg.getFirst().getResponse()); - - /* - * SAML2 response ist bereits vollständig validiert und die Attribute können aus dem - * ausgelesen werden. - * Die AttributeNamen sind entsprechend PVP Spezifikation, z.B. PvpAttributeDefinitions.GIVEN_NAME_NAME - * - * --------------------------------------------------------------------------------------------- - * - * TODO: ab hier müssen wir wohl was anpassen - * - */ - - MergedRegisterSearchResult initialSearchResult = getInitialRegisterResult(); - SimpleEidasData eidasData = getInitialEidasData(); - String bpkZp = extractBpkZp(extractor, eidasData); - - // TODO Hier ist wohl keine Register-Suche notwendig, denn das ergibt sicher einen Treffer - // TODO Soll: In den Ergebnissen aus Step8 matchen! Über BPK matchen, und dann schauen, ob zumindest - // Geburtsdatum passt - MergedRegisterSearchResult registerResult = registerSearchService.searchWithBpkZp(bpkZp); - if (registerResult.getResultCount() == 0) { - executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); - return; - } else if (registerResult.getResultCount() == 1) { - String bpk = registerSearchService - .step7aKittProcess(initialSearchResult, registerResult, eidasData, pendingReq); - storeMatchingBpk(bpk); - return; - } else if (registerResult.getResultCount() > 1) { - throw new ManualFixNecessaryException(eidasData); + SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor); + + // check if MDS from ID Austria authentication matchs to eIDAS authentication + if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) { + // user has cheated!? + throw new InvalidUserInputException("module.eidasauth.matching.05"); + } - - // set NeedConsent to false, because user gives consent during authentication - pendingReq.setNeedUserConsent(false); - log.info("Receive a valid assertion from IDP " + inboundMessage.getEntityID()); + + // search entry in initial search result from steps before and build new RegisterSearchResult + RegisterSearchResult registerResult = new RegisterSearchResult(initialSearchResult.getOperationStatus(), + extractEntriesByBpk(initialSearchResult.getResultsZmr().stream(), simpleMobileSignatureData.getBpk()), + extractEntriesByBpk(initialSearchResult.getResultsErnp().stream(), simpleMobileSignatureData.getBpk())); + + if (registerResult.getResultCount() != 1) { + throw new WorkflowException("matchWithIDAustriaAuthentication", + "Suspect state detected. MDS matches to eIDAS authentication " + + "but register search-result with MDS contains #" + registerResult.getResultCount() + + " entry with bPK from ID Austria authentication", false); + + } else { + // perform kit operation + registerSearchService.step7aKittProcess(registerResult, eidasData); + + // store search result to re-used in CreateIdentityLink step, because there we need bPK and MDS + registerResult.setMatchingFinished(true); + MatchingTaskUtils.storeInitialRegisterResult(pendingReq, registerResult); + + } + } catch (final AuthnResponseValidationException e) { throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e); + } catch (MessageDecodingException | SecurityException | SamlSigningException e) { //final String samlRequest = request.getParameter("SAMLRequest"); //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}", // samlRequest, null, e); throw new TaskExecutionException(pendingReq, ERROR_MSG_00, new AuthnResponseValidationException(ERROR_PVP_11, new Object[]{MODULE_NAME_FOR_LOGGING}, e)); + } catch (IOException | MarshallingException | TransformerException e) { log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); throw new TaskExecutionException(pendingReq, ERROR_MSG_01, new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); + } catch (final CredentialsNotAvailableException e) { log.debug("PVP response decryption FAILED. No credential found.", e); throw new TaskExecutionException(pendingReq, ERROR_MSG_02, new AuthnResponseValidationException(ERROR_PVP_10, new Object[]{MODULE_NAME_FOR_LOGGING}, e)); + } catch (final Exception e) { // todo catch ManualFixNecessaryException in any other way? log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e); throw new TaskExecutionException(pendingReq, ERROR_MSG_03, new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); + } } - private String extractBpkZp(AssertionAttributeExtractor extractor, - SimpleEidasData eidasData) throws EaafBuilderException, InvalidUserInputException { - SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor); - if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) { - throw new InvalidUserInputException(); // user has cheated!? - } - return simpleMobileSignatureData.getBpk(); - } + private List extractEntriesByBpk(Stream stream, String bpk) { + return stream.filter(el -> bpk.equals(el.getBpk())).collect(Collectors.toList()); - private SimpleEidasData getInitialEidasData() { - return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class); - } - - private MergedRegisterSearchResult getInitialRegisterResult() { - return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT, - MergedRegisterSearchResult.class); - } - - private void storeMatchingBpk(String bpk) throws EaafStorageException { - getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); - } - - private AuthProcessDataWrapper getAuthProcessDataWrapper() { - return pendingReq.getSessionData(AuthProcessDataWrapper.class); } @NotNull @@ -359,13 +352,15 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet } if (PvpAttributeDefinitions.BIRTHDATE_NAME.equals(attrName)) { builder.dateOfBirth(extractor.getSingleAttributeValue(attrName)); - } + } if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) { - getAuthProcessDataWrapper().setQaaLevel(extractor.getSingleAttributeValue(attrName)); + MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq).setQaaLevel( + extractor.getSingleAttributeValue(attrName)); } } - getAuthProcessDataWrapper().setIssueInstant(extractor.getAssertionIssuingDate()); + MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq).setIssueInstant(extractor.getAssertionIssuingDate()); return builder.build(); + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java index e139b280..59a6886a 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java @@ -23,6 +23,14 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import java.util.Enumeration; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringEscapeUtils; +import org.springframework.stereotype.Component; + import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; @@ -30,12 +38,6 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import lombok.extern.slf4j.Slf4j; -import org.apache.commons.lang.StringEscapeUtils; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.util.Enumeration; /** * Handles user's selection from {@link GenerateOtherLoginMethodGuiTask}. @@ -69,13 +71,16 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractAuthServletT SelectedLoginMethod selection = SelectedLoginMethod.valueOf(extractUserSelection(request)); executionContext.put(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, selection); transitionToNextTask(executionContext, selection); + } catch (final IllegalArgumentException e) { log.error("Parsing selected login method FAILED.", e); throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.", - new InvalidUserInputException()); + new InvalidUserInputException("module.eidasauth.matching.98")); + } catch (final Exception e) { log.error("Parsing selected login method FAILED.", e); throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.", e); + } } @@ -85,9 +90,12 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractAuthServletT String paramName = paramNames.nextElement(); if (Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER.equalsIgnoreCase(paramName)) { return StringEscapeUtils.escapeHtml(request.getParameter(paramName)); + } } - throw new InvalidUserInputException(); + + throw new InvalidUserInputException("module.eidasauth.matching.98"); + } private void transitionToNextTask(ExecutionContext executionContext, SelectedLoginMethod selection) @@ -96,14 +104,18 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractAuthServletT case EIDAS_LOGIN: executionContext.put(Constants.TRANSITION_TO_GENERATE_EIDAS_LOGIN, true); return; + case MOBILE_PHONE_SIGNATURE_LOGIN: executionContext.put(Constants.TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK, true); return; + case NO_OTHER_LOGIN: executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); return; + default: - throw new InvalidUserInputException(); + throw new InvalidUserInputException("module.eidasauth.matching.98"); + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java index 3023bc0a..6b541135 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java @@ -23,30 +23,33 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.utils; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.List; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import javax.annotation.Nullable; + +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableSet; + import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; import at.gv.egiz.eaaf.core.impl.data.Triple; -import com.google.common.collect.ImmutableList; -import com.google.common.collect.ImmutableSet; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.AttributeValue; import eu.eidas.auth.commons.attribute.AttributeValueMarshaller; import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException; import eu.eidas.auth.commons.attribute.AttributeValueTransliterator; import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; -import org.apache.commons.lang3.StringUtils; -import org.joda.time.DateTime; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import javax.annotation.Nullable; -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.ArrayList; -import java.util.List; -import java.util.regex.Matcher; -import java.util.regex.Pattern; public class EidasResponseUtils { private static final Logger log = LoggerFactory.getLogger(EidasResponseUtils.class); @@ -323,6 +326,21 @@ public class EidasResponseUtils { return (String) familyNameObj; } + /** + * Post-Process the eIDAS personal identifier attribute. + * + * @param personalIdentifierObj eIDAS personal identifier attribute-information + * @return formated user's full personal identifier + * @throws EidasAttributeException if NO attribute is available + */ + public static String processPersonalIdentifier(Object personalIdentifierObj) throws EidasAttributeException { + if (!(personalIdentifierObj instanceof String)) { + throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + } + return (String) personalIdentifierObj; + } + + /** * Post-Process the eIDAS pseudonym to ERnB unique identifier. * diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/MatchingTaskUtils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/MatchingTaskUtils.java new file mode 100644 index 00000000..5625a30d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/MatchingTaskUtils.java @@ -0,0 +1,88 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.utils; + +import javax.annotation.Nullable; + +import org.springframework.lang.NonNull; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterSearchResult; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; + +public class MatchingTaskUtils { + + /** + * Get eIDAS log-in information from session. + * + * @param pendingReq Current pendingRequest + * @return eIDAS infos or null if not exist + */ + @Nullable + public static SimpleEidasData getInitialEidasData(IRequest pendingReq) { + return getAuthProcessDataWrapper(pendingReq).getGenericDataFromSession( + Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class); + + } + + /** + * Set eIDAS log-in information to session. + * + * @param pendingReq Current pendingRequest + * @param eidasData infos from eIDAS Proxy-Service + * @throws EaafStorageException In case of data can not be add into session + */ + @Nullable + public static void storeInitialEidasData(IRequest pendingReq, SimpleEidasData eidasData) + throws EaafStorageException { + getAuthProcessDataWrapper(pendingReq).setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidasData); + + } + + /** + * Get Matching result from session. + * + * @param pendingReq Current pendingRequest + * @return Matching result or null if not exist + */ + @Nullable + public static RegisterSearchResult getInitialRegisterResult(IRequest pendingReq) { + return getAuthProcessDataWrapper(pendingReq).getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT, + RegisterSearchResult.class); + + } + + /** + * Store matching result into session. + * + * @param pendingReq Current pendingRequest + * @param registerData Matching result information + * @throws EaafStorageException In case of data can not be add into session + */ + @Nullable + public static void storeInitialRegisterResult(IRequest pendingReq, RegisterSearchResult registerData) + throws EaafStorageException { + getAuthProcessDataWrapper(pendingReq).setGenericDataToSession( + Constants.DATA_INITIAL_REGISTER_RESULT, registerData); + + } + + /** + * Get holder for authentication information for the current process. + * + * @param pendingReq Current pendingRequest + * @return {@link AuthProcessDataWrapper} + */ + @NonNull + public static AuthProcessDataWrapper getAuthProcessDataWrapper(IRequest pendingReq) { + return pendingReq.getSessionData(AuthProcessDataWrapper.class); + + } + + private MatchingTaskUtils() { + //hide constructor in case of class contains only static methods + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/VersionHolder.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/VersionHolder.java new file mode 100644 index 00000000..dbe88d33 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/VersionHolder.java @@ -0,0 +1,40 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.utils; + +import java.util.Optional; + +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.ApplicationContext; + +/** + * SpringBoot based implementation of an application-version holder. + * + * @author tlenz + * + */ +public class VersionHolder { + + private final String version; + + /** + * Build up a holder that contains the current version of this application. + * + * @param context SprintBoot context + */ + public VersionHolder(ApplicationContext context) { + version = context.getBeansWithAnnotation(SpringBootApplication.class).entrySet().stream() + .findFirst() + .flatMap(es -> Optional.ofNullable(es.getValue().getClass().getPackage().getImplementationVersion())) + .orElse("unknown"); + + } + + /** + * Get version of this application. + * + * @return version + */ + public String getVersion() { + return version; + + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java index 80e61451..30a801a4 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java @@ -23,55 +23,59 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import java.math.BigInteger; +import java.util.Collections; + import org.springframework.stereotype.Service; -import java.util.Collections; -import java.util.List; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.IZmrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.ZmrSoapClient.ZmrRegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest; @Service("ZmrClientForeIDAS") public class DummyZmrClient implements IZmrClient { @Override - public List searchWithPersonIdentifier(String personIdentifier) { - return Collections.emptyList(); + public ZmrRegisterResult searchWithPersonIdentifier(BigInteger zmrProzessId, String personIdentifier) { + return new ZmrRegisterResult(Collections.emptyList(), null); + } @Override - public List searchWithMds(String givenName, String familyName, String dateOfBirth) { + public ZmrRegisterResult searchWithMds(BigInteger zmrProzessId, String givenName, String familyName, + String dateOfBirth, String countryCode) { //TODO will I only receive matches where all three values match perfectly? - return Collections.emptyList(); + return new ZmrRegisterResult(Collections.emptyList(), null); + } @Override - public List searchDeSpecific(String givenName, String familyName, String dateOfBirth, - String birthPlace, String birthName) { - //TODO - return Collections.emptyList(); - } - - @Override - public List searchItSpecific(String taxNumber) { - //TODO - return Collections.emptyList(); + public ZmrRegisterResult searchCountrySpecific(BigInteger zmrProzessId, PersonSuchenRequest personSearchDao, + String citizenCountryCode) throws EidasSAuthenticationException { + return new ZmrRegisterResult(Collections.emptyList(), null); + } @Override - public void update(RegisterResult registerResult, SimpleEidasData eidData) { + public void update(BigInteger zmrProzessId, RegisterResult registerResult, SimpleEidasData eidData) { //TODO } @Override - public List searchWithBpkZp(String bpkzp) { + public ZmrRegisterResult searchWithBpkZp(BigInteger zmrProzessId, String bpkzp) { //TODO - return Collections.emptyList(); + return new ZmrRegisterResult(Collections.emptyList(), null); } @Override - public List searchWithResidenceData(String zipcode, String city, String street) { + public ZmrRegisterResult searchWithResidenceData(BigInteger zmrProzessId, String givenName, String familyName, + String dateOfBirth, String zipcode, String city, String street) { // TODO - return Collections.emptyList(); + return new ZmrRegisterResult(Collections.emptyList(), null); } + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java deleted file mode 100644 index 5ca69d3d..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright 2020 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; - -import java.util.List; - -public interface IZmrClient { - - List searchWithPersonIdentifier(String personIdentifier); - - List searchWithMds(String givenName, String familyName, String dateOfBirth); - - List searchDeSpecific(String givenName, String familyName, String dateOfBirth, - String birthPlace, String birthName); - - List searchItSpecific(String taxNumber); - - void update(RegisterResult registerResult, SimpleEidasData eidData); - - List searchWithBpkZp(String bpkzp); - - List searchWithResidenceData(String zipcode, String city, String street); - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index 369af4c4..2379295b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -3,89 +3,53 @@ xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> - - - - - - - - - - - - - - + + + + + + + + + + + + + + - - - + + + - - - + + + - - - + + + - - - - + + + - + - - + + - + - - + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index ed086493..cec75682 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -11,17 +11,25 @@ + + + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient" /> + + + + + - diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties index a2437ce6..cfb48d57 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties @@ -13,3 +13,15 @@ module.eidasauth.06=eIDAS module was selected, but eIDAS is NOT enabled for SP: module.eidasauth.98=eIDAS module has an internal error. Reason: {0} module.eidasauth.99=eIDAS module has an generic internal error. + +module.eidasauth.matching.00=Matching failed, because find more than one ZMR entries with one eIDAS personal-identifier +module.eidasauth.matching.01=Matching failed, because of an ZMR communication error. Reason: {0} +module.eidasauth.matching.02=Matching failed, because ZMR response contains historic information which is not supported. +module.eidasauth.matching.03=Matching failed in workflow step: {0} with error: {1} +module.eidasauth.matching.04=An error occurred while loading your data from official registers. Please contact the support. +module.eidasauth.matching.05=Matching failed, because result from alternative authentication-method does not match to eIDAS authentication +module.eidasauth.matching.06=Matching failed, because GUI form for matching by residence was invalid filled + + +module.eidasauth.matching.98=Matching failed, because of an invalid or unknown request parameter. +module.eidasauth.matching.99=Matching failed, because of an unexpected processing error. Reason: {0} \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR-1.1.WSDL b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR-1.1.WSDL deleted file mode 100644 index 3c34458d..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR-1.1.WSDL +++ /dev/null @@ -1,939 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - false - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR-1.WSDL b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR-1.WSDL deleted file mode 100644 index 4ad2645a..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR-1.WSDL +++ /dev/null @@ -1,901 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - false - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR_v4.0.wsdl b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR_v4.0.wsdl deleted file mode 100644 index e7f296bd..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR_v4.0.wsdl +++ /dev/null @@ -1,441 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - false - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp1.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp1.xsd deleted file mode 100644 index 09c0b1e3..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp1.xsd +++ /dev/null @@ -1,133 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - additional authentication properties - - - - - - - - - - - - - - - - - - - - - - - additional authorization properties - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - additional principal attributes - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp19.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp19.xsd deleted file mode 100644 index 596a2b99..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp19.xsd +++ /dev/null @@ -1,133 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - additional authentication properties - - - - - - - - - - - - - - - - - - - - - - - additional authorization properties - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - additional principal attributes - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr.xsd deleted file mode 100644 index 85acfb65..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr.xsd +++ /dev/null @@ -1,388 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_ecdsa.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_ecdsa.xsd deleted file mode 100644 index 87ee80be..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_ecdsa.xsd +++ /dev/null @@ -1,30 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_persondata.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_persondata.xsd deleted file mode 100644 index 3c9ac932..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_persondata.xsd +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_pvp_sec.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_pvp_sec.xsd deleted file mode 100644 index 5001c1b8..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_pvp_sec.xsd +++ /dev/null @@ -1,10 +0,0 @@ - - - - - - - - - - diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-schemas.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-schemas.xml deleted file mode 100644 index d40efa45..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-schemas.xml +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-wsdl.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-wsdl.xml deleted file mode 100644 index f95c35f0..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-wsdl.xml +++ /dev/null @@ -1,10 +0,0 @@ - - - - false - - - \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0.xsd deleted file mode 100644 index 2d25f2dc..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0.xsd +++ /dev/null @@ -1,443 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_xmldsig.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_xmldsig.xsd deleted file mode 100644 index 96b50b40..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_xmldsig.xsd +++ /dev/null @@ -1,31 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/SZR-1.1.WSDL b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/SZR-1.1.WSDL new file mode 100644 index 00000000..3c34458d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/SZR-1.1.WSDL @@ -0,0 +1,939 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/SZR-1.WSDL b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/SZR-1.WSDL new file mode 100644 index 00000000..4ad2645a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/SZR-1.WSDL @@ -0,0 +1,901 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/SZR_v4.0.wsdl b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/SZR_v4.0.wsdl new file mode 100644 index 00000000..e7f296bd --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/SZR_v4.0.wsdl @@ -0,0 +1,441 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/pvp1.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/pvp1.xsd new file mode 100644 index 00000000..09c0b1e3 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/pvp1.xsd @@ -0,0 +1,133 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + additional authentication properties + + + + + + + + + + + + + + + + + + + + + + + additional authorization properties + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + additional principal attributes + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/pvp19.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/pvp19.xsd new file mode 100644 index 00000000..596a2b99 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/pvp19.xsd @@ -0,0 +1,133 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + additional authentication properties + + + + + + + + + + + + + + + + + + + + + + + additional authorization properties + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + additional principal attributes + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr.xsd new file mode 100644 index 00000000..85acfb65 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr.xsd @@ -0,0 +1,388 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_ecdsa.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_ecdsa.xsd new file mode 100644 index 00000000..87ee80be --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_ecdsa.xsd @@ -0,0 +1,30 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_persondata.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_persondata.xsd new file mode 100644 index 00000000..3c9ac932 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_persondata.xsd @@ -0,0 +1,54 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_pvp_sec.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_pvp_sec.xsd new file mode 100644 index 00000000..5001c1b8 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_pvp_sec.xsd @@ -0,0 +1,10 @@ + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_v4.0-schemas.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_v4.0-schemas.xml new file mode 100644 index 00000000..d40efa45 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_v4.0-schemas.xml @@ -0,0 +1,54 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_v4.0-wsdl.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_v4.0-wsdl.xml new file mode 100644 index 00000000..f95c35f0 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_v4.0-wsdl.xml @@ -0,0 +1,10 @@ + + + + false + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_v4.0.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_v4.0.xsd new file mode 100644 index 00000000..2d25f2dc --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_v4.0.xsd @@ -0,0 +1,443 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_xmldsig.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_xmldsig.xsd new file mode 100644 index 00000000..96b50b40 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/szr_client/szr_xmldsig.xsd @@ -0,0 +1,31 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/soapenv.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/soapenv.xsd new file mode 100644 index 00000000..cb89c710 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/soapenv.xsd @@ -0,0 +1,125 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Prose in the spec does not specify that attributes are allowed on the Body element + + + + + + + + + + + + + + + + + + + + 'encodingStyle' indicates any canonicalization conventions followed in the contents of the containing element. For example, the value 'http://schemas.xmlsoap.org/soap/encoding/' indicates the pattern described in SOAP specification + + + + + + + + + + + + + + + Fault reporting structure + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/ablaufendeauskunfssperren/ablaufendeauskunftssperrenrequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/ablaufendeauskunfssperren/ablaufendeauskunftssperrenrequest.xml new file mode 100644 index 00000000..173c3894 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/ablaufendeauskunfssperren/ablaufendeauskunftssperrenrequest.xml @@ -0,0 +1,22 @@ + + + + + + GP_Ablaufende_Auskunftssperren + ZPR_VO_Ablaufende_Auskunftssperren + + + + 000000 + + Test + + + 2005-01-01T00:00:00.000 + 10 + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/ablaufendeauskunfssperren/ablaufendeauskunftssperrenresponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/ablaufendeauskunfssperren/ablaufendeauskunftssperrenresponse.xml new file mode 100644 index 00000000..75fbd86f --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/ablaufendeauskunfssperren/ablaufendeauskunftssperrenresponse.xml @@ -0,0 +1,194 @@ + + + + + + GP_Ablaufende_Auskunftssperren + 1234 + A + 00034 + + ZPR_VO_Ablaufende_Auskunftssperren + A + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + 2005-01-01T00:00:00.000 + 10 + + + 0003 + Es wurde 1 Personen im ZMR gefunden + + + 1 + 0 + 1 + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 0000001 + + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + AMKOR + Amtliche Korrektur + + + 09999 + + test@bmi.gv.at + + + 000111111111 + + + Maximilian + Mustermann + + männlich + 2001-05-07 + Wien + Wien + Österreich + + AUT + Österreich + + + 0000001 + 2003-01-01T00:00:00.000 + + 2003-01-01T00:00:00.000 + REISEDOK_ANLEGEN + Reisedokument anlegen + + + 09999 + + test@bmi.gv.at + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 0000001 + 2004-01-26T00:00:00.000 + + 2003-01-01T00:00:00.000 + GEBURT + Geburt + 2004-01-26T00:00:00.000 + + + 09999 + + test@bmi.gv.at + + + 000111111111 + + + Hans + Mustermann + + männlich + 2001-05-07 + Wien + Wien + Österreich + + AUT + Österreich + + + 0000001 + 2003-01-01T00:00:00.000 + + 2003-01-01T00:00:00.000 + REISEDOK_ANLEGEN + Reisedokument anlegen + + + 09999 + + test@bmi.gv.at + + + + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 00000002 + + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + WSANM + Wohnsitz anmelden + + + 099999 + + + + + + 1245 + Testgemeinde + 09999 + Testort + + Teststrasse + 1 + H + + + XXX000 + + 2004-01-26T00:00:00.000 + WSANM + Wohnsitz anmelden + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/ablaufendeauskunfssperren/blaetternrequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/ablaufendeauskunfssperren/blaetternrequest.xml new file mode 100644 index 00000000..50517e75 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/ablaufendeauskunfssperren/blaetternrequest.xml @@ -0,0 +1,27 @@ + + + + + + GP_Ablaufende_Auskunftssperren + 1234 + + 00034 + ZPR_VO_Ablaufende_Auskunftssperren + + + + 000000 + + Test + + + + Vor + 3 + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/ablaufendeauskunfssperren/blaetternresponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/ablaufendeauskunfssperren/blaetternresponse.xml new file mode 100644 index 00000000..add2f3ad --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/ablaufendeauskunfssperren/blaetternresponse.xml @@ -0,0 +1,195 @@ + + + + + + GP_Ablaufende_Auskunftssperren + 1234 + A + 00034 + + ZPR_VO_Ablaufende_Auskunftssperren + A + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + 2005-01-01T00:00:00.000 + 10 + + + 0003 + Es wurde 1 Personen im ZMR gefunden + + + 4 + 3 + + 4 + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 0000001 + + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + AMKOR + Amtliche Korrektur + + + 09999 + + test@bmi.gv.at + + + 000111111111 + + + Maximilian + Mustermann + + männlich + 2001-05-07 + Wien + Wien + Österreich + + AUT + Österreich + + + 0000001 + 2003-01-01T00:00:00.000 + + 2003-01-01T00:00:00.000 + REISEDOK_ANLEGEN + Reisedokument anlegen + + + 09999 + + test@bmi.gv.at + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 0000001 + 2004-01-26T00:00:00.000 + + 2003-01-01T00:00:00.000 + GEBURT + Geburt + 2004-01-26T00:00:00.000 + + + 09999 + + test@bmi.gv.at + + + 000111111111 + + + Hans + Mustermann + + männlich + 2001-05-07 + Wien + Wien + Österreich + + AUT + Österreich + + + 0000001 + 2003-01-01T00:00:00.000 + + 2003-01-01T00:00:00.000 + REISEDOK_ANLEGEN + Reisedokument anlegen + + + 09999 + + test@bmi.gv.at + + + + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 00000002 + + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + WSANM + Wohnsitz anmelden + + + 099999 + + + + + + 1245 + Testgemeinde + 09999 + Testort + + Teststrasse + 1 + H + + + XXX000 + + 2004-01-26T00:00:00.000 + WSANM + Wohnsitz anmelden + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/adoption/adoptionrequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/adoption/adoptionrequest.xml new file mode 100644 index 00000000..9e8746ce --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/adoption/adoptionrequest.xml @@ -0,0 +1,32 @@ + + + + + + + GP_Adoption + ZPR_VO_Adoption + + + + 000000 + + Test + + + + 2004-01-26T00:00:00.000 + + + + 2434 + 2003-03-01T00:00:00.000 + + 000111111111 + + MustermannAdoption + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/adoption/adoptionresponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/adoption/adoptionresponse.xml new file mode 100644 index 00000000..466bdc2c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/adoption/adoptionresponse.xml @@ -0,0 +1,82 @@ + + + + + + GP_Adoption + 1234 + C + 00034 + + ZPR_VO_Adoption + C + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + 1234 + Person wurde geändert + + + + 2004-01-26T00:00:00.000 + + + + 0000001 + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + NAMENSAENDERUNG + Namensänderung + + + 09999 + + test@bmi.gv.at + + + 000111111111 + + + Anna + MustermannAdoption + + weiblich + 2001-05-07 + Wien + Wien + Österreich + + AUT + Österreich + + + 0000001 + 2003-01-01T00:00:00.000 + + 2003-01-01T00:00:00.000 + REISEDOK_ANLEGEN + Reisedokument anlegen + + + 09999 + + test@bmi.gv.at + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/adresssuche/adresssucherequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/adresssuche/adresssucherequest.xml new file mode 100644 index 00000000..b37c1ecf --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/adresssuche/adresssucherequest.xml @@ -0,0 +1,32 @@ + + + + + + Meldevorgang + Adresssuche + + + + 099999 + + ZMRHTMLClient V3.0 + + + + ADRESSSUCHE + + + + 09999 + Testort + + Teststraße + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/adresssuche/adresssucheresponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/adresssuche/adresssucheresponse.xml new file mode 100644 index 00000000..53c04d79 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/adresssuche/adresssucheresponse.xml @@ -0,0 +1,81 @@ + + + + + + Meldevorgang + 1234 + A + 00034 + + Adresssuche + A + true + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + + ADRESSSUCHE + + + + 09999 + + Teststraße + + + + + + 123 + Adressen gefunden. + + + Orientierungsnummer + 3 + + + Testgemeinde + 09999 + Testort + + Teststraße + 1 + + + + + + Testgemeinde + 09999 + Testort + + Teststraße + 2 + + + + + + Testgemeinde + 09999 + Testort + + Teststraße + 3 + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/behoerdenabfrage/behoerdenabfragerequestStufe1.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/behoerdenabfrage/behoerdenabfragerequestStufe1.xml new file mode 100644 index 00000000..0aa8460b --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/behoerdenabfrage/behoerdenabfragerequestStufe1.xml @@ -0,0 +1,33 @@ + + + + + + GP_Behoerdenabfrage_erstellen + ZMR_VO_Behoerdenabfrage_Ueberblick_erstellen + + + + 000000 + + Test + + + + Test + SONSTIGES + false + false + + + + Max + Mustermann + + 2000-01-01 + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/behoerdenabfrage/behoerdenabfragerequestStufe2.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/behoerdenabfrage/behoerdenabfragerequestStufe2.xml new file mode 100644 index 00000000..a68cd27d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/behoerdenabfrage/behoerdenabfragerequestStufe2.xml @@ -0,0 +1,27 @@ + + + + + + GP_Behoerdenabfrage_erstellen + ZMR_VO_Behoerdenabfrage_Detail_erstellen + + + + 000000 + + Test + + + + Test + SONSTIGES + false + false + + 1 + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/behoerdenabfrage/behoerdenabfrageresponseStufe1.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/behoerdenabfrage/behoerdenabfrageresponseStufe1.xml new file mode 100644 index 00000000..cf18458e --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/behoerdenabfrage/behoerdenabfrageresponseStufe1.xml @@ -0,0 +1,76 @@ + + + + + + GP_Behoerdenabfrage_erstellen + 1234 + A + 00034 + + ZPR_VO_Person_suchen_Meldevorgang + C + false + true + + + ZMR_VO_Behoerdenabfrage_Detail_erstellen + A + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + + Test + SONSTIGES + false + false + + + + Max + Mustermann + + 2000-01-01 + + + + 0003 + Es wurden 3 Personen im ZMR gefunden + + + 3 + + 0 + 2001-01-01 + Wien - Ottakring + 1010 + Wien - Innere Stadt + + + 1 + 2001-01-01 + Testort + 9999 + Testort + + + 2 + 2001-01-01 + Testort2 + 8888 + Testort2 + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/behoerdenabfrage/behoerdenabfrageresponseStufe2.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/behoerdenabfrage/behoerdenabfrageresponseStufe2.xml new file mode 100644 index 00000000..909c491e --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/behoerdenabfrage/behoerdenabfrageresponseStufe2.xml @@ -0,0 +1,200 @@ + + + + + + GP_Behoerdenabfrage_erstellen + 1234 + C + 00034 + + ZPR_VO_Person_suchen_Meldevorgang + C + false + true + + + ZMR_VO_Behoerdenabfrage_Detail_erstellen + C + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + + Test + SONSTIGES + false + false + + 1 + + + 0003 + Es wurde 1 Person im ZMR gefunden + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 0000001 + + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + AMKOR + Amtliche Korrektur + + + 09999 + + test@bmi.gv.at + + + 000111111111 + + + Maximilian + Mustermann + + männlich + 2001-05-07 + Wien + Wien + Österreich + + AUT + Österreich + + + 0000001 + 2003-01-01T00:00:00.000 + + 2003-01-01T00:00:00.000 + REISEDOK_ANLEGEN + Reisedokument anlegen + + + 09999 + + test@bmi.gv.at + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 0000001 + 2004-01-26T00:00:00.000 + + 2003-01-01T00:00:00.000 + GEBURT + Geburt + 2004-01-26T00:00:00.000 + + + 09999 + + test@bmi.gv.at + + + 000111111111 + + + Hans + Mustermann + + männlich + 2001-05-07 + Wien + Wien + Österreich + + AUT + Österreich + + + 0000001 + 2003-01-01T00:00:00.000 + + 2003-01-01T00:00:00.000 + REISEDOK_ANLEGEN + Reisedokument anlegen + + + 09999 + + test@bmi.gv.at + + + + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 00000002 + + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + WSANM + Wohnsitz anmelden + + + 099999 + + + + + + 1245 + Testgemeinde + 09999 + Testort + + Teststrasse + 1 + H + + + XXX000 + + 2004-01-26T00:00:00.000 + WSANM + Wohnsitz anmelden + + + XXYY + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/bestandsaenderungen/bestandsaenderungenrequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/bestandsaenderungen/bestandsaenderungenrequest.xml new file mode 100644 index 00000000..db6014cd --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/bestandsaenderungen/bestandsaenderungenrequest.xml @@ -0,0 +1,26 @@ + + + + + + Abfragen + Bestandsaenderungen + + + + 099999 + + ZMRHTMLClient V3.0 + + + + 2004-01-01T00:00:00.000 + 2004-07-01T00:00:00.000 + true + TYP_ZUGANG + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/bestandsaenderungen/bestandsaenderungenresponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/bestandsaenderungen/bestandsaenderungenresponse.xml new file mode 100644 index 00000000..b66a6636 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/bestandsaenderungen/bestandsaenderungenresponse.xml @@ -0,0 +1,83 @@ + + + + + + Abfragen + Bestandsaenderung + 1234 + A + 00034 + + Bestandsaenderung + Bestandsaenderung + C + true + true + + + + ZMR Server + 2004-06-01T00:00:00.000 + 1234567 + + + + + 2004-01-01T00:00:00.000 + 2004-07-01T00:00:00.000 + true + TYP_ZUGANG + + + + 0004 + Die Abgleichdaten wurden erstellt + + + 230 + 2 + + 2004-01-01T08:00:00.000 + 000111111111 + 2001-05-07 + männlich + + TYP_ZUGANG + + Testgemeinde + 09999 + Testort + + Teststraße + 3 + 7 + + + + + + 2004-01-02T08:00:00.000 + 000111111111 + 2003-05-07 + weiblich + + TYP_ZUGANG + + Testgemeinde + 09999 + Testort + + Teststraße + 3 + 3 + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/bpabfrage/bpabfragerequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/bpabfrage/bpabfragerequest.xml new file mode 100644 index 00000000..73c30b8b --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/bpabfrage/bpabfragerequest.xml @@ -0,0 +1,31 @@ + + + + + + GP_Businesspartnerabfrage_erstellen + ZMR_VO_Businesspartnerabfrage_erstellen + + + + 000000 + + ZMRHTMLClient V4.0 + + + + Test + SONSTIGES + + + + Max + Mustermann + + 2005-01-01 + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/bpabfrage/bpabfrageresponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/bpabfrage/bpabfrageresponse.xml new file mode 100644 index 00000000..bd7d3a22 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/bpabfrage/bpabfrageresponse.xml @@ -0,0 +1,68 @@ + + + + + + GP_Businesspartnerabfrage_erstellen + Businesspartnerabfragen + 62700000000195 + C + 0 + + ZMR_VO_Businesspartnerabfrage_erstellen + Businesspartnerabfrage + C + false + true + + + + ZMR-Server + 2005-03-10T13:38:22.617 + 32900000000018 + + + + + Test + SONSTIGES + + + + Max + Mustermann + + 2005-01-01 + + + + 5020 + Person gefunden + + + + + Max + Mustermann + + 2005-01-01 + + + 1160 + Wien,Ottakring + + Ottakringer Straße + 101 + 7 + false + 0003 + + + true + JVBERi0xLjMKJaqrrK0KNCAwIG9iago8PCAvVHlwZSAvSW5mbwovUHJvZHVjZXIgKG51bGwpID4+CmVuZG9iago1IDAgb2JqCjw8IC9MZW5ndGggODA2IC9GaWx0ZXIgL0ZsYXRlRGVjb2RlIAogPj4Kc3RyZWFtCnicnVbbctMwEH33V+ixnaGqpNXNfUsGtwRIWhIDMwUe3FZNMyQOOA4w/XrWt8hOYwpMHqJozp69nN1VhnFweg6EC8pIfB+w4us2YGQecMLww4mQnGoAooWhoQlJvCKfjq6i6exyEk1eDuJocky+kPg18nDCecXTGHMrqVCcaKaoCE1lfJ6sFsuFS9Nk5c6OyYliEFJhgByNt5vcZaskTWvOfR4VChoKUfF8WGcNhRGa1xTJrz5by6iSdQwX7mab5Zu7JN+uCgIZWoEEQpEjhjkgGWNql5gv0I6UYzUQrYSkFlRFOlohkzAWoUfXLs2zZOlSfzV2yzuXufmiSNJfb24f3CJtA+/Xy7lL79yeKQbbRiXb+7M6wigOvpeiGUat1kQq/MaUpQJMGQgmTjJH7oN3wTD+o1AyBKrrdAZf861bLtuxvkq23/Kf64d0s8gfz3oKLY2imumKZIZV+AxgSpksYNlKmS7zPPmaLdJ5m32H9Veccf/D9DnUQAXwujXfXp9eZnnZFbZ0V4jKuWae6CN234tdCD1FNFJSwJ6tiiiwiNAp4tOmaAwxf7B1OMMxPaejySSaRjMfwGAY09GHU+FvRvHJeNaepB5u7HO7446mFxdUwl5ZdvFbHwZnYTv/0W5qy6ytojiDpTkwapglEkcSdEiMklTakNyugtPRipOX6yr9qljUCiMVlqw5XQRaVc5FSI2QpTRFB54odFGU76Ztj5Y9+G7HttGAaG1QeEQXKKUr4n2oQkbJwr/C1kE00D8FcSDlpt64CsoU6qE7AV7Z37Q6RnZVFQo1UkAMh6JRK63GXqj3reHwx9gfI3+c7k8Ht9Tg6g0NVc3KHDxH/eYgYOKP590wLMi9Wxxg2QmqwQyf8z066DA6iG0dr1pj1XX8tFyHeaedDdCvsMblKNoKo2pdhZ/OrWD4UIAh2gK2o61kSLYb7/3O/dOz4TcE69kQuPrrZzpO5m73xh3aEbrY1DX4/UP26BZ5DxL3ADS0M4SV+7xZ0v74Y5127rsdiX8lDIhOiEUW0H5t98HtEDmcgd3DgTG4scIO6f8sXRT/N+i29j4KZW5kc3RyZWFtCmVuZG9iago2IDAgb2JqCjw8L1R5cGUgL1hPYmplY3QKL1N1YnR5cGUgL0ltYWdlCi9OYW1lIC9JbTEKL0xlbmd0aCAyMDU1Ci9XaWR0aCAxMDgKL0hlaWdodCAzOQovQml0c1BlckNvbXBvbmVudCA4Ci9Db2xvclNwYWNlIC9EZXZpY2VSR0IKL0ZpbHRlciAvRmxhdGVEZWNvZGUgCj4+CnN0cmVhbQp4nO1aK7CrOhStPPLI2iuRSCyyEolFIpG1SGQkFllZeWxl5ZXHVlZW8layIA35lZ72zdx572YYhk+ys7Oy9ieBcfxb/mtlvz+U1VAUfb4Tu50oyr6uh04cI02EOFa1bLJTTXZFDwmQ80atfgvxe7+XR11Ph7p1a0KBLBd5/p6zHkVZ9qFqbXcHp2kGPMyyDkcqz0Jf4AyIhIMksJU6L2vqW8hvfEhCjlcfeRTDBNp+/10U31l22W4vHx/fm81ls+GZF9fN5pCmrnAOwdU/My7STA8zWBmvgNt9aoo+VLNtD8s6wif5frtv75hU1WA1sZRkk8LQZEK+O7oKs4lIikuSuKBdDPSm64+PvutcDDEd6Wvo8QJyTLGgkEkSs2aneKi45EXDgwllwsADWnmal0sYZwyn+kkm8rQFeqfN59WBzgWTJITjcAGcMbQsYu3ZVLvrFkbn8PB+hi3DhAPEc9GQZ9APbAzNaUh/0w9oHpJ+dVpp9DTHYMLXLOMhmWlYNGqettthGNZgGNDnAbx1Ywtf8nAhh97MR2mL/J62D6fSrA/kTQzT+ZX4TCfctttbWd76fjydxuvVhgZPcJxOqHCra/hZL4Dj3R96rCOioanqbmc7HwPD+DDVq/xhX8785p7KLgEyw70oDOXDw0dyJXptO95uC8TOZ3l8f8vDfPWowG/A7gp16AvrOmY1uRiGL1esGy9sf1UN2tYgwfF1/okDtUQ/ter74zLEeNDWusGBwAFK+/38uKN3PuP6mueMKTy+DbsG/cbD4XI+h6x4ZYGqPiOaYGxbf0pm8dBib+nEzVHFXF8Tf9x3OvKnOtpLi+5w3HzekkQyDeXrC9C52YsbU0BadPwKgOOSURY9TIezutWCHmbph6+wMxTZMu7rYgVcqzs9xcj64Pok/U4njd5VHSZ6+sllRShZWbAWCHHJ6wYtDL0RAYuRUKtwjO7clC/QauEhmVtiiSGtchxhudJOFT6wawSX/WdWbXfFrwJHW5SgHLLok4rIBDMSStYUWHEkJvY+LunizQ/ZMMLePLdNUnfthn6nlY08rsHDcz/cigIhA2dSDtDlv8ok2Sdpm2Rdomo2zX1mQTzk0sgGQwnh+mImIZZvj4yIJRCX5W1kVYseQ8n8mlauBwAyICF8IO2X6P1K25SS57wuYhqvlNnDe1YuXt9uFW9+OPmoLriZ4MzaIjOPtvKEvESt4xA+bnmOgEL0El+KDpf1Q5jCBev6kE2FfLtVQjzERbcKQztTfaqVAlCUSSPTY7W5U1X7xJdG8hzKLl4p4bxXxLekdPH5w2mYEQmu99AX7gaO2cpVNUU2uBdyfaEyExi1GpSf5HHf/oMit60C64WHblCXyDoljoZ3ifdsK5CwLgSicJtPQaFtBwWaf/34FD4PC1gdWikAlvVyvDzMnK0Aq3gZxYbr2ctggXBcpxVMmHW4Xg5tBawf18MyyCzXm/CLPH9usiL7h+vQsAm8Bvmpl1QtCZs9shedsSxT8QWM78WwKM3FxcKrR8KiX1R4//B5Hj5mr6ltKjczpT80MyJnD3ZxfmpokYLuvBkCLpA+YQjy6I+RC3MF97I/tDPSKHvtdeVk0R4MPbHyXf4Qw4+4C/e599rMGyP7h+ut0hz1M8jfG5oYeqPJG3noLG/9K9DQHqy7iIvsYz+T2zwbU2ytIjy8y1+X8cZLs7Biz6hD02elcKWBYTguP2fLT+WHrt+I+MM3xhQhjk7vHo55s2Wr/lt5aOuwPqaY/Tq27Df5FzEMTOIa6Oxz9YCHP4gpK5G3d9r1resPPTHrNVsup730uP2GwLQVjn5fvleL8zBgEStt2YYowEObMD8GENlI7nz6D92uuTB3P/R/Dm61CBrydxGf/J+1woXeTMDEhZTP3xFT/pY/rcArvn0bpGkGa3uqDG+Gryx9f/T+mfOvFoxize5r6vzz8HqBxzO7Vp8aXw2m3uGsHKMu8DCYX3hdPR2QIH9aUwhg5YJbLJPxhL6IYQKOBRU69b9H30u+oQKEoDLXejqGok5t8Ad16iWdUB8Pu7kLqcm8twYm41rfomsGfTSH163V32KmWK3zvpWa8FOUpQBu0Va/xUS0ulo98CHTCdqRKVmoURMQE0MI4U8s/JpQq9/5uIONc6teAV61nSgnnWEC0tgR6qMvOGTcUg7VYD5MHy7UuVGapOpLpRkauEJHK/6/N/XYDFx4cvro8NEFhk/6Nc2Bn+alzs2AxAYySX5KgJ5C6c9lPhUQqm1N/JWGzTwRmfo8RMW4dzqqdcdONafatfq+ibd9b5uYkP/yTdTN1PdHSIaGnCxKE7PhYMhEW/78UN5bocLpdCKSmocQAh2gCcYOmYeD/JMBrcxPS0SeUNCCIITMyeTnpGHxXLEdCqAvSMvUR2qAUBo6c/OTwvn/hnylFFDzJdui4EI6w2YaDl5x4ITOHCPnixiGwjdxI13RKRw1FOMtSTLO31bG+X/LcemdmBa2aiVF02Au10p29VoaGIuH5IDJw5QYKngpmXyTCxO1I8R5x7gq9W8Je+FX71FFFvROt2PqrImkFWBbzBrrwAtBGcJC78SHeozVUnIVwBBtJbdrOYl0ZZxQbvhD+Vrle/wZZpz9J/mjnQweYiDKdx043nrOEiUJq4G3/DeGc6oV0F3QdRAEDln6LlWff9dIf6ue07eYnrP26aznSAqZn/C2oS2rCWIgIAK81mO00KD/9/Lwf1UYUKSf/JtU/xnlH7uDa8sKZW5kc3RyZWFtCmVuZG9iago3IDAgb2JqCjw8IC9UeXBlIC9QYWdlCi9QYXJlbnQgMSAwIFIKL01lZGlhQm94IFsgMCAwIDU5NSA4NDIgXQovUmVzb3VyY2VzIDMgMCBSCi9Db250ZW50cyA1IDAgUgo+PgplbmRvYmoKOCAwIG9iago8PCAvVHlwZSAvRm9udAovU3VidHlwZSAvVHlwZTEKL05hbWUgL0YzCi9CYXNlRm9udCAvSGVsdmV0aWNhLUJvbGQKL0VuY29kaW5nIC9XaW5BbnNpRW5jb2RpbmcgPj4KZW5kb2JqCjkgMCBvYmoKPDwgL1R5cGUgL0ZvbnQKL1N1YnR5cGUgL1R5cGUxCi9OYW1lIC9GMQovQmFzZUZvbnQgL0hlbHZldGljYQovRW5jb2RpbmcgL1dpbkFuc2lFbmNvZGluZyA+PgplbmRvYmoKMSAwIG9iago8PCAvVHlwZSAvUGFnZXMKL0NvdW50IDEKL0tpZHMgWzcgMCBSIF0gPj4KZW5kb2JqCjIgMCBvYmoKPDwgL1R5cGUgL0NhdGFsb2cKL1BhZ2VzIDEgMCBSCiA+PgplbmRvYmoKMyAwIG9iago8PCAKL0ZvbnQgPDwgL0YzIDggMCBSIC9GMSA5IDAgUiA+PiAKL1Byb2NTZXQgWyAvUERGIC9JbWFnZUMgL1RleHQgXSAvWE9iamVjdCA8PC9JbTEgNiAwIFIgCiA+Pgo+PiAKZW5kb2JqCnhyZWYKMCAxMAowMDAwMDAwMDAwIDY1NTM1IGYgCjAwMDAwMDM1MDQgMDAwMDAgbiAKMDAwMDAwMzU2MiAwMDAwMCBuIAowMDAwMDAzNjEyIDAwMDAwIG4gCjAwMDAwMDAwMTUgMDAwMDAgbiAKMDAwMDAwMDA2NSAwMDAwMCBuIAowMDAwMDAwOTQ0IDAwMDAwIG4gCjAwMDAwMDMxNzkgMDAwMDAgbiAKMDAwMDAwMzI4NSAwMDAwMCBuIAowMDAwMDAzMzk3IDAwMDAwIG4gCnRyYWlsZXIKPDwKL1NpemUgMTAKL1Jvb3QgMiAwIFIKL0luZm8gNCAwIFIKPj4Kc3RhcnR4cmVmCjM3MjcKJSVFT0YK + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/datenabgleich/datenabgleichrequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/datenabgleich/datenabgleichrequest.xml new file mode 100644 index 00000000..07c501c6 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/datenabgleich/datenabgleichrequest.xml @@ -0,0 +1,26 @@ + + + + + + GP_Datenabgleich_anfordern + ZMR_VO_Datenabgleich_anfordern + + + + 000000 + + Test + + + + 91601 + AENDERUNGEN + 2004-01-01T00:00:00.000 + 2004-02-01T00:00:00.000 + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/datenabgleich/datenabgleichresponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/datenabgleich/datenabgleichresponse.xml new file mode 100644 index 00000000..86d96963 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/datenabgleich/datenabgleichresponse.xml @@ -0,0 +1,91 @@ + + + + + + GP_Datenabgleich_anfordern + 1234 + C + 00034 + + ZMR_VO_Datenabgleich_anfordern + C + false + true + + + + ZMR Server + 2004-06-01T00:00:00.000 + 1234567 + + + + + 09999 + AENDERUNGEN + 2004-01-01T00:00:00.000 + 2004-02-01T00:00:00.000 + false + + + + 0004 + Die Abgleichdaten wurden erstellt + + + 230 + 2 + + 2004-01-01T08:00:00.000 + + + 0000001 + 2004-01-26T00:00:00.000 + + 000111111111 + + Mustermann + Max + 2001-05-07 + + + + + + + 0000001 + 2004-01-26T00:00:00.000 + + 2004-01-01T08:00:00.000 + PAN + Personensnlage + + + 09999 + + test@bmi.gv.at + + + 000111111111 + + + Max + Mustermann + + männlich + 2001-05-07 + Wien + Wien + Österreich + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/fremdenabfrage/fremdenabfragerequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/fremdenabfrage/fremdenabfragerequest.xml new file mode 100644 index 00000000..6e9ad235 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/fremdenabfrage/fremdenabfragerequest.xml @@ -0,0 +1,31 @@ + + + + + + GP_Fremden_abfrage + ZPR_VO_Fremden_abfrage + + + + 000000 + + Test + + + + Test + NICHT_OESTERREICH + 916 + false + false + true + 10 + + 2004-01-01T00:00:00.000 + 2004-01-07T00:00:00.000 + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/fremdenabfrage/fremdenabfrageresponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/fremdenabfrage/fremdenabfrageresponse.xml new file mode 100644 index 00000000..7f0adb0d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/fremdenabfrage/fremdenabfrageresponse.xml @@ -0,0 +1,45 @@ + + + + + + GP_Fremden_abfrage + 1234 + A + 00034 + + ZPR_VO_Fremden_abfrage + A + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + + Test + NICHT_OESTERREICH + 916 + false + false + true + 10 + + 2004-01-01T00:00:00.000 + 2004-01-07T00:00:00.000 + + + 0003 + Es wurde 1 Personen im ZMR gefunden + + XXYY + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/gisadressabfrage/gisadressabfragerequest1.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/gisadressabfrage/gisadressabfragerequest1.xml new file mode 100644 index 00000000..50bd6226 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/gisadressabfrage/gisadressabfragerequest1.xml @@ -0,0 +1,30 @@ + + + + + + GP_GIS_Adressabfrage + ZMR_VO_GIS_Adressabfrage + + + + 000000 + + Test + + + + Testgemeinde + 09999 + Testort + + Teststraße + 3 + 3 + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/gisadressabfrage/gisadressabfragerequest2.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/gisadressabfrage/gisadressabfragerequest2.xml new file mode 100644 index 00000000..86ddb20e --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/gisadressabfrage/gisadressabfragerequest2.xml @@ -0,0 +1,23 @@ + + + + + + GP_GIS_Adressabfrage + 1234 + 00034 + ZMR_VO_GIS_Adressabfrage_Druck + + + + 099999 + + ZMRHTMLClient V3.0 + + + true + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/gisadressabfrage/gisadressabfrageresponse1.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/gisadressabfrage/gisadressabfrageresponse1.xml new file mode 100644 index 00000000..f17c9596 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/gisadressabfrage/gisadressabfrageresponse1.xml @@ -0,0 +1,50 @@ + + + + + + GP_GIS_Adressabfrage + 1234 + A + 00034 + + ZMR_VO_GIS_Adressabfrage + C + false + true + + + ZMR_VO_GIS_Adressabfrage_Druck + A + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + + Testgemeinde + 09999 + Testort + + Teststraße + 3 + 3 + + + + + 023 + Personen gefunden. + + 2 + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/gisadressabfrage/gisadressabfrageresponse2.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/gisadressabfrage/gisadressabfrageresponse2.xml new file mode 100644 index 00000000..68018bfc --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/gisadressabfrage/gisadressabfrageresponse2.xml @@ -0,0 +1,91 @@ + + + + + + GP_GIS_Adressabfrage + 1234 + C + 00134 + + ZMR_VO_GIS_Adressabfrage + C + false + true + + + ZMR_VO_GIS_Adressabfrage_Druck + C + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + + Testgemeinde + 09999 + Testort + + Teststraße + 3 + 3 + + + + + 023 + Personen gefunden. + + + 2 + + + + Max + Mustermann + + 2003-01-01 + + + Testgemeinde + 09999 + Testort + + Teststraße + 3 + 3 + + + + + + + Ida + Mustermann + + 2004-01-01 + + + Testgemeinde + 09999 + Testort + + Teststraße + 3 + 3 + + + + WFhYWVlZ + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/hauseigentuemerabfrage/hauseigentuemerabfragerequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/hauseigentuemerabfrage/hauseigentuemerabfragerequest.xml new file mode 100644 index 00000000..c35e07e2 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/hauseigentuemerabfrage/hauseigentuemerabfragerequest.xml @@ -0,0 +1,35 @@ + + + + + + GP_Hauseigentuemerabfrage_erstellen + ZMR_VO_Hauseigentuemerabfrage_erstellen + + + + 000000 + + Test + + + + Test + false + 10 + + + 1245 + Testgemeinde + 09999 + Testort + + Teststrasse + 1 + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/hauseigentuemerabfrage/hauseigentuemerabfrageresponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/hauseigentuemerabfrage/hauseigentuemerabfrageresponse.xml new file mode 100644 index 00000000..e954abd5 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/hauseigentuemerabfrage/hauseigentuemerabfrageresponse.xml @@ -0,0 +1,213 @@ + + + + + + GP_Hauseigentuemerabfrage_erstellen + 1234 + A + 00034 + + ZMR_VO_Hauseigentuemerabfrage_erstellen + A + false + true + + + ZMR_VO_Hauseigentuemerabfrage_Druck_erstellen + A + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + + Test + false + 10 + + + 1245 + Testgemeinde + 09999 + Testort + + Teststrasse + 1 + + + + + 0003 + Es wurde 1 Personen im ZMR gefunden + + + 1 + 0 + 1 + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 0000001 + + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + AMKOR + Amtliche Korrektur + + + 09999 + + test@bmi.gv.at + + + 000111111111 + + + Maximilian + Mustermann + + männlich + 2001-05-07 + Wien + Wien + Österreich + + AUT + Österreich + + + 0000001 + 2003-01-01T00:00:00.000 + + 2003-01-01T00:00:00.000 + REISEDOK_ANLEGEN + Reisedokument anlegen + + + 09999 + + test@bmi.gv.at + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 0000001 + 2004-01-26T00:00:00.000 + + 2003-01-01T00:00:00.000 + GEBURT + Geburt + 2004-01-26T00:00:00.000 + + + 09999 + + test@bmi.gv.at + + + 000111111111 + + + Hans + Mustermann + + männlich + 2001-05-07 + Wien + Wien + Österreich + + AUT + Österreich + + + 0000001 + 2003-01-01T00:00:00.000 + + 2003-01-01T00:00:00.000 + REISEDOK_ANLEGEN + Reisedokument anlegen + + + 09999 + + test@bmi.gv.at + + + + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 00000002 + + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + WSANM + Wohnsitz anmelden + + + 099999 + + + + + + 1245 + Testgemeinde + 09999 + Testort + + Teststrasse + 1 + H + + + XXX000 + + 2004-01-26T00:00:00.000 + WSANM + Wohnsitz anmelden + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/meldeauskunft/meldeauskunftrequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/meldeauskunft/meldeauskunftrequest.xml new file mode 100644 index 00000000..f67f145e --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/meldeauskunft/meldeauskunftrequest.xml @@ -0,0 +1,44 @@ + + + + + + GP_Meldeauskunft_erstellen + ZMR_VO_Meldeauskunft_erstellen + + + + 000000 + + Test + + + + Test + + false + false + + Testdruck 099999 + + urn:publicid:gv.at:wbpk0009999999 + 000123456789 + + + Max + Mustermann + + 2003-01-01 + + + 09999 + Testort + + Teststraße + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/meldeauskunft/meldeauskunftresponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/meldeauskunft/meldeauskunftresponse.xml new file mode 100644 index 00000000..75273ec7 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/meldeauskunft/meldeauskunftresponse.xml @@ -0,0 +1,75 @@ + + + + + + GP_Meldeauskunft_erstellen + 1234 + A + 00034 + + ZMR_VO_Meldeauskunft_erstellen + C + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + + Test + + false + false + + Testdruck 099999 + + urn:publicid:gv.at:wbpk0009999999 + 000123456789 + + + Max + Mustermann + + 2003-01-01 + + + 09999 + Testort + + Teststraße + + + + + 123 + Meldeauskunft erstellt. + + + + + Max + Mustermann + + 2003-01-01 + + + 09999 + Testort + + Teststraße + + + true + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/meldebestaetigung/meldebestaetigungrequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/meldebestaetigung/meldebestaetigungrequest.xml new file mode 100644 index 00000000..312e16b7 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/meldebestaetigung/meldebestaetigungrequest.xml @@ -0,0 +1,26 @@ + + + + + + + GP_Meldebestaetigung_erstellen + ZMR_VO_Meldebestaetigung_erstellen + + + + 099999 + + ZMRHTMLClient V3.0 + + + + Test + AKTLETZT + + 000111111111 + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/meldebestaetigung/meldebestaetigungresponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/meldebestaetigung/meldebestaetigungresponse.xml new file mode 100644 index 00000000..e3e4a42b --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/meldebestaetigung/meldebestaetigungresponse.xml @@ -0,0 +1,72 @@ + + + + + + + GP_Meldebestaetigung_erstellen + 1234 + C + 00034 + + ZMR_VO_Meldebestaetigung_erstellen + C + true + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + + Test + AKTLETZT + + 000111111111 + + + 01234 + Die Meldebestätigung wurde erstellt + + + 000111111111 + + + Max + Mustermann + + männlich + 2000-01-01 + + AUT + Österreich + + + + + Testgemeinde + 09999 + Testort + + Teststraße + 3 + + + 2000-01-01T00:00:00.000 + + true + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/militaerbehoerden/blaetternrequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/militaerbehoerden/blaetternrequest.xml new file mode 100644 index 00000000..a5733f30 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/militaerbehoerden/blaetternrequest.xml @@ -0,0 +1,27 @@ + + + + + + GP_Militaerbehoerde + 37300000000157 + 0 + ZPR_VO_Wehrpflichtige_abfragen + + + + 09999 + + ZMRGUI v4_9_3-04 + + + + Vor + 30 + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/militaerbehoerden/wehrpflichtigeAbfragenRequst.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/militaerbehoerden/wehrpflichtigeAbfragenRequst.xml new file mode 100644 index 00000000..1d4d1e1d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/militaerbehoerden/wehrpflichtigeAbfragenRequst.xml @@ -0,0 +1,31 @@ + + + + + + GP_Militaerbehoerde + ZPR_VO_Wehrpflichtige_abfragen + + + + 09999 + + ZMRGUI v4_9_3-04 + + + + false + 30 + + Wien + 1980-01-01T00:00:00.000 + 1980-02-01T00:00:00.000 + A + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/natuerlicheperson.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/natuerlicheperson.xml new file mode 100644 index 00000000..23958f84 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/natuerlicheperson.xml @@ -0,0 +1,30 @@ + + + + + + 000111111111 + ZMR + + + Max + Mustermann + Mag. rer. nat. + + + Musterfrau + + männlich + 2001-05-07 + Wien + Wien + Österreich + 2003-05-07 + + AUT + Österreich + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personaendern/personaendernrequest1.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personaendern/personaendernrequest1.xml new file mode 100644 index 00000000..62449f25 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personaendern/personaendernrequest1.xml @@ -0,0 +1,40 @@ + + + + + + + GP_Person_aendern + ZPR_VO_Person_aendern + + + + 000000 + + Test + + + + 2004-01-26T00:00:00.000 + NAMENSAENDERUNG + + + + 2434 + 2003-03-01T00:00:00.000 + + 000111111111 + + + + + Anna + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personaendern/personaendernrequest2.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personaendern/personaendernrequest2.xml new file mode 100644 index 00000000..c93c5b72 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personaendern/personaendernrequest2.xml @@ -0,0 +1,42 @@ + + + + + + + GP_Person_aendern + ZPR_VO_Person_aendern + + + + 000000 + + Test + + + + 2004-01-26T00:00:00.000 + XXX + + + + 2434 + 2003-03-01T00:00:00.000 + + 000111111111 + + + + 0004 + + true + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personaendern/personaendernresponse1.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personaendern/personaendernresponse1.xml new file mode 100644 index 00000000..dde7e494 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personaendern/personaendernresponse1.xml @@ -0,0 +1,85 @@ + + + + + + GP_Person_aendern + 1234 + A + 00034 + + ZPR_VO_Person_aendern + C + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + 1234 + Person wurde geändert + + + + 2004-01-26T00:00:00.000 + + + + 0000001 + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + NAMENSAENDERUNG + Namensänderung + + + 09999 + + test@bmi.gv.at + + + 000111111111 + + + Anna + Mustermann + + + Huber + + weiblich + 2001-05-07 + Wien + Wien + Österreich + + AUT + Österreich + + + 0000001 + 2003-01-01T00:00:00.000 + + 2003-01-01T00:00:00.000 + REISEDOK_ANLEGEN + Reisedokument anlegen + + + 09999 + + test@bmi.gv.at + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personaendern/personaendernresponse2.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personaendern/personaendernresponse2.xml new file mode 100644 index 00000000..d824dfac --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personaendern/personaendernresponse2.xml @@ -0,0 +1,110 @@ + + + + + + GP_Person_aendern + 1234 + A + 00034 + + ZPR_VO_Person_aendern + C + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + 1234 + Personendaten wurden geändert + + + + 2004-01-26T00:00:00.000 + + + + 2434 + 2003-01-01T00:00:00.000 + + 2003-01-01T00:00:00.000 + GEBURT + Geburt + + + 09999 + + test@bmi.gv.at + + + 000111111111 + + + Anna + Mustermann + + + Huber + + weiblich + 2001-05-07 + Wien + Wien + Österreich + + AUT + Österreich + + + 0004 + 2004-01-26T00:00:00.000 + + + 2003-01-01T00:00:00.000 + STAATSANGEH_ANLEGEN + Staatsangehörigkeit anlegen + + + 09999 + + test@bmi.gv.at + + + + + + + + 0004 + 2004-01-26T00:00:00.000 + + + 2004-01-26T00:00:00.000 + REISEDOK_AENDERN + Reisedokument geändert + 2004-01-26T00:00:00.000 + + + 09999 + + test@bmi.gv.at + + + Reisedokument + 123 + 2003-01-01 + Libyen + 2004-01-26T00:00:00.000 + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personanlegen/personanlegenrequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personanlegen/personanlegenrequest.xml new file mode 100644 index 00000000..c9d604cd --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personanlegen/personanlegenrequest.xml @@ -0,0 +1,56 @@ + + + + + + GP_Person_anlegen + ZPR_VO_Person_anlegen + + + + 000000 + + Test + + + + 2004-01-26T00:00:00.000 + GEBURT + + + + + Max + Mustermann + + männlich + 2001-05-07 + Wien + Wien + Österreich + + AUT + + + + + + + 09999 + + H + + 1234567 + 111 + 1111111 + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personanlegen/personanlegenresponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personanlegen/personanlegenresponse.xml new file mode 100644 index 00000000..dbc29ee8 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personanlegen/personanlegenresponse.xml @@ -0,0 +1,118 @@ + + + + + + GP_Person_anlegen + 1234 + A + 00034 + + ZPR_VO_Person_anlegen + C + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + 1234 + Person wurde angelegt + + + + 2004-01-26T00:00:00.000 + + + + 0000001 + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + GEBURT + Geburt + + + 09999 + + test@bmi.gv.at + + + 000111111111 + + + Max + Mustermann + + männlich + 2001-05-07 + Wien + Wien + Österreich + + AUT + Österreich + + + 0000001 + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + STAATSANGEH_ANLEGEN + Staatsangehörigkeit angelegt + + + 09999 + + test@bmi.gv.at + + + + + + + + 2004-01-26T00:00:00.000 + + + + 00000002 + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + WSANM + Wohnsitz anmelden + + + 099999 + + + + + + 1245 + Testgemeinde + 09999 + Testort + + Teststrasse + 1 + H + + + XXX000 + + 2004-01-26T00:00:00.000 + WSANM + Wohnsitz anmelden + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/blaetternrequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/blaetternrequest.xml new file mode 100644 index 00000000..57395ab5 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/blaetternrequest.xml @@ -0,0 +1,27 @@ + + + + + + GP_Verknuepfungsanfrage + 1234 + + 00034 + ZPR_VO_Person_abfragen + + + + 000000 + + Test + + + + Vor + 3 + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/blaetternresponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/blaetternresponse.xml new file mode 100644 index 00000000..50e831f2 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/blaetternresponse.xml @@ -0,0 +1,210 @@ + + + + + + GP_Verknuepfungsanfrage + 1234 + A + 00034 + + ZPR_VO_Person_abfragen + A + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + + Test + + false + false + + + true + + 10 + + + + Max + Mustermann + + + + + 0003 + Es wurde 1 Personen im ZMR gefunden + + + 4 + 3 + + 4 + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 0000001 + + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + AMKOR + Amtliche Korrektur + + + 09999 + + test@bmi.gv.at + + + 000111111111 + + + Maximilian + Mustermann + + männlich + 2001-05-07 + Wien + Wien + Österreich + + AUT + Österreich + + + 0000001 + 2003-01-01T00:00:00.000 + + 2003-01-01T00:00:00.000 + REISEDOK_ANLEGEN + Reisedokument anlegen + + + 09999 + + test@bmi.gv.at + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 0000001 + 2004-01-26T00:00:00.000 + + 2003-01-01T00:00:00.000 + GEBURT + Geburt + 2004-01-26T00:00:00.000 + + + 09999 + + test@bmi.gv.at + + + 000111111111 + + + Hans + Mustermann + + männlich + 2001-05-07 + Wien + Wien + Österreich + + AUT + Österreich + + + 0000001 + 2003-01-01T00:00:00.000 + + 2003-01-01T00:00:00.000 + REISEDOK_ANLEGEN + Reisedokument anlegen + + + 09999 + + test@bmi.gv.at + + + + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 00000002 + + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + WSANM + Wohnsitz anmelden + + + 099999 + + + + + + 1245 + Testgemeinde + 09999 + Testort + + Teststrasse + 1 + H + + + XXX000 + + 2004-01-26T00:00:00.000 + WSANM + Wohnsitz anmelden + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/personenabfragedruckrequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/personenabfragedruckrequest.xml new file mode 100644 index 00000000..2a6cc5e0 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/personenabfragedruckrequest.xml @@ -0,0 +1,23 @@ + + + + + + GP_Verknuepfungsanfrage + ZPR_VO_Person_abfragen_drucken + + + + 000000 + + Test + + + 00001 + 00008 + 00003 + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/personenabfragedruckresponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/personenabfragedruckresponse.xml new file mode 100644 index 00000000..6463624b --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/personenabfragedruckresponse.xml @@ -0,0 +1,51 @@ + + + + + + GP_Verknuepfungsanfrage + 1234 + C + 00034 + + ZPR_VO_Person_abfragen_drucken + C + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + + Test + + false + false + + + true + + 10 + + + + Max + Mustermann + + + + + 0003 + Die Druckdaten wurden aufbereitet + + XXYY + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/personenabfragerequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/personenabfragerequest.xml new file mode 100644 index 00000000..a856e8ab --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/personenabfragerequest.xml @@ -0,0 +1,37 @@ + + + + + + GP_Verknuepfungsanfrage + ZPR_VO_Person_abfragen + + + + 000000 + + Test + + + + Test + + false + false + + + true + + 10 + + + + Max + Mustermann + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/personenabfrageresponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/personenabfrageresponse.xml new file mode 100644 index 00000000..70b6aef3 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personenabfrage/personenabfrageresponse.xml @@ -0,0 +1,209 @@ + + + + + + GP_Verknuepfungsanfrage + 1234 + A + 00034 + + ZPR_VO_Person_abfragen + A + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + + Test + + false + false + + + true + + 10 + + + + Max + Mustermann + + + + + 0003 + Es wurde 1 Personen im ZMR gefunden + + + 1 + 0 + 1 + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 0000001 + + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + AMKOR + Amtliche Korrektur + + + 09999 + + test@bmi.gv.at + + + 000111111111 + + + Maximilian + Mustermann + + männlich + 2001-05-07 + Wien + Wien + Österreich + + AUT + Österreich + + + 0000001 + 2003-01-01T00:00:00.000 + + 2003-01-01T00:00:00.000 + REISEDOK_ANLEGEN + Reisedokument anlegen + + + 09999 + + test@bmi.gv.at + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 0000001 + 2004-01-26T00:00:00.000 + + 2003-01-01T00:00:00.000 + GEBURT + Geburt + 2004-01-26T00:00:00.000 + + + 09999 + + test@bmi.gv.at + + + 000111111111 + + + Hans + Mustermann + + männlich + 2001-05-07 + Wien + Wien + Österreich + + AUT + Österreich + + + 0000001 + 2003-01-01T00:00:00.000 + + 2003-01-01T00:00:00.000 + REISEDOK_ANLEGEN + Reisedokument anlegen + + + 09999 + + test@bmi.gv.at + + + + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 00000002 + + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + WSANM + Wohnsitz anmelden + + + 099999 + + + + + + 1245 + Testgemeinde + 09999 + Testort + + Teststrasse + 1 + H + + + XXX000 + + 2004-01-26T00:00:00.000 + WSANM + Wohnsitz anmelden + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personensuche/blaetternrequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personensuche/blaetternrequest.xml new file mode 100644 index 00000000..4458527e --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personensuche/blaetternrequest.xml @@ -0,0 +1,27 @@ + + + + + + GP_Person_suchen_Meldevorgang + 1234 + + 00034 + ZPR_VO_Person_suchen_Meldevorgang + + + + 000000 + + Test + + + + Vor + 3 + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personensuche/blaetternresponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personensuche/blaetternresponse.xml new file mode 100644 index 00000000..f082c3cc --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personensuche/blaetternresponse.xml @@ -0,0 +1,210 @@ + + + + + + GP_Person_suchen_Meldevorgang + 1234 + A + 00034 + + ZPR_VO_Person_suchen_Meldevorgang + A + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + + Test + + false + false + + + true + + 10 + + + + Max + Mustermann + + + + + 0003 + Es wurde 1 Personen im ZMR gefunden + + + 4 + 3 + + 4 + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 0000001 + + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + AMKOR + Amtliche Korrektur + + + 09999 + + test@bmi.gv.at + + + 000111111111 + + + Maximilian + Mustermann + + männlich + 2001-05-07 + Wien + Wien + Österreich + + AUT + Österreich + + + 0000001 + 2003-01-01T00:00:00.000 + + 2003-01-01T00:00:00.000 + REISEDOK_ANLEGEN + Reisedokument anlegen + + + 09999 + + test@bmi.gv.at + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 0000001 + 2004-01-26T00:00:00.000 + + 2003-01-01T00:00:00.000 + GEBURT + Geburt + 2004-01-26T00:00:00.000 + + + 09999 + + test@bmi.gv.at + + + 000111111111 + + + Hans + Mustermann + + männlich + 2001-05-07 + Wien + Wien + Österreich + + AUT + Österreich + + + 0000001 + 2003-01-01T00:00:00.000 + + 2003-01-01T00:00:00.000 + REISEDOK_ANLEGEN + Reisedokument anlegen + + + 09999 + + test@bmi.gv.at + + + + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 00000002 + + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + WSANM + Wohnsitz anmelden + + + 099999 + + + + + + 1245 + Testgemeinde + 09999 + Testort + + Teststrasse + 1 + H + + + XXX000 + + 2004-01-26T00:00:00.000 + WSANM + Wohnsitz anmelden + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personensuche/personensucherequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personensuche/personensucherequest.xml new file mode 100644 index 00000000..ca8bf47e --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personensuche/personensucherequest.xml @@ -0,0 +1,37 @@ + + + + + + GP_Person_suchen_Meldevorgang + ZPR_VO_Person_suchen_Meldevorgang + + + + 000000 + + Test + + + + Test + + false + false + + + true + + 10 + + + + Max + Mustermann + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personensuche/personensucheresponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personensuche/personensucheresponse.xml new file mode 100644 index 00000000..5a2526fa --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personensuche/personensucheresponse.xml @@ -0,0 +1,209 @@ + + + + + + GP_Person_suchen_Meldevorgang + 1234 + A + 00034 + + ZPR_VO_Person_suchen_Meldevorgang + A + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + + Test + + false + false + + + true + + 10 + + + + Max + Mustermann + + + + + 0003 + Es wurde 1 Personen im ZMR gefunden + + + 1 + 0 + 1 + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 0000001 + + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + AMKOR + Amtliche Korrektur + + + 09999 + + test@bmi.gv.at + + + 000111111111 + + + Maximilian + Mustermann + + männlich + 2001-05-07 + Wien + Wien + Österreich + + AUT + Österreich + + + 0000001 + 2003-01-01T00:00:00.000 + + 2003-01-01T00:00:00.000 + REISEDOK_ANLEGEN + Reisedokument anlegen + + + 09999 + + test@bmi.gv.at + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 0000001 + 2004-01-26T00:00:00.000 + + 2003-01-01T00:00:00.000 + GEBURT + Geburt + 2004-01-26T00:00:00.000 + + + 09999 + + test@bmi.gv.at + + + 000111111111 + + + Hans + Mustermann + + männlich + 2001-05-07 + Wien + Wien + Österreich + + AUT + Österreich + + + 0000001 + 2003-01-01T00:00:00.000 + + 2003-01-01T00:00:00.000 + REISEDOK_ANLEGEN + Reisedokument anlegen + + + 09999 + + test@bmi.gv.at + + + + + + + + + + + + 2004-01-26T00:00:00.000 + + + + 00000002 + + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + WSANM + Wohnsitz anmelden + + + 099999 + + + + + + 1245 + Testgemeinde + 09999 + Testort + + Teststrasse + 1 + H + + + XXX000 + + 2004-01-26T00:00:00.000 + WSANM + Wohnsitz anmelden + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/persontrennen/persontrennenrequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/persontrennen/persontrennenrequest.xml new file mode 100644 index 00000000..82643121 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/persontrennen/persontrennenrequest.xml @@ -0,0 +1,37 @@ + + + + + + GP_Person_trennen + 1234 + + 11111 + ZPR_VO_Person_trennen_durchfuehren + + + + 000000 + + Test + + + + + 123 + 2004-01-01T00:00:00.000 + + 000111111111 + + + + 1234 + 2004-01-01T00:00:00.000 + + N + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/persontrennen/persontrennensucherequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/persontrennen/persontrennensucherequest.xml new file mode 100644 index 00000000..2ab231dd --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/persontrennen/persontrennensucherequest.xml @@ -0,0 +1,21 @@ + + + + + + GP_Person_trennen + ZPR_VO_Person_trennen_darstellen + + + + 000000 + + Test + + + 000111111111 + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personzusammenfuehren/personzusammenfuehrenrequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personzusammenfuehren/personzusammenfuehrenrequest.xml new file mode 100644 index 00000000..0442b0e0 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personzusammenfuehren/personzusammenfuehrenrequest.xml @@ -0,0 +1,37 @@ + + + + + + GP_Person_zusammenfuehren + 1234 + + 11111 + ZPR_VO_Person_zusammenfuehren_durchfuehren + + + + 000000 + + Test + + + + + 123 + 2004-01-01T00:00:00.000 + + 000111111111 + + + + 222 + 2004-02-01T00:00:00.000 + + 000222222222 + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personzusammenfuehren/personzusammenfuehrensucherequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personzusammenfuehren/personzusammenfuehrensucherequest.xml new file mode 100644 index 00000000..be5b38ba --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/personzusammenfuehren/personzusammenfuehrensucherequest.xml @@ -0,0 +1,22 @@ + + + + + + GP_Person_zusammenfuehren + ZPR_VO_Person_zusammenfuehren_darstellen + + + + 000000 + + Test + + + 000111111111 + 000222222222 + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzabmelden/wohnsitzabmeldenrequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzabmelden/wohnsitzabmeldenrequest.xml new file mode 100644 index 00000000..69675bd3 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzabmelden/wohnsitzabmeldenrequest.xml @@ -0,0 +1,40 @@ + + + + + + + GP_Wohnsitz_abmelden + ZMR_VO_Wohnsitz_abmelden + + + + 000000 + + Test + + + + + 2004-01-26T00:00:00.000 + WSABM + + + + 0000001 + 2003-01-01T00:00:00.000 + + 000111111111 + + + + 0000002 + 2003-01-01T00:00:00.000 + + H + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzabmelden/wohnsitzabmeldenresponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzabmelden/wohnsitzabmeldenresponse.xml new file mode 100644 index 00000000..a1f2a361 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzabmelden/wohnsitzabmeldenresponse.xml @@ -0,0 +1,77 @@ + + + + + + GP_Wohnsitz_abmelden + 1234 + C + 00034 + + ZMR_VO_Wohnsitz_abmelden + C + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + 1234 + Der Wohnsitz wurde abgemeldet + + + + 0000001 + 2003-01-01T00:00:00.000 + + 000111111111 + + + + 2004-01-26T00:00:00.000 + + + + 0000002 + 2004-01-26T00:00:00.000 + + + 2004-01-26T00:00:00.000 + WSABM + Wohnsitz abmelden + 2004-01-26T00:00:00.000 + + + 099999 + + + + + + 1245 + Testgemeinde + 09999 + Testort + + Teststrasse + 1 + H + + + XXX000 + + 2003-01-01T00:00:00.000 + WSABM + Wohnsitz abmelden + 2004-01-26T00:00:00.000 + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzanmelden/wohnsitzanmeldenrequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzanmelden/wohnsitzanmeldenrequest.xml new file mode 100644 index 00000000..44ebbb56 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzanmelden/wohnsitzanmeldenrequest.xml @@ -0,0 +1,48 @@ + + + + + + GP_Wohnsitz_anmelden + ZMR_VO_Wohnsitz_anmelden + + + + 000000 + + Test + + + + + 2004-01-26T00:00:00.000 + WSANM + + + + 0000001 + 2003-01-01T00:00:00.000 + + 000111111111 + + + + + 09999 + + H + + 1234567 + 111 + 1111111 + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzanmelden/wohnsitzanmeldenresponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzanmelden/wohnsitzanmeldenresponse.xml new file mode 100644 index 00000000..ccbc350d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzanmelden/wohnsitzanmeldenresponse.xml @@ -0,0 +1,79 @@ + + + + + + GP_Wohnsitz_anmelden + 1234 + C + 00034 + + ZMR_VO_Wohnsitz_anmelden + C + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + 1234 + Der Wohnsitz wurde angemeldet + + + + 0000001 + 2003-01-01T00:00:00.000 + + 000111111111 + + + + 2004-01-26T00:00:00.000 + + + + 00000002 + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + WSANM + Wohnsitz anmelden + + + 099999 + + + + + + 1245 + Testgemeinde + 09999 + Testort + + Teststrasse + 1 + H + + 1234567 + 111 + 1111111 + + + + XXX000 + + 2004-01-26T00:00:00.000 + WSANM + Wohnsitz anmelden + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzummelden/wohnsitzummeldenrequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzummelden/wohnsitzummeldenrequest.xml new file mode 100644 index 00000000..039626bb --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzummelden/wohnsitzummeldenrequest.xml @@ -0,0 +1,60 @@ + + + + + + GP_Wohnsitz_ummelden + ZMR_VO_Wohnsitz_ummelden + + + + 000000 + + Test + + + + 2004-01-26T00:00:00.000 + HWS_NWS_HWS + + + + 0000001 + 2003-01-01T00:00:00.000 + + 000111111111 + + + + + + 0000003 + 2003-01-01T00:00:00.000 + + H + + + + + + + + 09999 + + H + + 1234567 + 111 + 1111111 + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzummelden/wohnsitzummeldenresponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzummelden/wohnsitzummeldenresponse.xml new file mode 100644 index 00000000..1af5a374 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/wohnsitzummelden/wohnsitzummeldenresponse.xml @@ -0,0 +1,124 @@ + + + + + + GP_Wohnsitz_ummelden + 1234 + C + 00034 + + ZMR_VO_Wohnsitz_ummelden + C + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + 1234 + Ummeldung erfolgreich durchgeführt + + + + 0000001 + 2003-01-01T00:00:00.000 + + 000111111111 + + + + + 2004-01-26T00:00:00.000 + + + + 0000003 + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + HWS_ABM_HWS + Hauptwohnsitz wird abgemeldet, neuer Hauptwohnsitz + 2004-01-26T00:00:00.000 + + + 099999 + + + + + + 1245 + Testgemeinde + 09999 + Testort + + Teststrasse + 2 + H + + 1111111 + 111 + 1111111 + + + + XXX000 + + 2003-01-01T00:00:00.000 + HWS_ABM_HWS + Hauptwohnsitz wird abgemeldet, neuer Hauptwohnsitz + 2004-01-26T00:00:00.000 + + + + + 2004-01-26T00:00:00.000 + + + + 0000012 + 2004-01-26T00:00:00.000 + + 2004-01-26T00:00:00.000 + HWS_ABM_HWS + Hauptwohnsitz wird abgemeldet, neuer Hauptwohnsitz + + + 099999 + + + + + + 1245 + Testgemeinde + 09999 + Testort + + Teststrasse + 1 + H + + 1234567 + 111 + 1111111 + + + + XXX000 + + 2004-01-26T00:00:00.000 + HWS_ABM_HWS + Hauptwohnsitz wird abgemeldet, neuer Hauptwohnsitz + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/zuzugsbestaetigung/zuzugsbestaetigungrequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/zuzugsbestaetigung/zuzugsbestaetigungrequest.xml new file mode 100644 index 00000000..35dae59d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/zuzugsbestaetigung/zuzugsbestaetigungrequest.xml @@ -0,0 +1,25 @@ + + + + + + GP_Zuzugsbestaetigung_anfordern + ZMR_VO_Zuzugsbestaetigung_anfordern + + + + 000000 + + Test + + + + 09999 + 2004-01-01T00:00:00.000 + 2004-01-05T00:00:00.000 + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/zuzugsbestaetigung/zuzugsbestaetigungresponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/zuzugsbestaetigung/zuzugsbestaetigungresponse.xml new file mode 100644 index 00000000..a9ef5a38 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/testxml/zmr/zuzugsbestaetigung/zuzugsbestaetigungresponse.xml @@ -0,0 +1,64 @@ + + + + + + GP_Zuzugsbestaetigung_anfordern + 1234 + C + 00034 + + ZMR_VO_Zuzugsbestaetigung_anfordern + C + false + true + + + + ZMR Server + 2004-01-26T00:00:00.000 + 1234567 + + + + + 09999 + 2004-01-01T00:00:00.000 + 2004-01-05T00:00:00.000 + + + + 0012 + Die Zuzugsdaten wurden erzeugt + + + 100 + 2 + + + 000111111111 + Mustermann + Max + 2000-01-01 + + 2004-01-01T00:00:00.000 + 09999 + Testgemeinde + + + + 000111111112 + Mustermann + Ida + 2001-01-01 + + 2004-01-02T00:00:00.000 + 09999 + Testgemeinde + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/wsdl/Messages.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/wsdl/Messages.xsd new file mode 100644 index 00000000..112598a4 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/wsdl/Messages.xsd @@ -0,0 +1,215 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/wsdl/Service.wsdl b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/wsdl/Service.wsdl new file mode 100644 index 00000000..3dbeabc7 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/wsdl/Service.wsdl @@ -0,0 +1,62 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/wsdl/secext.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/wsdl/secext.xsd new file mode 100644 index 00000000..1005b12a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/wsdl/secext.xsd @@ -0,0 +1,150 @@ + + + + + + + This element defines header block to use for security-relevant data directed at a specific SOAP actor. + + + + + + + + The use of "any" is to allow extensibility and different forms of security data. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + A security token that is encoded in binary + + + + + + + + + + + + + + + + This element is used reference a security token. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/wsdl/secext_pvp.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/wsdl/secext_pvp.xsd new file mode 100644 index 00000000..24896b99 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/wsdl/secext_pvp.xsd @@ -0,0 +1,152 @@ + + + + + + + + This element defines header block to use for security-relevant data directed at a specific SOAP actor. + + + + + + + + + The use of "any" is to allow extensibility and different forms of security data. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + A security token that is encoded in binary + + + + + + + + + + + + + + + + This element is used reference a security token. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/Auswertungen.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/Auswertungen.xsd new file mode 100644 index 00000000..c5efb2f6 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/Auswertungen.xsd @@ -0,0 +1,200 @@ + + + + + + + + + + + Request zum Auflisten der im ZMR für eine Organisation erzeugten Auswertungen + Ist InclusiveAbgeholte='true', werden auch die Auswerungen geliefert, die schon abgeholt wurden. + + + + + + + + + + + + + + + + + + In der Response werden die für die Organisation erzeugten Auswertungen als Liste geliefert. + Die Auswertungen sind nach GeneriertAm aufsteigend sortiert + + + + + + + + + + + + + + + + + + Wenn alle Teile (Auswertungsdaten) einer Auswertung abgeholt (mittels HTTP-Get) und erfolgreich + verarbeitet wurden, muss dieser Request zum 'Abschliessen' der Auswertung geschickt werden. + Abgeholte Auswertungen werden nur nuch dann geliefert, wenn InclusiveAbgeholte='true' gesetzt ist. + Es muss die EntityID der abgeholten Auswertung geschickt werden. + + + + + + + + + + + + + Response mit EntityID der abgeholten Auswertung + + + + + + + + + + + + + + Sobald eine Auswertung erzeugt wurde, kann über diese Schnittstelle der Empfänger aktiv verständigt werden (PUSH-Mechanismus) + + + + + + + + + + + + + + Bestätigung des Empfängers, die Verstänfigung erhalten zu haben + + + + + + + + + + + + + Innerhalb einer Auswertung werden die geteilten Files aufsteigend durchnummeriert geliefert. + Als erster Schüssel der Sortierung dient der Datentyp, als zweiter die Nummerierung + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Das File mit dem Auswertungsteil ist über den angegebenen (zur ZMR-Applikationsroot) + relativen URL referenziert und kann mittels HTTP-GET abgeholt werden. + + + + + + + + + + + + + + + + + + + + + + Falls die Auswertung schon einmal abgeholt wurde, wird dieser Datenteil mit den + Informationen zur Abholung (Organisation, Zeitpunkt) geliefert. + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/BasTabelleAbfrage.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/BasTabelleAbfrage.xsd new file mode 100644 index 00000000..4c2387d7 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/BasTabelleAbfrage.xsd @@ -0,0 +1,176 @@ + + + + + + + + + + + + + + + + + + + + + Definiert welche Tabelle mit welchen Suchkriterien aufgelistet werden soll. + InclusivHistorie: bestimmt ob nur aktuelle oder auch (fachlich) historische Einträge aufgelistet werden sollen + LetzteAenderungNach: Gibt man hier ein Datum an, werden nur Einträge gelistet, deren LetzteAenderung Datum nach diesem ist + + + + + + + + + + + + + + Enthält alle gefunden Einträge der entsprechenden BAS-Tabelle + + + + + + + + + + + + + + + + + Ein BAS.STAAT Eintrag mit den üblichen technischen und allen fachlichen Informationen + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Ein BAS.AKADGRAD Eintrag mit den üblichen technischen und allen fachlichen Informationen + + + + + + + + + + + + + + + + + + Ein BAS.DOMAINCODE Eintrag mit den fürs ZMR3 relevanten Feldern + + + + + + + + + + + + + Ein BAS.GEMNRBEHKZ Eintrag mit den fürs ZMR3 relevanten Feldern + + + + + + + + + + Ein GW2.TGEM Eintrag mit den fürs ZMR3 relevanten Feldern + + + + + + + + + + Eine Rolle mit den erlaubten Geschäftsprozessen + + + + + + + + + + + + Ein Geschäftsprozess zu einer Rolle mit optionaler Einschränkung auf bestimmte Vorgänge + + + + + + + + + + + + Ein Geschäftsprozess zu einer Rolle mit optionaler Einschränkung auf bestimmte Vorgänge + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/Benutzereinstellungen.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/Benutzereinstellungen.xsd new file mode 100644 index 00000000..45bb9795 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/Benutzereinstellungen.xsd @@ -0,0 +1,102 @@ + + + + + + + + + + + + + + Leerer Request, die Identifikation des Benutzers wird aus den Logindaten gewonnen + + + + + + + + + + Benutzereinstellungsdaten des abfragenden Benutzers. + + + + + + + + + + + + + geaenderte Benutzereinstellungen + + + + + + + + + + Benutzereinstellungsdaten des abfragenden Benutzers. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/GeschaeftsprozesseAuflisten.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/GeschaeftsprozesseAuflisten.xsd new file mode 100644 index 00000000..34f8354c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/GeschaeftsprozesseAuflisten.xsd @@ -0,0 +1,64 @@ + + + + + + + + + + + + Request zum Auflisten der für den aktiven User verfügbaren Geschäftsprozesse. + Dieses Feld wird, genauso wie z.B. PersonSuchenRequest, innerhalb eines base:Request geschickt. + + + + + + + + + + + + Enthält die Liste mit den für den User verfügbaren Geschäftsprozessen, sowie deren Sub-Prozesse (Vorgänge) + als Baumstruktur aufgebaut. Ein eintrag in der Liste enspricht einem Geschäftsprozess. + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/Messages.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/Messages.xsd new file mode 100644 index 00000000..47dcda53 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/Messages.xsd @@ -0,0 +1,27 @@ + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/Organisationseinstellungen.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/Organisationseinstellungen.xsd new file mode 100644 index 00000000..b5058e1b --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/Organisationseinstellungen.xsd @@ -0,0 +1,151 @@ + + + + + + + + + + + + geaenderte Benutzereinstellungen + + + + + + + + + + Benutzereinstellungsdaten des abfragenden Benutzers. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/Service.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/Service.xsd new file mode 100644 index 00000000..81cd3e80 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/Service.xsd @@ -0,0 +1,40 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/AbfrageMuster.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/AbfrageMuster.xsd new file mode 100644 index 00000000..c7163abe --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/AbfrageMuster.xsd @@ -0,0 +1,140 @@ + + + + + + Daten zu einem Suchmuster (Ausdruck) + + + + + + + + + + + Dient zur Klammerung von Suchmuster-Ausdrücken. + Muss erst dann unterstützt werden, wenn eine Klammerung nötig wird. + + + + + + + + + + + + Eine Sucheinschränkung (= Einschränkung für ein Feld) + + + + + + + + + + + + Verknüpfung mit der nächsten Zeile (Default: AND) + + + + + + + + + + + + Mögliche Vergleichsoperatoren. + + + + + + + + + + + + + + + + + + + + + + + Daten zur Sortierung einer Abfrage + + + + + + + + + + Sortierungsschluessel einer Abfrage + + + + + + + + + + + + + + + + + + + + + + + + + + + + Daten zur Parametrisierung einer Abfrage + + + + + + + + + + Ein einzelner Abfrageparameter + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/AkademischerGradFelder.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/AkademischerGradFelder.xsd new file mode 100644 index 00000000..da73c389 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/AkademischerGradFelder.xsd @@ -0,0 +1,61 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/Blaettern.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/Blaettern.xsd new file mode 100644 index 00000000..943439b8 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/Blaettern.xsd @@ -0,0 +1,56 @@ + + + + + + + + + + Für Suchvorgänge, in deren Ergebnisliste geblättert werden kann, stellt dieser Request + eine generische Schnittstelle zum Blättern dar. Er wird mit demselben Vorgang-Namen in der + Workflowschnittstelle geschickt, wie der ursprüngliche Suche-Request. Als Ergebnis wird + das Suchergebnis des ensprechenden Suchvorgangs analog zur rsprünglichen Suche-Response geliefert. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/DokumentFelder.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/DokumentFelder.xsd new file mode 100644 index 00000000..0c38ec09 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/DokumentFelder.xsd @@ -0,0 +1,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/EingebundenProxy.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/EingebundenProxy.xsd new file mode 100644 index 00000000..de80a94f --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/EingebundenProxy.xsd @@ -0,0 +1,28 @@ + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/Entity.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/Entity.xsd new file mode 100644 index 00000000..a5fbac59 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/Entity.xsd @@ -0,0 +1,135 @@ + + + + + + + + + + Referenziert eine Entity in der Datenbank für Suchergebnisse + + + + + + + + + + + + + + + Referenziert eine Entity in der Datenbank für Aenderungen (immer die aktuellste, das heisst jüngstes 'Von') + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Die derzeit bekannten Organisationen sind strikt definiert (BehoerdenNr, GemeindeNr, KundenNr); + neue, noch nicht definierte Organiationen, können mittels eines (Orgtyp, OrgCode)-Paares übermittelt werden. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/InfoFachlich.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/InfoFachlich.xsd new file mode 100644 index 00000000..20212cc2 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/InfoFachlich.xsd @@ -0,0 +1,103 @@ + + + + + + + + + + + + + + Letze-Änderung-Timestamp des Gesamt-Satzes (Jüngster Timestamp aller Entities im Satz), + Muss bei einem Änderungsvorgang als Letzte-Änderung-Timestamp geschickt werden. + + + + + + + + + + + + + + + + + + + + + + + + + + + + allgemeine fachliche Informationen + + + + + + + + + + + + + Bereichspezifische Bürgerkarten-Information einer Person + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/InfoTechnisch.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/InfoTechnisch.xsd new file mode 100644 index 00000000..e23ff4fe --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/InfoTechnisch.xsd @@ -0,0 +1,103 @@ + + + + + + + + + + + Technische Client-Informationen + + + + + + + Herstellername der Client-Software inklusive Version (Bsp.: ZMRHTMLClient V3.0) + + + + + + + + + + + + + + + + + + + + + Technische Server-Informationen + + + + + + Applikationsname und -version + + + + + Generierung Timestamp + + + + + Transaktionsnummer des Servers + + + + + + Enthält neue User-Information (wie z.B. Information über Wartungarbeiten am ZMR) + Diese Info kann dem User am Bildschirm angezeigt werden. + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/MeldungFelder.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/MeldungFelder.xsd new file mode 100644 index 00000000..2179baaf --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/MeldungFelder.xsd @@ -0,0 +1,283 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/PersonDataZMR.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/PersonDataZMR.xsd new file mode 100644 index 00000000..d5d2df47 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/PersonDataZMR.xsd @@ -0,0 +1,741 @@ + + + + + + + This version of person deploys only global elements. All types derived from abstract types have been replaced by substitution groups + + + + + unique identification entities + + + + + unique identifier + + + + + actual value of the identifier. + + + + + type of value (eg 'ZMR', 'SV-Nummer', 'Martrikelnummer', database identification, ...) + + + + + zusätzliche felder + + + + + + + + + Personendatenstruktur + + + + + + + + + + + + + + element of physical person type + + + + + element of person type + + + + + + main structure of person data + + + + + unique identification entities + + + + + + + + + + physical person + + + + + + + + + + + + + + + + + any additional properties + + + + + + + + + + Former name, Artist name, changes of Given name ... type of name is given as attribute - choose from list or define new type + + + + + + + + + + + + + + + + + + + + known types of alternative names + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + simple type for dates (union), which may omit day and/or month + + + + + + + + simple type for dates (union), which may omit day and/or month + + + + + + + + + simple type for marital status of a person + + + + + + + + + + + + + + + + + + + + simple type for sex (gender) of person + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + any additional properties + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Post oder ZMR Adresse, entspricht PostalAddress + + + + + main structure of address data + + + + + unique identification entities + + + + + + + + + postal address + + + + + + + + + + + + + + + + + + + any additional properties + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Entspricht InternetAddress + + + + + Container für Telefonnummern, entspricht TelephoneAddress + + + + + + internet based communication + + + + + + + certificate for secure communication + + + + + eURI: mail-Adresse, Web, FTP, LDAP, ..., entspricht Address + + + + + + + + + + + any additional properties + + + + + + + + + + phone numbers + + + + + + + type of phononumber - category (eg 'Festnetz', 'Mobile', 'fax', ...) + + + + + + + + + + + + phonenumber + + + + + any additional properties + + + + + + + + + + + + + + + + + + + + + + + + + + + entspricht InternationalCountryCode + + + + + entspricht NationalNumber + + + + + entspricht AreaCityCode + + + + + entspricht SubscriberNumber + + + + + + + + + + + + + + entspricht Extension + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + entspricht Region + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/PersonExport.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/PersonExport.xsd new file mode 100644 index 00000000..5987d099 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/PersonExport.xsd @@ -0,0 +1,107 @@ + + + + + + Definiert allgemein nutzbare Export-Schnittstelle um eine Liste von Personen abzubilden. + + + + + + Root-Element des Personenexports. + + + + + + Root-Element des Personenexports. + + + + + + + + + + + + + + + + Gruppiert nach Personen werden alle Elemente in dieser + Liste abgebildet. + + + + + + + + + Dieser Type beinhaltet alle Elemente die zu einer Person gehören. + + + + + + + + Diese Liste beinhaltet alle Sätze die zu einer + Person gehören. Unabhängig von der Tabelle oder + Strang-Historie. + Fehlt die Liste, ist die Entity zu löschen. + + + + + + + + + + Dieser Type beinhaltet alle Elemente die sich auf einen Eintrag + in einer beliebigen Tabelle beziehen. + + + + + + + + + + + + + + + + + + + + + Generiersche Name/Wert-Paare für Export + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/PersonFelder.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/PersonFelder.xsd new file mode 100644 index 00000000..600e01c3 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/PersonFelder.xsd @@ -0,0 +1,70 @@ + + + + + + + + Personendaten-Felder + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + simple type for dates (union), which may omit day and/or month + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/Protokollierung.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/Protokollierung.xsd new file mode 100644 index 00000000..c9bc3b1a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/Protokollierung.xsd @@ -0,0 +1,496 @@ + + + + + + + + + + + + + + + + Das Element Dienststelle identifiziert die Dienststelle mit den verschiedenen definierten + Codes und Kennzeichen. + + + + + 3-Stelliger Dienststellencode. Wird im neuen Portal wegfallen??? + + + + + + + + + + + + Klartextname der durchfuehrenden Dienststelle. PVP.ou + + + + + + Emailadresse der Organisationseinheit/Dienststelle + + + + + + + + + + + + + + + + + + Verwaltungskennzeichen (VKZ) der durchfuehrenden Dienststelle + (PVP-Header). Kunde fuer Verrechnung + + + + + Bundesweite eindeutige ID der Dienststelle (vom Portal) fuer Verrechnung. + PVP.gvOuId - bleibt das? + + + + + Verwaltungskennzeichen (VKZ) der Kostenstelle des Users aus + PVP-Header normalerweise der Kunde (BMI Kundennummer) fuer Verrechnung. PVP.CostCenterId + + + + + Verwaltungskennzeichen (VKZ) des Rechnungsempfaengers aus PVP-Header + Provider fuer Verrechnung. PVP.invoiceReceiptId + + + + + Liste von Codes aus PVP-Header fuer Verrechnung. PVP.ChargeCode + + + + + + + + + + + + + Applikationskurzzeichen, Beispiel: "X02" + + + + + Versionsnummer wie sie auch im GUI angezeigt wird + + + + + + Applikationskurzzeichen-Verarbeitungsbezeichnung + + + + + + + If (Anfrage oder Auskunft)="1" Else="0" + + + + + + + + + + + If Update="1" Else "0" + + + + + + + + + + + Summe der Anzahl der Treffer + + + + + + If Treffer="P", If Kein Treffer="N", If Treffer mit abweichenden Personendaten="I" + + + + + + + + + + + + z.B.: "X02A" "X02B" analog zu den Hosttransaktionen + + + + + + + + + + + Transaktionsnummer + + + + + + Behoerdenschluessel der durchfuehrenden Behoerde. Wenn in Applikation + geprueft, dann MUSS es vorhanden sein, sonst 000000 + + + + + + Entiwcklungsumgebung=WEBS, Testumgebung=WEBT, + Produktionsumgebung=WEBP + + + + + + + + + Das Element User identifiziert den User, der den Request ausgelöst hat und die + Dienststelle, welcher der Request zuzuordnen ist. + + + + + gvgid im Sinne des Portalverbundes, Wert der "OPK". PVP.gvGid + + + + + Familienname und Vorname. PVP.cn + + + + + Anmeldename des durchführenden Benutzers. PVP.userId + + + + + Emailadresse des Users aus PVP-Header. PVP.mail + + + + + + + + + + + + + + + + + + Dienststelle + + + + + + + + Vordefinierte Werte für Referenzarten: + * edv_zahl + * dastazahl + * numerator_nr + * geschaeftszahl + + + + + Transaktionsnummer + + + + + + + + + + + + String-Begruendung der Anfrage fuer den User "hilfreich" bei + DS-Rueckfrage. Manuelle Eingabe oder Vorgangsbeschreibung. + + + + + + + + Protokoll:Referenz + + + + + + SOAP Request im Fall von Abfragen, Suchen. Parameter wenn es sich um eine + Batchanforderung handelt, sonst leer. + Weitere applikationsspezifische Daten, allenfalls notwendige Tags + sind mit IV/2 abzustimmen. + Datumselemente: Art ist mit IV/2 abzustimmen. + + + + + + + + + + Zurueckgelieferte Person. + + + + + im ZMR: "ZMR-Meldung", "Meldepflichtiger". ERnP??? Definition??? + Attribute + art="personenrolle" + + + + + Familienname der Person. ZPR.famname + + + + + Vorname der Person. ZPR.vorname + + + + + Geburtsort + + + + + + Zu klären: + * was vom Akademischen Grad + * welche Grade + * Reihenfolge + * Kurzform, nur + vorangestellte? + + + + + Kennzeichen Geschlecht. + + + + + Geburtsstaat. Normierung? + + + + + JJJJMMTT created: Letztes Aenderungsdatum der Person. + + + + + zmrzahl + + + + + + + + + + + + + + + Liste von Adressen. Es wird nur eine Adresse ausgegeben (bisherige Logik) + + + + + + + + + + + + + Postleitzahl. Meldung.plz + + + + + Ortname (vereinfacht?). Meldung.ortname + + + + + Strassenname. Meldung.strname + + + + + Hausnummer. Meldung.hausnummer + + + + + + + + + + JJJJMMTT: Gebdatum + + + + + + JJJJMMTT: Suche mit unvollständigem Datum (Jahr) + + + + + JJJJMMTT: Suche mit unvollständigem Datum (Jahr) + + + + + + + + + Geburstsdatum oder Suchintervall + + + + + + + + DatumRedType: Format JJJJMMTT richtet sich nach + xsd:date, '00' bei Monat und Tag erlaubt. + Keine + Trennzeichen + + + + + + + + + + + TimeRedType: Format (mindestens HHMMSS) richtet sich + nach xsd:dateTime, ohne Datumsanteil und + ohne + Trennzeichen. 0 bis 3 Nachkommastellen sind zulaessig + + + + + + + + + + Maennlich="1", Weiblich="2", Unbekannt="3", Juristische Person="4". + "Juristische Person" ist nur in enstprechenden Anwendungen/Anwendungsfaellen zulaessig. + + + + + maennlich + + + + + weiblich + + + + + unbekannt + + + + + juristische Person + + + + + + + + im ZMR: "ZMR-Meldung", "Meldepflichtiger". ERnP??? + Definition??? Attribute + art="personenrolle" + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/SimpleTypes.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/SimpleTypes.xsd new file mode 100644 index 00000000..77b3e59e --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/SimpleTypes.xsd @@ -0,0 +1,173 @@ + + + + + + + + IntegerType: nicht negativer Integer mit Maximalwert 2^31-1 (Beschränkung durch Datenbank) + + + + + + + + + DatumType: Format richtet sich nach xsd:date, '00' bei Monat und Tag erlaubt + + + + + + + + + + TimestampType: Format richtet sich nach xsd:dateTime, Angabe der Millisekunden ist Pflicht, Zeitzone nicht erlaubt + + + + + + + + + IDs + + + + + + + Entity-IDs (können auch alphanumerisch sein, z.B. alte edvzahlen) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/W3C-XMLDSig.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/W3C-XMLDSig.xsd new file mode 100644 index 00000000..63440043 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/W3C-XMLDSig.xsd @@ -0,0 +1,274 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/Workflow.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/Workflow.xsd new file mode 100644 index 00000000..729b61ee --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/Workflow.xsd @@ -0,0 +1,200 @@ + + + + + + + + + + + Workflowinformationen des Clients + + + + + + + + Wenn der Geschäftsprozess aus mehreren Vorgängen besteht, + müssen die ProzessinstanzID und SequenzID aus der letzten + Server-Response vom Client geschickt werden. + Beim ersten Vorgang eines neuen Geschäftsprozesses dürfen die beiden + Felder nicht geschickt werden. + Bei Beginn einen neuen Geschäftsprozesses SOLLTE die InstanzID des letztzen + Prozesses als VerlassenerProzessInstanzID mitgeschickt werden + + + + + + + + + + + + + + Workflowinformationen des Servers + + + + + + Der Prozessname dient zur technischen Identifikation des Prozesses, der ProzessAnzeigeName + kann zur Anzeige auf der Benutzeroberfläche verwendet werden. + + + + + + + + + + + + + + + + + Der VorgangName dient zur technischen Identifikation des Vorgangs, der VorgangAnzeigeName + kann zur Anzeige auf der Benutzeroberfläche verwendet werden. + Die Elemente VorgangRestriction und VorgangConditions werden in näherer Zukunft nicht implementiert + und können ignoriert werden (werden nicht befüllt). + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + regionale Restriktion, die fuer den Vorgang gilt (z.B. Gemeindenummer, fuer die Personen angemeldet werden duerfen. + + + + + + + + + + + + + Liste von Bedingungen, unter denen das Item aktiv wird. + + + + + + Liste von alternativen Voraussetzungen (ODER) für die Anwählbarkeit der Activity. Ein Eintrag repräsentiert eine Reihe von Objekten, die im Suchergebnis ausgewählt sein müssen (UND). + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/gis-schnittstelle.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/gis-schnittstelle.xsd new file mode 100644 index 00000000..4228c88f --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/gis-schnittstelle.xsd @@ -0,0 +1,171 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/pvp1.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/pvp1.xsd new file mode 100644 index 00000000..68a1115d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/pvp1.xsd @@ -0,0 +1,174 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + additional authentication properties + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + additional authorization properties + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + additional properties + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + additional principal attributes + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/secext.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/secext.xsd new file mode 100644 index 00000000..1005b12a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/secext.xsd @@ -0,0 +1,150 @@ + + + + + + + This element defines header block to use for security-relevant data directed at a specific SOAP actor. + + + + + + + + The use of "any" is to allow extensibility and different forms of security data. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + A security token that is encoded in binary + + + + + + + + + + + + + + + + This element is used reference a security token. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/soapenv.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/soapenv.xsd new file mode 100644 index 00000000..a5db77f5 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/eingebunden/soapenv.xsd @@ -0,0 +1,129 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Prose in the spec does not specify that attributes are allowed on the Body element + + + + + + + + + + + + + + + + + + + + 'encodingStyle' indicates any canonicalization conventions followed in the contents of the containing element. For example, the value 'http://schemas.xmlsoap.org/soap/encoding/' indicates the pattern described in SOAP specification + + + + + + + + + + + + + + + Fault reporting structure + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AblaufendeAuskunftssperrenSuche.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AblaufendeAuskunftssperrenSuche.xsd new file mode 100644 index 00000000..cf5a661e --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AblaufendeAuskunftssperrenSuche.xsd @@ -0,0 +1,76 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Enthält je einen 'PersonErgebnisSatz' pro gefundener Person. Wird keine Person gefunden, befindet sich eine entprechende Text-Message in 'PersonensucheMsg' + + + + + Gesamtanzahl der in der Datenbank gefundenen Personen + + + + + Beginn-Index dieser Ergebnisliste im Gesamtergebnis (bei Blaettern); Start mit 1 + + + + + Ende-Index dieser Ergebnisliste im Gesamtergebnis (bei Blaettern) + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Adoption.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Adoption.xsd new file mode 100644 index 00000000..81a29052 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Adoption.xsd @@ -0,0 +1,63 @@ + + + + + + + + + + + + Es können die Person und deren abhängige Entities (z.B. Staatsangehoerigkeit) unabhängig geändert werden. Felder, die nicht geschickt werden, bleiben unverändert, leer geschickte Felder werden gelöscht. + + + + + + + + + + + + + + Server-Antwort zur Adoption + + + + + + + Gesamtdatensatz der geänderten (adoptierten) Person (mit EntityIDs der Person und deren abhängigen Entities) + + + + + + + + + + allgemeine Fachliche Informationen zur Adoption + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Adresssuche.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Adresssuche.xsd new file mode 100644 index 00000000..41dab2e2 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Adresssuche.xsd @@ -0,0 +1,128 @@ + + + + + + + + + + + Suchdaten für die STATA - Adresssuche im ZMR + + + + + + + + + + + + Anfragedaten, sowie Suchergebnis oder Text-Meldung (falls nichts gefunden) + + + + + + + + + + + + + + + + + + + + + + + + + Fachliche Informationen zur Adresssuche + + + + + + + + + + + + + + + + + + + + Gibt der Detailgrad der Adressen im Suchergebnis an + + + + + + + + + + + + + + + + Gesamtanzahl der gefundenen Sätze + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Anwendungsintegration.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Anwendungsintegration.xsd new file mode 100644 index 00000000..4bdd43c5 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Anwendungsintegration.xsd @@ -0,0 +1,97 @@ + + + + + + + + + + + + + + Suchkriterien für die Anwendungsintegration im ZMR/ERnP (Personendaten + Adressdaten) + + + + + + + + + + + + + + In der Response werden die Anfragedaten aus dem Request, und das Suchergebnis bzw. eine Text-Meldung geliefert (Falls keine Person gefunden) + + + + + + + + + + + + + + + Fachliche Informationen zur Anwendungsintegration + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AnwendungsintegrationWiederholung.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AnwendungsintegrationWiederholung.xsd new file mode 100644 index 00000000..6bbd038d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AnwendungsintegrationWiederholung.xsd @@ -0,0 +1,117 @@ + + + + + + + + + + + + + Sammel-Token für die AnwendungsintegrationWiederholung im ZMR/ERnP (Personendaten + Adressdaten) + + + + + + + + + + + + + Fachliche Informationen zur AnwendungsintegrationWiederholung + + + + + + + + + + + + + + + Verfahrensbereich inkl. Prefix für den die bPK errechnet werden soll (zb. urn:publicid:gv.at:cdid+PV) + + + + + + + + + + + + Fremd-bPKs die miterzeugt werden sollen. (zb. urn:publicid:gv.at:ecdid+BMI+ZP) + + + + + + + + + + + + + + + + Suchkriterien für die Anwendungsintegration/Wiederholungsabfrage im ZMR/ERnP (Personendaten + Adressdaten) + + + + + + + + + + + + + In der Response werden die Anfragedaten aus dem Request, und das Suchergebnis bzw. eine Text-Meldung geliefert (Falls keine Person gefunden) + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AuskunftssperreAendern.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AuskunftssperreAendern.xsd new file mode 100644 index 00000000..9e29f2f2 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AuskunftssperreAendern.xsd @@ -0,0 +1,55 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + Server-Antwort zur Änderung von Auskunftssperren auf Meldungen + + + + + + + + Gesamtdatensatz der korrigierten Meldung (mit EntityIDs der Meldung und deren abhängigen Entities) + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AvisoAendern.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AvisoAendern.xsd new file mode 100644 index 00000000..37a3ac98 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AvisoAendern.xsd @@ -0,0 +1,93 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Server-Antwort zur Avisonänderung + + + + + + + Gesamtdatensatz des geänderten Aviso + + + + + + + + + + + + + + + + + Server-Antwort zur Avisobeendugung + + + + + + + Gesamtdatensätze der beendeten Avisi + + + + + + + + + + Fachliche Informationen zur Avisoaenderung + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AvisoAnlegen.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AvisoAnlegen.xsd new file mode 100644 index 00000000..92c37432 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AvisoAnlegen.xsd @@ -0,0 +1,60 @@ + + + + + + + + + + + + + + + + + + + + Server-Antwort zur Avisonanlage + + + + + + + Gesamtdatensatz des im ZMR angelegten Aviso + + + + + + + + + + Fachliche Informationen zur Avisoanlage + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AvisoFreigeben.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AvisoFreigeben.xsd new file mode 100644 index 00000000..6291dd58 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/AvisoFreigeben.xsd @@ -0,0 +1,69 @@ + + + + + + + + + + + + + + + + + + + + + Server-Antwort mit den zu aktivierenden Avisi + + + + + + + + + + + + + + + + + + + + + Server-Antwort zur Aviso-Aktivierung + + + + + + + Gesamtdatensätze der freigegebenen/abgelehnten Avisi + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Avisosuche.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Avisosuche.xsd new file mode 100644 index 00000000..82e48c49 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Avisosuche.xsd @@ -0,0 +1,124 @@ + + + + + + + + + + + + Suchedaten fuer die Suche nach existierenden Avisi, sowie nach Personen im ZPR + + + + + + + + + + + + Anfragedaten, sowie Suchergebnis oder Text-Meldung (falls nichts gefunden) + + + + + + + + + + + + + + + + + + + + + + + + Fachliche Informationen zur Avisosuche + + + + + + + + + + + + + + + + Aviso-Struktur für die Suche nach Avisi bzw. Personen + + + + + + + + + + + + + + + + + + + + + + Aviso-Struktur für Neuanlagen von Avisi im ZMR + + + + + Gesamtanzahl der in der Datenbank gefundenen Avisi + + + + + Beginn-Index dieser Ergebnisliste im Gesamtergebnis (bei Blaettern); Start mit 1 + + + + + Ende-Index dieser Ergebnisliste im Gesamtergebnis (bei Blaettern) + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/BKMeldeauskunft.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/BKMeldeauskunft.xsd new file mode 100644 index 00000000..b82fae63 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/BKMeldeauskunft.xsd @@ -0,0 +1,69 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + allgemeine Fachliche Informationen für die Meldeauskunft + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/BPKPruefung.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/BPKPruefung.xsd new file mode 100644 index 00000000..eb9b3798 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/BPKPruefung.xsd @@ -0,0 +1,76 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + allgemeine Fachliche Informationen für die BPK-Pruefung + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Behoerdenabfrage.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Behoerdenabfrage.xsd new file mode 100644 index 00000000..6e764562 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Behoerdenabfrage.xsd @@ -0,0 +1,126 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + allgemeine Fachliche Informationen für die Behördenabfrage + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/BehoerdenattributeAendern.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/BehoerdenattributeAendern.xsd new file mode 100644 index 00000000..aa4b2bbf --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/BehoerdenattributeAendern.xsd @@ -0,0 +1,68 @@ + + + + + + + + + + + + + Referenz-Daten der betroffenen Person und der Meldung, sowie die geänderten Behördenattribute. + Nicht übermittelte Felder bleiben unverändert, Felder, die als Leer-Tags geschickt werden, werden gelöscht. + + + + + + + + + + + + + + + Server-Antwort zum Änderungsvorgang + + + + + + + + Gesamtdatensatz der geänderten Meldung (geänderte Behördenattribute) + + + + + + + + + + allgemeine Fachliche Informationen zur Änderung der Behördenattribute + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Bestandsaenderungen.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Bestandsaenderungen.xsd new file mode 100644 index 00000000..8abbbedf --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Bestandsaenderungen.xsd @@ -0,0 +1,140 @@ + + + + + + + + + + + + Anfragedaten der Bestandsaenderungen-Anforderung + + + + + + + + + + + In der Response werden die Anfragedaten aus dem Request und das Abgleichergebnis geliefert. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Gesamtanzahl der Bestandsaenderung-Saetze für diese Anfrage + + + + + Anzahl der im File gelieferten Bestandsaenderung-Saetze + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/BusinesspartnerAnfrage.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/BusinesspartnerAnfrage.xsd new file mode 100644 index 00000000..249aa0c0 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/BusinesspartnerAnfrage.xsd @@ -0,0 +1,131 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Businesspartnerabfrage.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Businesspartnerabfrage.xsd new file mode 100644 index 00000000..2831a33d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Businesspartnerabfrage.xsd @@ -0,0 +1,94 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + allgemeine Fachliche Informationen für die BP-Abfrage + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/BusinesspartnerabfrageErweitert.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/BusinesspartnerabfrageErweitert.xsd new file mode 100644 index 00000000..75daf516 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/BusinesspartnerabfrageErweitert.xsd @@ -0,0 +1,67 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Datenabgleich.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Datenabgleich.xsd new file mode 100644 index 00000000..b953f052 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Datenabgleich.xsd @@ -0,0 +1,280 @@ + + + + + + + + + + + + + + Anfragedaten des Datenabgleichs (täglich, von-bis oder aktuell) + + + + + + + + + + + In der Response werden die Anfragedaten aus dem Request und das Abgleichergebnis geliefert. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Gesamtanzahl der Abgleichsätze für diese Anfrage + + + + + Anzahl der im File gelieferten Abgleichsätze + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Gesamtanzahl der Abgleichsätze für diese Anfrage + + + + + Anzahl der im File gelieferten Abgleichsätze + + + + + + + + + + + + + + + + + + + + + + Person-Struktur für Datenabgleich-Ergebnisse aus dem ZMR + + + + + + + + + + + + + + + Natuerliche Person (Suchergebnis) + + + + + + + + + + + + + + + + + + + + + + + + + + + + Meldung-Struktur für Suchergebnisse aus dem ZMR + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Person-Struktur für Datenabgleich-Ergebnisse aus dem ZMR + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ErnpAbfrage.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ErnpAbfrage.xsd new file mode 100644 index 00000000..db36e0d5 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ErnpAbfrage.xsd @@ -0,0 +1,161 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Fremdenabfrage.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Fremdenabfrage.xsd new file mode 100644 index 00000000..e4a610ae --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Fremdenabfrage.xsd @@ -0,0 +1,108 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + allgemeine Fachliche Informationen für die Fremdenabfrage + + + + + + + + + + + + + + + + + + + + + + + + + + Enthält je einen 'PersonErgebnisSatz' pro gefundener Person. Wird keine Person gefunden, befindet sich eine entprechende Text-Message in 'base:Message' + + + + + Gesamtanzahl der in der Datenbank gefundenen Personen + + + + + Beginn-Index dieser Ergebnisliste im Gesamtergebnis (bei Blaettern); Start mit 0 + + + + + Ende-Index dieser Ergebnisliste im Gesamtergebnis (bei Blaettern) + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/GISAdressabfrage.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/GISAdressabfrage.xsd new file mode 100644 index 00000000..3f5bbe7f --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/GISAdressabfrage.xsd @@ -0,0 +1,79 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Gesamtanzahl der in der Datenbank gefundenen Personen + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/GISSuche.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/GISSuche.xsd new file mode 100644 index 00000000..4989b13c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/GISSuche.xsd @@ -0,0 +1,74 @@ + + + + + + + + + + + + Request zum Suchen von Personen mittels GIS-Daten + + + + + + + + + + + + + + + + + + + + + + + + + + + + Request zum Suchen von Personen mittels GIS-Daten + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Gemeindeeinstellungen.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Gemeindeeinstellungen.xsd new file mode 100644 index 00000000..5096e120 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Gemeindeeinstellungen.xsd @@ -0,0 +1,71 @@ + + + + + + + + + + + + + + + Lesen der Gemeindeeinstellungen + + + + + + + + + + + Lesen der Gemeindeeinstellungen + + + + + + + + + + + + + Aendern der Gemeindeeinstellungen + + + + + + + + + + + + Aendern der Gemeindeeinstellungen Ergebnismeldung + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Gerichtskommissaerabfrage.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Gerichtskommissaerabfrage.xsd new file mode 100644 index 00000000..6eacf127 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Gerichtskommissaerabfrage.xsd @@ -0,0 +1,93 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + allgemeine Fachliche Informationen für die Behördenabfrage + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/GleichsetzungstabelleWarten.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/GleichsetzungstabelleWarten.xsd new file mode 100644 index 00000000..f5cd55cd --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/GleichsetzungstabelleWarten.xsd @@ -0,0 +1,185 @@ + + + + + + + + + + + Suchedaten fuer die Suche nach Einträgen in der Gleichsetzungstabelle + + + + + + + + + + + + + + + Anfragedaten, sowie Suchergebnis oder Text-Meldung (falls nichts gefunden) + + + + + + + + + + + + + Suchedaten fuer die Suche nach Einträgen in der Gleichsetzungstabelle + + + + + + + + + + + + + + Daten der angelegeten Gleichsetzung, sowie Erfolgsmeldung + + + + + + + + + + + + Suchedaten fuer die Suche nach Einträgen in der Gleichsetzungstabelle + + + + + + + + + + + + Daten der angelegeten Gleichsetzung, sowie Erfolgsmeldung + + + + + + + + + + + + + + + + + + + + + + + + + Fachliche Informationen zur Gleichsetzungstabelle - Abfrage + + + + + + + + + + Gleichsetzungstabelle - Suchereggebnis + + + + + Gesamtanzahl der in der Datenbank gefundenen Einträge + + + + + + + + + + Gleichsetzungstabelleneintrag + + + + + + + + + + + + + + + + + + + + + + + Fachliche Informationen einer Anlage in der Gleichsetzungstabelle + + + + + + + + + + + + + Fachliche Informationen für das Löschen eines Eintrages der Gleichsetzungstabelle + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Hauseigentuemerabfrage.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Hauseigentuemerabfrage.xsd new file mode 100644 index 00000000..b72bea37 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Hauseigentuemerabfrage.xsd @@ -0,0 +1,117 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Hauseigentuemerabfrage-Druckrequest (muss nach einer Hauseigentuemerabfrage mit derselben ProzessInstanzID aufgerufen werden) + + + + + Liste der EntityIDs der zu druckenden Meldungen (aus der vorangegangenen Hauseigentuemerabfrage) + + + + + + + + + + + + In der Response werden die Anfragedaten aus dem Request, und das Suchergebnis bzw. eine Text-Meldung geliefert (Falls keine Person gefunden) + + + + + + + + + + + + + + + + + + + + + + + allgemeine Fachliche Informationen für die Hauseigentuemerabfrage + + + + + + + + + + + + Enthält je einen 'PersonErgebnisSatz' pro gefundener Person. Wird keine Person gefunden, befindet sich eine entprechende Text-Message in 'base:Message' + + + + + Gesamtanzahl der in der Datenbank gefundenen Personen + + + + + Beginn-Index dieser Ergebnisliste im Gesamtergebnis (bei Blaettern); Start mit 1 + + + + + Ende-Index dieser Ergebnisliste im Gesamtergebnis (bei Blaettern) + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/IAPPersonenabfrage.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/IAPPersonenabfrage.xsd new file mode 100644 index 00000000..26165d66 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/IAPPersonenabfrage.xsd @@ -0,0 +1,120 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Meldeauskunft.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Meldeauskunft.xsd new file mode 100644 index 00000000..df262baf --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Meldeauskunft.xsd @@ -0,0 +1,102 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + allgemeine Fachliche Informationen für die Meldeauskunft + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Meldebestaetigung.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Meldebestaetigung.xsd new file mode 100644 index 00000000..4f8b6f93 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Meldebestaetigung.xsd @@ -0,0 +1,127 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + allgemeine Fachliche Informationen für die Meldebestaetigung + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + allgemeine Fachliche Informationen für die Meldebestaetigung + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/MeldebestaetigungenAnfordern.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/MeldebestaetigungenAnfordern.xsd new file mode 100644 index 00000000..0e08efd2 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/MeldebestaetigungenAnfordern.xsd @@ -0,0 +1,55 @@ + + + + + + + + + + Meldebestätigungen für alle Personen in der angegebenen Gemeinde. + + + + + + + + + + + + + + + + + + + + + + + Server-Antwort zur Anforderung von Massen-Meldebestätigungen + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/MeldungHistKorrigieren.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/MeldungHistKorrigieren.xsd new file mode 100644 index 00000000..b322b1b0 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/MeldungHistKorrigieren.xsd @@ -0,0 +1,112 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Server-Antwort zur Meldungkorrektur + + + + + + + + + Gesamtdatensatz der korrigierten Meldung (mit EntityIDs der Meldung und deren abhängigen Entities) + + + + + + + + + + + + + + + + + + + + + + + + + Meta-Informationen zur Meldungkorrektur + + + + + + + + + + + + + + mögliche Korrekturen für eine historische Meldung + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ORFGISAnforderung.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ORFGISAnforderung.xsd new file mode 100644 index 00000000..90e6d34a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ORFGISAnforderung.xsd @@ -0,0 +1,65 @@ + + + + + + + + + + + Anfragedaten der ORFGISAnforderung + + + + + + + + + + + In der Response werden die Anfragedaten aus dem Request und die Meldung geliefert, dass die Daten bereit gestellt werden. + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ObjektsucheMindestsicherung.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ObjektsucheMindestsicherung.xsd new file mode 100644 index 00000000..2e91cacf --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ObjektsucheMindestsicherung.xsd @@ -0,0 +1,88 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Gesamtanzahl der in der Datenbank gefundenen Personen + + + + + Beginn-Index dieser Ergebnisliste im Gesamtergebnis (bei Blaettern); Start mit 0 + + + + + Ende-Index dieser Ergebnisliste im Gesamtergebnis (bei Blaettern) + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ObjektsucheSteuerfahndung.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ObjektsucheSteuerfahndung.xsd new file mode 100644 index 00000000..0e0e5355 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ObjektsucheSteuerfahndung.xsd @@ -0,0 +1,91 @@ + + + + + + + + + + + + + + + + + + + + + + Es wir entweder das Feld PDFDaten (Anforderung als Druck) mit allen gefundenen Datensätzen, + oder ObjektsucheSteuerfahndungErgebnis mit der aktuell geblätterten Seite geliefert. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Gesamtanzahl der in der Datenbank gefundenen Personen + + + + + Beginn-Index dieser Ergebnisliste im Gesamtergebnis (bei Blaettern); Start mit 0 + + + + + Ende-Index dieser Ergebnisliste im Gesamtergebnis (bei Blaettern) + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonAendern.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonAendern.xsd new file mode 100644 index 00000000..c29e8e06 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonAendern.xsd @@ -0,0 +1,78 @@ + + + + + + + + + + + Es können die Person und deren abhängige Entities (z.B. Staatsangehoerigkeit) unabhängig geändert werden. Felder, die nicht geschickt werden, bleiben unverändert, leer geschickte Felder werden gelöscht. + + + + + + + + + + + + + + + + + + + + + + + + + + Server-Antwort zur Personenänderung + + + + + + + Gesamtdatensatz der geänderten Person (mit EntityIDs der Person und deren abhängigen Entities) + + + + + + + + + + allgemeine Fachliche Informationen zur Personenänderung + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonAnlegen.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonAnlegen.xsd new file mode 100644 index 00000000..e3131165 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonAnlegen.xsd @@ -0,0 +1,67 @@ + + + + + + + + + + + + + + + + + + + + + + + Server-Antwort zur Personenanlage + + + + + + Gesamtdatensatz der im ZMR angelegten Person (mit EntityIDs der Person und deren abhängigen Entities) + + + + + Gesamtdatensatz der angelegten Meldung (mit EntityIDs der Meldung und deren abhängigen Entities) + + + + + + + + + + allgemeine Fachliche Informationen zur Personenanlage + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonExport.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonExport.xsd new file mode 100644 index 00000000..a91e9f5a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonExport.xsd @@ -0,0 +1,74 @@ + + + + + + + + + + + + + Request für PersonExport + + + + + + + + + + + + Response für PersonExport + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonKorrigieren.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonKorrigieren.xsd new file mode 100644 index 00000000..3f163231 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonKorrigieren.xsd @@ -0,0 +1,74 @@ + + + + + + + + + + + Es können die Person und deren abhängige Entities (z.B. Staatsangehoerigkeit) unabhängig geändert werden. Felder, die nicht geschickt werden, bleiben unverändert, leer geschickte Felder werden gelöscht. + + + + + + + + + + + + + + + + + + + + + + + + Server-Antwort zur Personenkorrektur + + + + + + + Gesamtdatensatz der korrigierten Person (mit EntityIDs der Person und deren abhängigen Entities) + + + + + + + + + + allgemeine Fachliche Informationen zur Personenkorrektur + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonTrennen.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonTrennen.xsd new file mode 100644 index 00000000..ceba2041 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonTrennen.xsd @@ -0,0 +1,75 @@ + + + + + + + + + + + + + ZMR-Zahl der Person, die gesplittet werden soll + + + + + + + + + + + Personen- und Medledaten des SPLIT-Kandidaten (es werden nur die zuletzt fachlich gültigen Sätze - sowohl der Person, als auch der Meldungen geliefert) + + + + + + + + + + + + + + Zweiter Schritt der Personentrennung nach der Suche/Anzeige der zu trennenden Person (Trennung durchführen) + Enthält die Person-Referenz und die Liste der auf die neue Person zu übertragenden Meldungen + + + + + + + + + + + + + Personen- und Meldedaten der getrennten Personen, es wird die gesamte fachl. Historie geliefert + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonZusammenfuehren.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonZusammenfuehren.xsd new file mode 100644 index 00000000..b44943d7 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonZusammenfuehren.xsd @@ -0,0 +1,75 @@ + + + + + + + + + + + + + ZMR-Zahl der Person, die gesplittet werden soll + + + + + + + + + + + + Personen- und Medledaten der KIT-Kandidaten (es werden nur die zuletzt fachlich gültigen Sätze - sowohl der Person, als auch der Meldungen geliefert) + + + + + + + + + + + + + + + Zweiter Schritt der Personenzusammenführung nach der Suche/Anzeige der zusammenzuführenden Personen (Zusammenführung durchführen) + + + + + + + + + + + + Personen- und Meldedaten zusammengeführten Person, es wird die gesamte fachl. Historie geliefert + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonenIndex.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonenIndex.xsd new file mode 100644 index 00000000..72b3d3f2 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/PersonenIndex.xsd @@ -0,0 +1,73 @@ + + + + + + + + + + + + Im Request werden Meta-Informationen zum Batch und die verschlüsselten BPKs geliefert + ECDID steht für "encrypted context dependend id" aus. + + + + + + + + + + + + + + Es werden keine Responsedaten erwartet. + + + + + + + + + + + + Meta-Informationen zum ausgelieferten Index: + BatchCode/Name, Organisation, Bereich, Zeitraum, etc... + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Personenabfrage.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Personenabfrage.xsd new file mode 100644 index 00000000..c1b579ce --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Personenabfrage.xsd @@ -0,0 +1,139 @@ + + + + + + + + + + + + + Suchkriterien für die Personensuche im ZMR(Personendaten + Adressdaten) + + + + + + + + + + + + + + In der Response werden die Anfragedaten aus dem Request, und das Suchergebnis bzw. eine Text-Meldung geliefert (Falls keine Person gefunden) + + + + + + + + + + + + + Suchkriterien für die Personensuche im ZMR (Personendaten + Adressdaten) + + + + + Liste der EntityIDs der zu druckenden Personen + + + + + + + + + In der Response werden die Anfragedaten aus dem Request, und das Suchergebnis bzw. eine Text-Meldung geliefert (Falls keine Person gefunden) + + + + + + + + + + + + + + + + + + + + + + + + + + Fachliche Informationen zur Personensuche + + + + + + + + + + + + + Enthält je einen 'PersonErgebnisSatz' pro gefundener Person. Wird keine Person gefunden, befindet sich eine entprechende Text-Message in 'PersonensucheMsg' + + + + + Gesamtanzahl der in der Datenbank gefundenen Personen + + + + + Beginn-Index dieser Ergebnisliste im Gesamtergebnis (bei Blaettern); Start mit 1 + + + + + Ende-Index dieser Ergebnisliste im Gesamtergebnis (bei Blaettern) + + + + + + + + + Enthält die Ergebnisdaten zu einer gefundenen Person. + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Personenlisten.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Personenlisten.xsd new file mode 100644 index 00000000..e7f18752 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Personenlisten.xsd @@ -0,0 +1,131 @@ + + + + + + + + + + + + Suchkriterien für den PersonenListen-Request im ZMR (Personendaten + Adressdaten) + + + + + + + + + + + + + + In der Response werden die Anfragedaten aus dem Request, und das + Suchergebnis bzw. eine Text-Meldung geliefert (Falls keine Person gefunden) + + + + + + + + + + + + + + + + Anfragedaten, entsprechen den Suchdaten des Requests + + + + + + + + + + + + + + Fachliche Informationen zur PersonenListen + + + + + + + + + + + Suchkriterien + + + + + + + + + + + Ergebniskriterien + + + + + v-bPKs die miterzeugt werden sollen. (zb. urn:publicid:gv.at:ecdid+BMI+ZP) + + + + + + + + + + + + + + + PersonenListenErgebnisType beinhaltet die Liste der gefundenen Personen. + Derzeit wird die Liste auf 50 Sätze begrenzt. + + + + + + + + + Beinhaltet als einen Ergebnissatz eine Personen und ihre aktuellen Meldungen + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Personensuche.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Personensuche.xsd new file mode 100644 index 00000000..31606d6f --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Personensuche.xsd @@ -0,0 +1,255 @@ + + + + + + + + + + + + + + + Suchkriterien für die Personensuche im ZMR/ERnP (Personendaten + Adressdaten) + + + + + + + + + + + + + + + + In der Response werden die Anfragedaten aus dem Request, und das Suchergebnis bzw. eine Text-Meldung geliefert (Falls keine Person gefunden) + + + + + + + + + + + + + + + + + + + + + + + + + + + Fachliche Informationen zur Personensuche + + + + + + + + + + + + Datenbank-Suchkriterien für Personen- und Meldedaten der Personensuche + + + + + + + + + + + + + + + + + + + Anzeigekriterien für Personen- und Meldedaten im Personensuchergebnis + + + + + + + + + + + + + + + + Sortierung nach Familienname, Vorname, Geburtsdatum (Default) + + + + + + Sortierung nach PLZ, Straße, Hausnummer, Stiege, Tür, Familienname, Vorname, + Geburtsdatum. + Die Sortierung wirkt auf die Adresse, nach der gesucht wurde, d.h. es sollte + auf eine eingeschränkt werden (z.B. Suche in Objekt). + + + + + + + + + + Enthält je einen 'PersonErgebnisSatz' pro gefundener Person. Wird keine Person gefunden, befindet sich eine entprechende Text-Message in 'PersonensucheMsg' + + + + + Gesamtanzahl der in der Datenbank gefundenen Personen + + + + + Gesamtanzahl der in der ERnP-Datenbank gefundenen Personen + + + + + Beginn-Index dieser Ergebnisliste im Gesamtergebnis (bei Blaettern); Start mit 1 + + + + + Ende-Index dieser Ergebnisliste im Gesamtergebnis (bei Blaettern) + + + + + + + + + Enthält die Ergebnisdaten zu einer gefundenen Person. + + + + + + + + + + Fasst die gefundenen Daten einer Person aus dem Melderegister (aktuelle und historische Personendaten, sowie aktuelle und historische Meldedaten) + + + + + + + + + + Historienliste der Personendaten (Erklärung Historienliste siehe Dokument ZMR2Schnittstellen-Richtlinien.doc + + + + + + + + + + + + gelieferte Meldungen der Person (ein Strang = ein Element 'Meldedaten') + + + + + + Historienliste der Meldedaten einer Meldung + + + + + + + + + Fasst die gefundenen Daten einer Person aus dem Ergänzungsregister (ERnP) (aktuelle und historische Personendaten, sowie aktuelle und historische Kontaktadressen) + + + + + Historienliste der Personendaten (Erklärung Historienliste siehe Dokument ZMR2Schnittstellen-Richtlinien.doc + + + + + + + + + + + + LMR-Histmeldungen für ERnP-Personen werden bei der LMR-Suche benötigt. + Sonst nicht verwenden, ausbauen, wenn Schnittstelle an externe Partner + geliefert wird!!! + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/QKZAuswertung.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/QKZAuswertung.xsd new file mode 100644 index 00000000..e6dafecd --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/QKZAuswertung.xsd @@ -0,0 +1,82 @@ + + + + + + + + + + + + Die Auswertung läuft über alle Personen mit den angegebene QKZ in der angegebenen Gemeinde. + + + + + + + + + + + + + + + + + + + + + Server-Antwort zur Anforderung einer QKZ-Auswertung + + + + + + + + + + + + Auswertungs-XML für QKZs laut ZMR-171 + + + + + + + + + + + + + Definiert eine Zuordnung zwischen einer Person und einem QKZ für die XML-Auswertung laut ZMR-171 + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/QKZBearbeiten.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/QKZBearbeiten.xsd new file mode 100644 index 00000000..2f97c8b8 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/QKZBearbeiten.xsd @@ -0,0 +1,71 @@ + + + + + + + + + + + + + Mit einem Request können Qualifikationskennzeichen angelegt oder gelöscht werden. + + + + + + + Referenz auf das Objekt, für das die QKZ-Wartung durchgeführt wird (Person oder Meldung) + + + + + + + + + + + + + Server-Antwort zur QKZ-Wartung + + + + + + + Datensatz der angelegten/gelöschten Qualifikationskennzeichen + + + + + + + + + + allgemeine Fachliche Informationen zur QKZ-Wartung + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/SZREinzelabfrage.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/SZREinzelabfrage.xsd new file mode 100644 index 00000000..f0cc9d26 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/SZREinzelabfrage.xsd @@ -0,0 +1,85 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + allgemeine Fachliche Informationen für die SZR - Einzelabfrage + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/SZRPersonenbindung.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/SZRPersonenbindung.xsd new file mode 100644 index 00000000..81a836d6 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/SZRPersonenbindung.xsd @@ -0,0 +1,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + allgemeine Fachliche Informationen für die Personenbindungsanfrage + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/SZRPersonensuche.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/SZRPersonensuche.xsd new file mode 100644 index 00000000..7e1050e5 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/SZRPersonensuche.xsd @@ -0,0 +1,75 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + allgemeine Fachliche Informationen für die SZR - Personensuche + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/SZRSammelabfrage.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/SZRSammelabfrage.xsd new file mode 100644 index 00000000..0608fa38 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/SZRSammelabfrage.xsd @@ -0,0 +1,54 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Sperrliste.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Sperrliste.xsd new file mode 100644 index 00000000..624919ff --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Sperrliste.xsd @@ -0,0 +1,129 @@ + + + + + + + + + + + + + + + Auflisten der gesperrten Adressen für die angegebene Gemeinde + + + + + + + + + + + Response der Personensuche im ZMR. Geliefert werden die ID-Daten sowie alle Staatsangehoerigkeiten + + + + + + + + + + + + Anlegen einer neuen Adressen für die angegebene Gemeinde + + + + + + + + + + + Message fuer das Update einer Sperradresse + + + + + + + + + + + Loeschen von Sperradressen + + + + + + + + + + + Id der Sperradresse + + + + + + + + + + + + gespeicherte Sperradresse + + + + + + + + + + + + + Adresse + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Storno.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Storno.xsd new file mode 100644 index 00000000..50b6f1f4 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Storno.xsd @@ -0,0 +1,146 @@ + + + + + + + + + + + + + + + Über den Storno-Modus kann gesteuert werden, ob + der Storno normal durchgeführt werden soll, oder + zb. ob der letzte Storno rückgängig gemacht werden soll. + Fehlt der Storno-Modus wird das Storno normal + durchgeführt. + + + + + + + + Falls eine bestimmte Meldung storniert werden soll, + müssen hier ihre Referenzdaten geschickt werden. + Wird nur die Personreferenz geschickt, wird die Person storniert + + + + + + + + + + + + Stellt den Stornovorgang für den User dar + + + + + + + Für jede in den Storno involvierte Person wird ein Element StornoVergleich geliefert. + Hier wird der Person-Gesamtdatensatz vor und nach dem Storno dargestellt. + Auch wenn aussschließlich Meldedaten vom Storno betroffen sind, wird die gesamte Person geliefert. + + + + + + + + + + + + + + + + Bei einem Storno kann vorkommen, dass mehrere Personen involviert sind. + Zum Beispiel bei einem Kit-Fall. Um davor zu warnen, wird hier explizit + eine Liste von ZMR-Zahlen geliefert, die Personen anzeigen, bei denen das + Storno ebenfalls eine Änderung bewirken würde. + + + + + + + + + + + + + Über den Storno-Modus kann gesteuert werden, ob + der Storno normal durchgeführt werden soll, oder + zb. ob der letzte Storno rückgängig gemacht werden soll. + Fehlt der Storno-Modus wird das Storno normal + durchgeführt. + + + + + + + + Falls eine bestimmte Meldung storniert werden soll, + müssen hier ihre Referenzdaten geschickt werden. + Wird nur die Personreferenz geschickt, wird die Person storniert + + + + + + + + + + + + Server-Antwort des Storno-Vorgangs + + + + + + + + + + + + Stellt Steuerungsmöglichkeiten für den Storno zur Verfügung. + zb. normales Storno, letztes Storno rückgängig machen (Storno vom Storno) + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/SzrAbfrage.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/SzrAbfrage.xsd new file mode 100644 index 00000000..1e8261ab --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/SzrAbfrage.xsd @@ -0,0 +1,59 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/TechnischeAnsicht.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/TechnischeAnsicht.xsd new file mode 100644 index 00000000..a8d09153 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/TechnischeAnsicht.xsd @@ -0,0 +1,132 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + allgemeine Fachliche Informationen für die Abfrage zur technischen Ansicht + + + + + + + + + Enthält alle Personenzustände (für eine Person) zu einem bestimmten techn. Änderungszeitpunkt. + + + + + + + + + + + Enthält alle Meldungszustände (für eine Meldung) zu einem bestimmten techn. Änderungszeitpunkt. + + + + + + + + + + + Liste der technischen Zustände einer Person zu einem Zeitpunkt. + + + + + + + + + + + + Liste der technischen Zustände einer Meldung + + + + + + + + + + + + komplette Personendaten mit Information für den technischen Stichzeitpunkt + + + + + + + + + + + komplette Meldung mit Information für den technischen Stichzeitpunkt + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Ummeldeserviceabfrage.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Ummeldeserviceabfrage.xsd new file mode 100644 index 00000000..8f459931 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Ummeldeserviceabfrage.xsd @@ -0,0 +1,79 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + allgemeine Fachliche Informationen für die BP-Abfrage + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/WehrpflichtigeAbfragen.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/WehrpflichtigeAbfragen.xsd new file mode 100644 index 00000000..9a5e6e1a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/WehrpflichtigeAbfragen.xsd @@ -0,0 +1,99 @@ + + + + + + + + + + + + + + + + + + + + + + + + + Es wir entweder das Feld PDFDaten (Anforderung als Druck) mit allen gefundenen Datensätzen, + oder WehrpflichtigeAbfragenErgebnis mit der aktuell geblätterten Seite geliefert. + + + + + + + + + + + + + + + + + + + + + + + + + + + + allgemeine Fachliche Informationen für die Wehrpflichtigenabfrage + + + + + + + + + + + Enthält je einen 'PersonErgebnisSatz' pro gefundener Person. Wird keine Person gefunden, befindet sich eine entprechende Text-Message in 'base:Message' + + + + + Gesamtanzahl der in der Datenbank gefundenen Personen + + + + + Beginn-Index dieser Ergebnisliste im Gesamtergebnis (bei Blaettern); Start mit 0 + + + + + Ende-Index dieser Ergebnisliste im Gesamtergebnis (bei Blaettern) + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/WohnsitzAbmelden.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/WohnsitzAbmelden.xsd new file mode 100644 index 00000000..5d3b7cc2 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/WohnsitzAbmelden.xsd @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + + + + + + Server-Antwort zur Wohnsitzabmeldung + + + + + + + + Gesamtdatensatz der abgemeldeten Meldung (mit EntityIDs der Meldung und deren abhängigen Entities) + + + + + + + + + + + Fachliche Informationen zur Wohnsitzabmeldung + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/WohnsitzAnmelden.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/WohnsitzAnmelden.xsd new file mode 100644 index 00000000..75670c47 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/WohnsitzAnmelden.xsd @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + + + + Server-Antwort zur Wohnsitzanmeldung + + + + + + + + Gesamtdatensatz der angelegten Meldung (mit EntityIDs der Meldung und deren abhängigen Entities) + + + + + + + + + + + + allgemeine Fachliche Informationen zur Wohnsitzanmeldung + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/WohnsitzKorrigieren.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/WohnsitzKorrigieren.xsd new file mode 100644 index 00000000..90153232 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/WohnsitzKorrigieren.xsd @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Server-Antwort zur Wohnsitzkorrektur + + + + + + + + Gesamtdatensatz der korrigierten Meldung (mit EntityIDs der Meldung und deren abhängigen Entities) + + + + + + + + + + + Fachliche Informationen zur Wohnsitzkorrektur + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/WohnsitzUmmelden.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/WohnsitzUmmelden.xsd new file mode 100644 index 00000000..48128ade --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/WohnsitzUmmelden.xsd @@ -0,0 +1,126 @@ + + + + + + + + + + + + + + + + + + + + Referenz auf die erste in den Ummeldevorgang involvierte Meldung (wird entweder umgemeldet, oder abgemeldet), sowie deren evtl. geänderten Behördenattribute + + + + + + + + + + + + + + Zweite in den Ummeldevorgang involvierte Meldung (wird entweder umgemeldet, oder angemeldet - entsprechend entweder Referenz oder MeldungAnlage), sowie deren Behördenattribute (bei Ummeldung) + + + + + + + + + + + + + + + + + + + + + + + Server-Antwort zur Wohnsitzummeldung + + + + + + + + + Gesamtdatensatz der umgemeldeten Meldung (mit EntityIDs der Meldung und deren abhängigen Entities) + + + + + Gesamtdatensatz der umgemeldeten oder neuen Meldung (mit EntityIDs der Meldung und deren abhängigen Entities) + + + + + + + + + + + Fachliche Informationen zur Wohnsitzummeldung + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ZMRDatenauszug.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ZMRDatenauszug.xsd new file mode 100644 index 00000000..cdab5654 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ZMRDatenauszug.xsd @@ -0,0 +1,32 @@ + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ZMRProxy.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ZMRProxy.xsd new file mode 100644 index 00000000..bb0583ef --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ZMRProxy.xsd @@ -0,0 +1,96 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ZmrBuergerService.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ZmrBuergerService.xsd new file mode 100644 index 00000000..9732778d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ZmrBuergerService.xsd @@ -0,0 +1,373 @@ + + + + + + + + + + + + + + + Suchkriterien für die Personensuche im ZMR + + + + + + + + + + + + + + + + Response der Personensuche im ZMR. Geliefert werden die ID-Daten sowie alle Staatsangehoerigkeiten + + + + + + + + + + + + + Suchkriterien für die Mitbewohnersuche im ZMR + + + + + + + + + + + + + + Response der Mitbewohnersuche im ZMR. Geliefert wird die angefragte Adresse sowie die ID-Daten aller Personen an der Adresse + + + + + + + + + + + + + Suchkriterien für die Wohnsitzanmeldung im ZMR. bPK/ZP der + + + + + + + + + + + + + + + + Suchkriterien für die Wohnsitzanmeldung im ZMR + + + + + + + + + + + + + + Suchkriterien für die Wohnsitzanmeldung im ZMR + + + + + + + + + + + + + + + + + Transaction- und UUID des Service Clients + + + + + + + + + + + + neue Meldung bei HWS_ABM_NWS_HWS und HWS_NWS_NWS_HWS + + + + + + + + + + + Response der Wohnsitzabmeldung im ZMR. Geliefert wird der MessageCode, die Anzahl der an/ab/umgemeldeten Personen und die Meldebestaetigungen + + + + + + + + + + + + + + + + + aktuelle Personendaten + + + + + + + + + + + + + + + + + + + Staatsangehoerigkeiten der Person, mindestens eine (ISO-Code3 + Name) + + + + + + + + + + + + aktuelle Meldungen zur Person + + + + + + + + + + + + aktuelle Meldungen zur Person + + + + + + + + + + + + + + Adresse + + + + + + + + + + + + + + + + + + + + + Personen- und Meldedaten der abfragenden Person + + + + + + + + + + + + Personen- und Meldedaten der minderjaehrigen Kinder + + + + + + + + + + + + Personen- und Meldedaten fuer eine abzumeldende Person + + + + + + + + + + + + + + + + + Personen- und Meldedaten fuer eine umzumeldende Person + + + + + + + + + + + + + + + + + + + + + + + + + + + + + neue Meldung bei HWS_ABM_NWS_HWS und HWS_NWS_NWS_HWS + + + + + + + + + + + Id der zu aendernden Meldung sowie Datum der letzten Aenderung + + + + + + + + + + + + + + + + + + + + + Zuzugsstaat und Ummeldedaten + + + + + + + + + + + + + Id der Person und Religionsbekenntnis + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Zuzugsbestaetigung.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Zuzugsbestaetigung.xsd new file mode 100644 index 00000000..d557ae50 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Zuzugsbestaetigung.xsd @@ -0,0 +1,105 @@ + + + + + + + + + + + + Anfragedaten der Zuzugsbestaetigung + + + + + + + + + + + In der Response werden die Anfragedaten aus dem Request und das Abgleichergebnis geliefert. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Gesamtanzahl der Zuzugs-Saetze für diese Anfrage + + + + + Anzahl der im File gelieferten Zuzugs-Saetze + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/AkademischerGrad.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/AkademischerGrad.xsd new file mode 100644 index 00000000..3ebf0c0a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/AkademischerGrad.xsd @@ -0,0 +1,84 @@ + + + + + + + + + Suchergebnisse-Struktur akademischer Grade einer Person + + + + + + + + + + + + + + + + + + + Struktur für Anlagen von akademischen Graden im ZMR + + + + + + Bei Anlage eines offiziellen akademischer Grades muss der AkadGradKey des Grades geschickt werden, + die einzelnen Felder (ohne AkadGradKey) sind nur bei Anlage eines "händischen", nicht offiziellen + Grades zu befüllen. + + + + + + + + + + + + + + + + + + + + + Struktur für Änderungen von akademischen Graden im ZMR. + Die Felder AkadGradLang und AkadGradKurz lassen sich nur bei nicht-offiziellen Graden (kein AkadGradKey) ändern. + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Auskunftssperre.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Auskunftssperre.xsd new file mode 100644 index 00000000..30dafed3 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Auskunftssperre.xsd @@ -0,0 +1,95 @@ + + + + + + + + + + Auskunftssperre-Struktur für Suchergebnisse + + + + + + + + + + + + + + + Struktur für Anlagen von Auskunftssperren + + + + + + + + + + + + + Struktur für Änderungen von Auskunftssperren + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Aviso.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Aviso.xsd new file mode 100644 index 00000000..dff1d5eb --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Aviso.xsd @@ -0,0 +1,176 @@ + + + + + + + + + + + + + Typ für Referenzdaten eines Aviso (immer das aktuellste, das heisst jüngstes 'Von'), mit Avisozahl zur Kontrolle + + + + + + + + + + + + + Aviso-Struktur für Suchergebnisse der Avisosuchen + + + + + + + + + + + + + + + + + + + + + + + + + Struktur für gefundenen Treffer des Aviso im ZMR (ein Treffer repräsentiert eine gefundene Person) + + + + + + + + + + + + Aviso-Struktur für Neuanlagen von Avisi im ZMR + + + + + + + + + + + + + + + + + + Aviso-Struktur für Aenderungen von Avisdaten + + + + + + + + + + + + Struktur zum Ein/Ausschliessen von Avisotreffern eines Aviso + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Behoerdenattribute.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Behoerdenattribute.xsd new file mode 100644 index 00000000..0b2cc6b8 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Behoerdenattribute.xsd @@ -0,0 +1,67 @@ + + + + + + + + + Behördenattribute-Struktur für Suchergebnisse + + + + + + + + + + + + + + + + + + Behördenattribute-Struktur zum Setzen der Behördenattribute einer Meldung + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/ERnPAnschrift.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/ERnPAnschrift.xsd new file mode 100644 index 00000000..0fb07b9b --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/ERnPAnschrift.xsd @@ -0,0 +1,73 @@ + + + + + + + + + + + + Anschrift-Struktur für Suchergebnisse aus dem ERnP + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/ERnPPerson.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/ERnPPerson.xsd new file mode 100644 index 00000000..d4b83b63 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/ERnPPerson.xsd @@ -0,0 +1,114 @@ + + + + + + + + + + + + + + Person-Struktur für Suchergebnisse aus dem ERnP + + + + + + + + + + + + + + + + + + Dokument-Struktur für Suchergebnisse + + + + + + + + + + + + + + + + Reisedokument-Struktur für Suchergebnisse + + + + + + + + + + + + + + + + Akademischer-Grad-Struktur für Suchergebnisse + + + + + + + + + + + + + + + + + + Hier befinden sich Referenzan auf Personen, die mit der Person in technischer Beziehung stehen. + - KITQuelle, KITZiel, SPLITQuelle, SPLITZiel1 und SPLITZiel2 sind Referenzen auf geKITete + bzw. geSPLITete Quellpersonen- bzw. Zielpersonen und entsprechend befüllt (siehe Beschreibung KIT/SPLIT) + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/EidasIdentitaet.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/EidasIdentitaet.xsd new file mode 100644 index 00000000..cd07bd8a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/EidasIdentitaet.xsd @@ -0,0 +1,106 @@ + + + + + + + + + EIDAS-Identitaet-Struktur für Suchergebnisse + + + + + + + + + + + + + + + + EIDAS-Identitaet-Struktur für Identitaetanlagen im ZMR + + + + + + + + + + + + + + + + EidasIdentitaet-Struktur für Änderungen von Identitaeten im ZMR + + + + + + + + + + + + + + + + + + EidasIdentitaet-Struktur für EidasIdentitensuche im ZMR + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/EidasIdentitaet.xsd.svntmp b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/EidasIdentitaet.xsd.svntmp new file mode 100644 index 00000000..cd07bd8a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/EidasIdentitaet.xsd.svntmp @@ -0,0 +1,106 @@ + + + + + + + + + EIDAS-Identitaet-Struktur für Suchergebnisse + + + + + + + + + + + + + + + + EIDAS-Identitaet-Struktur für Identitaetanlagen im ZMR + + + + + + + + + + + + + + + + EidasIdentitaet-Struktur für Änderungen von Identitaeten im ZMR + + + + + + + + + + + + + + + + + + EidasIdentitaet-Struktur für EidasIdentitensuche im ZMR + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Meldung.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Meldung.xsd new file mode 100644 index 00000000..0ea75355 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Meldung.xsd @@ -0,0 +1,189 @@ + + + + + + + + + + + + + + + Typ für Referenzdaten einer Meldung, (immer die aktuellste, das heisst jüngstes 'Von') mit WS-Qualität zur Kontrolle) + + + + + + Bei einer Änderung von Meldedaten müssen hier die EntityID der Meldung, sowie der + Zeitpunkt der letzten Änderung am Meldungssatz (Meldung-Entity und abhängige Entities wie Behördenattribute) + geschickt werden. + Der LetzteAenderung-Timestamp muss mit dem LetzteAenderung-Timestamp im Feld ErgebnissatzInfo + aus dem Suchergebnissatz übereinstimmen + + + + + + + Die Wohnsitzqualität der Meldung muss zur Kontrolle unverändert + mitgeschickt werden. + + + + + + + + + + Meldung-Struktur für Suchergebnisse aus dem ZMR + + + + + + + + + + + + + + + + + + + + ZMR-Adresse (Suchergebnis) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Meldung-Struktur zur Wohnsitzanmeldung im ZMR + + + + + + + + + + + + + + + + + + ZMR-Adresse (für Wohnsitzanlage) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Person.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Person.xsd new file mode 100644 index 00000000..8e3e55ee --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Person.xsd @@ -0,0 +1,233 @@ + + + + + + + + + + + + + + + + + + + + Typ für Referenzdaten einer Person (immer die aktuellste, das heisst jüngstes 'Von'), mit ZMR-Zahl zur Kontrolle + + + + + + Bei einer Änderung von Personendaten müssen hier die EntityID der Person, sowie der + Zeitpunkt der letzten Änderung am Personensatz (Person-Entity und abhängige Entities wie Reisedokumente) + geschickt werden. + Der LetzteAenderung-Timestamp muss mit dem LetzteAenderung-Timestamp im Feld ErgebnissatzInfo + aus dem Suchergebnissatz übereinstimmen + + + + + + + + Die ZMR-Zahl der Person muss zur Kontrolle unverändert + mitgeschickt werden. + + + + + + + + + + + + Person-Struktur für Suchergebnisse aus dem ZMR + + + + + + + + + + + + + + + + + + + + + + + Natuerliche Person (Suchergebnis) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Hier befinden sich Referenzan auf Personen, die mit der Person in technischer Beziehung stehen. + - Die Ordnungszahl verweist auf den Personenzatz im Ergänzungsregister, falls die Person vom + vom EGR ins ZMR übernommen wurde. + - KITQuelle, KITZiel, SPLITQuelle, SPLITZiel1 und SPLITZiel2 sind Referenzen auf geKITete + bzw. geSPLITete Quellpersonen- bzw. Zielpersonen und entsprechend befüllt (siehe Beschreibung KIT/SPLIT) + + + + + + + + + + + + + + + + + + Person-Struktur für Personenanlagen im ZMR + + + + + + + + + + + + + + + + + Natuerliche Person (Personenanlage) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Person-Struktur für Personendatenänderungen im ZMR + + + + + + + + + + + + + + Natuerliche Person (Änderung) + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Qualifikationskennzeichen.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Qualifikationskennzeichen.xsd new file mode 100644 index 00000000..044452c6 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Qualifikationskennzeichen.xsd @@ -0,0 +1,75 @@ + + + + + + + + + Qualifikationskennzeichen-Struktur für Suchergebnisse + + + + + + + + + + + + + + + Struktur für Anlagen von Qualifikationskennzeichen + + + + + + + + + + + + Struktur für Änderungen von Qualifikationskennzeichen + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Reisedokument.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Reisedokument.xsd new file mode 100644 index 00000000..edbbcc8c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Reisedokument.xsd @@ -0,0 +1,82 @@ + + + + + + + + + Reisedokument-Struktur für Suchergebnisse + + + + + + + + + + + + + + + + + Reisedokument-Struktur für Reisedokumentanlagen im ZMR + + + + + + + + + + + + + + + Reisedokument-Struktur für Änderungen von Reisedokumenten im ZMR + + + + + + + + + + + + + + + + + Reisedokument-Struktur für Reisedokumentanlagen im ZMR + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Staatsangehoerigkeit.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Staatsangehoerigkeit.xsd new file mode 100644 index 00000000..2dcdee66 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Staatsangehoerigkeit.xsd @@ -0,0 +1,73 @@ + + + + + + + + + + Staatsangehoerigkeit-Struktur für Suchergebnisse + + + + + + + + + + + + + + + + Staatsangehoerigkeit-Struktur für Anlagen im ZMR + + + + + + + + + + + + Staatsangehoerigkeit-Struktur für Änderungen im ZMR + + + + + + Wenn der Schlüssel (EntityID) der Staatsbürgerschaft nicht bekannt ist, + kann alternativ der ISO-Code geschickt werden. + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Standarddokument.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Standarddokument.xsd new file mode 100644 index 00000000..5b14bcc4 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/Standarddokument.xsd @@ -0,0 +1,74 @@ + + + + + + + + + Standarddokument-Struktur für Suchergebnisse + + + + + + + + + + + + + + + + + + + Standarddokument-Struktur für Standarddokumentanlagen + + + + + + + + + + + + + + + + + Standarddokument-Struktur für Änderungen von Standarddokumenten + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java index d861006e..2d493091 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java @@ -25,10 +25,10 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test; import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EaafParserException; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java index e50044c6..b9cc77b1 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java @@ -24,10 +24,10 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java index 643afb90..34bca782 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java @@ -23,20 +23,59 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; +import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic; +import static org.junit.Assert.assertThrows; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.eq; + +import java.math.BigInteger; +import java.net.URI; +import java.net.URISyntaxException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Random; + +import javax.xml.namespace.QName; + +import org.apache.commons.lang3.RandomStringUtils; +import org.jetbrains.annotations.NotNull; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.mockito.MockitoAnnotations; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.IZmrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.ZmrSoapClient.ZmrRegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeSpecificDetailSearchProcessor; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificDetailSearchProcessor; import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.GenericEidProcessor; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ItSpecificDetailSearchProcessor; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.InitialSearchTask; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; @@ -49,34 +88,6 @@ import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.attribute.PersonType; import eu.eidas.auth.commons.light.impl.LightRequest; import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse; -import org.apache.commons.lang3.RandomStringUtils; -import org.jetbrains.annotations.NotNull; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.MockitoAnnotations; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.test.annotation.DirtiesContext; -import org.springframework.test.annotation.DirtiesContext.ClassMode; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; - -import javax.xml.namespace.QName; -import java.net.URI; -import java.net.URISyntaxException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Map; -import java.util.Random; - -import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic; -import static org.junit.Assert.assertThrows; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(locations = { @@ -86,22 +97,32 @@ import static org.junit.Assert.assertThrows; @DirtiesContext(classMode = ClassMode.BEFORE_CLASS) public class InitialSearchTaskTest { - private static final String DE_ST = "de/st/"; - private static final String IT_ST = "it/st/"; + + private static final String EE = "EE"; + private static final String DE = "DE"; + private static final String IT = "IT"; + + private static final String EE_ST = EE + "/ST/"; + private static final String DE_ST = DE + "/ST/"; + private static final String IT_ST = IT + "/ST/"; - private InitialSearchTask task; @Mock private IZmrClient zmrClient; @Mock private IErnpClient ernpClient; - private final ICcSpecificEidProcessingService eidPostProcessor = createEidPostProcessor(); + + @Autowired private List handlers; private RegisterSearchService registerSearchService; - + + private final ICcSpecificEidProcessingService eidPostProcessor = createEidPostProcessor(); + private InitialSearchTask task; + final ExecutionContext executionContext = new ExecutionContextImpl(); private TestRequestImpl pendingReq; private final String randomBpk = RandomStringUtils.randomNumeric(6); - private final String randomIdentifier = RandomStringUtils.randomNumeric(10); - private final String randomPseudonym = DE_ST + randomIdentifier; + private final String randomPsydonym = RandomStringUtils.randomNumeric(10); + private final String randomPersonalIdentifier_DE = DE_ST + randomPsydonym; + private final String randomPersonalIdentifier_EE = EE_ST + randomPsydonym; private final String randomFamilyName = randomAlphabetic(10); private final String randomGivenName = randomAlphabetic(10); private final String randomPlaceOfBirth = randomAlphabetic(10); @@ -114,8 +135,9 @@ public class InitialSearchTaskTest { @Before public void setUp() throws URISyntaxException, EaafStorageException { MockitoAnnotations.initMocks(this); - registerSearchService = new RegisterSearchService(zmrClient, ernpClient); - task = new InitialSearchTask(new ArrayList<>(), registerSearchService, eidPostProcessor); + + registerSearchService = new RegisterSearchService(handlers, zmrClient, ernpClient); + task = new InitialSearchTask(registerSearchService, eidPostProcessor); MockHttpServletRequest httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); MockHttpServletResponse httpResp = new MockHttpServletResponse(); @@ -153,73 +175,119 @@ public class InitialSearchTaskTest { @DirtiesContext public void testNode100_UserIdentifiedUpdateNecessary_a() throws Exception { String newFirstName = randomAlphabetic(10); - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList( - new RegisterResult(randomBpk, randomIdentifier, newFirstName, randomFamilyName, randomBirthDate))); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPersonalIdentifier_DE)).thenReturn( + new ZmrRegisterResult(Collections.singletonList( + RegisterResult.builder() + .bpk(randomBpk) + .pseudonym(Arrays.asList(randomPsydonym)) + .givenName(newFirstName) + .familyName(randomFamilyName) + .dateOfBirth(randomBirthDate) + .build()), + generateRandomProcessId())); task.execute(pendingReq, executionContext); String bPk = readBpkFromSessionData(pendingReq); - Assert.assertEquals("Wrong bpk", bPk, randomBpk); + Assert.assertEquals("Wrong bpk", randomBpk, bPk); } /** * One match, but register update needed + * @throws EidasSAuthenticationException */ @Test @DirtiesContext - public void testNode100_UserIdentifiedUpdateNecessary_b() throws TaskExecutionException { - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); + public void testNode100_UserIdentifiedUpdateNecessary_b() throws TaskExecutionException, EidasSAuthenticationException { + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPersonalIdentifier_DE)).thenReturn( + new ZmrRegisterResult(Collections.emptyList(), generateRandomProcessId())); + String newRandomGivenName = randomAlphabetic(10); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList( - new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomBirthDate))); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_DE)).thenReturn(Collections.singletonList( + RegisterResult.builder() + .bpk(randomBpk) + .pseudonym(Arrays.asList(randomPsydonym)) + .givenName(newRandomGivenName) + .familyName(randomFamilyName) + .dateOfBirth(randomBirthDate) + .build())); task.execute(pendingReq, executionContext); String bPk = readBpkFromSessionData(pendingReq); - Assert.assertEquals("Wrong bpk", bPk, randomBpk); + Assert.assertEquals("Wrong bpk", randomBpk, bPk); } /** * Two matches found in ZMR + * @throws EidasSAuthenticationException */ @Test @DirtiesContext - public void testNode101_ManualFixNecessary_a() { + public void testNode101_ManualFixNecessary_a() throws EidasSAuthenticationException { ArrayList zmrResult = new ArrayList<>(); - zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate)); + zmrResult.add( + RegisterResult.builder() + .bpk(randomBpk) + .pseudonym(Arrays.asList(randomPsydonym)) + .givenName(randomGivenName) + .familyName(randomFamilyName) + .dateOfBirth(randomBirthDate) + .build()); String newRandomGivenName = randomGivenName + randomAlphabetic(2); - zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomBirthDate)); - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); + zmrResult.add( + RegisterResult.builder() + .bpk(randomBpk) + .pseudonym(Arrays.asList(randomPsydonym)) + .givenName(newRandomGivenName) + .familyName(randomFamilyName) + .dateOfBirth(randomBirthDate) + .build()); + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPersonalIdentifier_DE)).thenReturn( + new ZmrRegisterResult(zmrResult, generateRandomProcessId())); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_DE)).thenReturn(Collections.emptyList()); TaskExecutionException exception = assertThrows(TaskExecutionException.class, () -> task.execute(pendingReq, executionContext)); Throwable origE = exception.getOriginalException(); - Assert.assertTrue("Wrong exception", (origE instanceof ManualFixNecessaryException)); + Assert.assertTrue("Wrong exception", (origE instanceof WorkflowException)); } /** * Two matches found in ErnP + * @throws EidasSAuthenticationException */ @Test @DirtiesContext - public void testNode101_ManualFixNecessary_b() { - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); + public void testNode101_ManualFixNecessary_b() throws EidasSAuthenticationException { + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPersonalIdentifier_DE)).thenReturn( + new ZmrRegisterResult(Collections.emptyList(), generateRandomProcessId())); ArrayList ernpResult = new ArrayList<>(); - ernpResult.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName, randomFamilyName, randomBirthDate)); + ernpResult.add( + RegisterResult.builder() + .bpk(randomBpk) + .pseudonym(Arrays.asList(randomPsydonym)) + .givenName(randomGivenName) + .familyName(randomFamilyName) + .dateOfBirth(randomBirthDate) + .build()); String newRandomGivenName = randomGivenName + randomAlphabetic(2); ernpResult.add( - new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomBirthDate)); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult); + RegisterResult.builder() + .bpk(randomBpk) + .pseudonym(Arrays.asList(randomPsydonym)) + .givenName(newRandomGivenName) + .familyName(randomFamilyName) + .dateOfBirth(randomBirthDate) + .build()); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_DE)).thenReturn(ernpResult); TaskExecutionException exception = assertThrows(TaskExecutionException.class, () -> task.execute(pendingReq, executionContext)); Throwable origE = exception.getOriginalException(); - Assert.assertTrue("Wrong exception", (origE instanceof ManualFixNecessaryException)); + Assert.assertTrue("Wrong exception", (origE instanceof WorkflowException)); } /** @@ -228,13 +296,20 @@ public class InitialSearchTaskTest { @Test @DirtiesContext public void testNode102_UserIdentified_a() throws Exception { - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList( - new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate))); + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPersonalIdentifier_DE)).thenReturn( + new ZmrRegisterResult(Collections.emptyList(), generateRandomProcessId())); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_DE)).thenReturn(Collections.singletonList( + RegisterResult.builder() + .bpk(randomBpk) + .pseudonym(Arrays.asList(randomPsydonym)) + .givenName(randomGivenName) + .familyName(randomFamilyName) + .dateOfBirth(randomBirthDate) + .build())); task.execute(pendingReq, executionContext); String bPk = readBpkFromSessionData(pendingReq); - Assert.assertEquals("Wrong bpk", bPk, randomBpk); + Assert.assertEquals("Wrong bpk", randomBpk, bPk); } /** @@ -243,41 +318,22 @@ public class InitialSearchTaskTest { @Test @DirtiesContext public void testNode102_UserIdentified_b() throws Exception { - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList( - new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate))); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPersonalIdentifier_DE)).thenReturn( + new ZmrRegisterResult(Collections.singletonList( + RegisterResult.builder() + .bpk(randomBpk) + .pseudonym(Arrays.asList(randomPsydonym)) + .givenName(randomGivenName) + .familyName(randomFamilyName) + .dateOfBirth(randomBirthDate) + .build()), + generateRandomProcessId())); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_DE)).thenReturn(Collections.emptyList()); task.execute(pendingReq, executionContext); String bPk = readBpkFromSessionData(pendingReq); - Assert.assertEquals("Wrong bpk", bPk, randomBpk); - } - - /** - * One match found in ZMR and ErnP with detail search - */ - @Test - @DirtiesContext - public void testNode103_UserIdentified_IT() throws Exception { - String taxNumber = RandomStringUtils.randomNumeric(14); - final AuthenticationResponse response = buildDummyAuthResponseRandomPersonIT_Tax(taxNumber); - TestRequestImpl pendingReq1 = new TestRequestImpl(); - pendingReq1.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - String newRandomIdentifier = randomIdentifier + RandomStringUtils.randomNumeric(2); - Mockito.when(zmrClient.searchItSpecific(taxNumber)).thenReturn(Collections.singletonList( - new RegisterResult(randomBpk, newRandomIdentifier, randomGivenName, randomFamilyName, - randomBirthDate, null, null, taxNumber, null))); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - task = new InitialSearchTask( - Collections.singletonList(new ItSpecificDetailSearchProcessor(registerSearchService)), - registerSearchService, eidPostProcessor); - - task.execute(pendingReq1, executionContext); - - String bPk = readBpkFromSessionData(pendingReq1); - Assert.assertEquals("Wrong bpk", bPk, randomBpk); + Assert.assertEquals("Wrong bpk", randomBpk, bPk); } /** @@ -285,27 +341,38 @@ public class InitialSearchTaskTest { */ @Test @DirtiesContext - public void testNode103_UserIdentified_DE() throws Exception { + public void testNode103_UserIdentified_DE() throws Exception { final AuthenticationResponse response = buildDummyAuthResponseDE(randomGivenName, randomFamilyName, - randomPseudonym, + randomPersonalIdentifier_DE, randomBirthDate, randomPlaceOfBirth, randomBirthName); - TestRequestImpl pendingReq1 = new TestRequestImpl(); + TestRequestImpl pendingReq1 = new TestRequestImpl(); pendingReq1.getSessionData(AuthProcessDataWrapper.class) .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomBirthDate, randomPlaceOfBirth, - randomBirthName)) - .thenReturn(Collections.singletonList(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, - randomFamilyName, randomBirthDate, randomPlaceOfBirth, randomBirthName, null, null))); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - task = new InitialSearchTask( - Collections.singletonList(new DeSpecificDetailSearchProcessor(registerSearchService)), - registerSearchService, eidPostProcessor); - + + BigInteger zmrProcessId = generateRandomProcessId(); + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPersonalIdentifier_DE)).thenReturn( + new ZmrRegisterResult(Collections.emptyList(), zmrProcessId)); + Mockito.when(zmrClient.searchCountrySpecific(eq(zmrProcessId), any(PersonSuchenRequest.class), eq(DE))).thenReturn( + new ZmrRegisterResult(Collections.singletonList( + RegisterResult.builder() + .bpk(randomBpk) + .pseudonym(Arrays.asList(randomPsydonym)) + .givenName(randomGivenName) + .familyName(randomFamilyName) + .dateOfBirth(randomBirthDate) + .placeOfBirth(randomPlaceOfBirth) + .birthName(randomBirthName) + .build()) + ,zmrProcessId)); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_DE)).thenReturn(Collections.emptyList()); + + // execute test task.execute(pendingReq1, executionContext); + // validate state String resultBpk = readBpkFromSessionData(pendingReq1); - Assert.assertEquals("Wrong bpk", resultBpk, randomBpk); + Assert.assertEquals("Wrong bpk", randomBpk, resultBpk); + } /** @@ -314,76 +381,70 @@ public class InitialSearchTaskTest { @Test @DirtiesContext public void testNode104_ManualFixNecessary_DE() throws Exception { - String newRandomPseudonym = randomPseudonym + RandomStringUtils.randomNumeric(2); + String newRandomPseudonym = randomPersonalIdentifier_DE + RandomStringUtils.randomNumeric(2); String newRandomBpk = randomBpk + RandomStringUtils.randomNumeric(6); final AuthenticationResponse response = buildDummyAuthResponseDE(randomGivenName, randomFamilyName, - randomPseudonym, + randomPersonalIdentifier_DE, randomBirthDate, randomPlaceOfBirth, randomBirthName); TestRequestImpl pendingReq1 = new TestRequestImpl(); pendingReq1.getSessionData(AuthProcessDataWrapper.class) .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - ArrayList zmrResultSpecific = new ArrayList<>(); - zmrResultSpecific.add( - new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate, - randomPlaceOfBirth, randomBirthName, null, null)); - zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName, randomFamilyName, randomBirthDate, - randomPlaceOfBirth, randomBirthName, null, null)); - Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomBirthDate, randomPlaceOfBirth, - randomBirthName)).thenReturn(zmrResultSpecific); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - task = new InitialSearchTask( - Collections.singletonList(new DeSpecificDetailSearchProcessor(registerSearchService)), - registerSearchService, eidPostProcessor); - + + BigInteger zmrProcessId = generateRandomProcessId(); + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPersonalIdentifier_DE)).thenReturn( + new ZmrRegisterResult(Collections.emptyList(), zmrProcessId)); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_DE)).thenReturn(Collections.emptyList()); + Mockito.when(zmrClient.searchCountrySpecific(eq(zmrProcessId), any(PersonSuchenRequest.class), eq(DE))).thenReturn( + new ZmrRegisterResult(Arrays.asList( + RegisterResult.builder() + .bpk(randomBpk) + .pseudonym(Arrays.asList(randomPsydonym)) + .givenName(randomGivenName) + .familyName(randomFamilyName) + .dateOfBirth(randomBirthDate) + .placeOfBirth(randomPlaceOfBirth) + .birthName(randomBirthName) + .build(), + RegisterResult.builder() + .bpk(newRandomBpk) + .pseudonym(Arrays.asList(newRandomPseudonym)) + .givenName(randomGivenName) + .familyName(randomFamilyName) + .dateOfBirth(randomBirthDate) + .placeOfBirth(randomPlaceOfBirth) + .birthName(randomBirthName) + .build()) + ,zmrProcessId)); + + + // execute test TaskExecutionException exception = assertThrows(TaskExecutionException.class, () -> task.execute(pendingReq1, executionContext)); + // check error Throwable origE = exception.getOriginalException(); - Assert.assertTrue("Wrong exception", (origE instanceof ManualFixNecessaryException)); - } - - /** - * Multiple matches found in ZMR and ErnP with detail search - */ - @Test - @DirtiesContext - public void testNode104_ManualFixNecessary_IT() throws Exception { - String randomTaxNumber = RandomStringUtils.randomNumeric(14); - final AuthenticationResponse response = buildDummyAuthResponseRandomPersonIT_Tax(randomTaxNumber); - TestRequestImpl pendingReq1 = new TestRequestImpl(); - pendingReq1.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - ArrayList zmrResultSpecific = new ArrayList<>(); - String randomPseudonym = IT_ST + randomIdentifier + "4"; - zmrResultSpecific.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName, - randomFamilyName, randomBirthDate, null, null, randomTaxNumber, null)); - String newRandomPseudonym = IT_ST + randomIdentifier + "5"; - String newRandomBpk = RandomStringUtils.randomNumeric(6); - zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName, - randomFamilyName, randomBirthDate, null, null, randomTaxNumber, null)); - Mockito.when(zmrClient.searchItSpecific(randomTaxNumber)).thenReturn(zmrResultSpecific); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - task = new InitialSearchTask( - Collections.singletonList(new ItSpecificDetailSearchProcessor(registerSearchService)), - registerSearchService, eidPostProcessor); - - TaskExecutionException exception = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq1, executionContext)); - - Throwable origE = exception.getOriginalException(); - Assert.assertTrue("Wrong exception", (origE instanceof ManualFixNecessaryException)); + Assert.assertTrue("Wrong exception", (origE instanceof WorkflowException)); } /** * NO match found in ZMR and ErnP with Initial and MDS search + * @throws EidasSAuthenticationException + * @throws URISyntaxException + * @throws EaafStorageException */ @Test @DirtiesContext - public void testNode505_TransitionToErnbTask() throws TaskExecutionException { - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); + public void testNode505_TransitionToInsertErnbTask() throws TaskExecutionException, EidasSAuthenticationException, URISyntaxException, EaafStorageException { + BigInteger zmrProcessId = generateRandomProcessId(); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, + buildDummyAuthResponse(randomGivenName, randomFamilyName, randomPersonalIdentifier_EE, randomBirthDate)); + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPersonalIdentifier_EE)).thenReturn( + new ZmrRegisterResult(Collections.emptyList(), zmrProcessId)); + Mockito.when(zmrClient.searchWithMds(zmrProcessId, randomGivenName, randomFamilyName, randomBirthDate, EE)).thenReturn( + new ZmrRegisterResult(Collections.emptyList(), zmrProcessId)); + + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_EE)).thenReturn(Collections.emptyList()); task.execute(pendingReq, executionContext); @@ -398,21 +459,37 @@ public class InitialSearchTaskTest { /** * NO match found in ZMR and ErnP with Initial search, one match with MDS search in Ernb + * @throws EidasSAuthenticationException + * @throws URISyntaxException + * @throws EaafStorageException */ @Test @DirtiesContext - public void testNode505_TransitionToGUI_Ernb() throws TaskExecutionException { - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - + public void testNode505_TransitionToGUI_Ernb() throws TaskExecutionException, EidasSAuthenticationException, URISyntaxException, EaafStorageException { + BigInteger zmrProcessId = generateRandomProcessId(); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, + buildDummyAuthResponse(randomGivenName, randomFamilyName, randomPersonalIdentifier_EE, randomBirthDate)); + + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPersonalIdentifier_EE)).thenReturn( + new ZmrRegisterResult(Collections.emptyList(), zmrProcessId)); + Mockito.when(zmrClient.searchWithMds(zmrProcessId, randomGivenName, randomFamilyName, randomBirthDate, EE)).thenReturn( + new ZmrRegisterResult(Collections.emptyList(), zmrProcessId)); + + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_EE)).thenReturn(Collections.emptyList()); Mockito.when(ernpClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn( Collections.singletonList( - new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate))); + RegisterResult.builder() + .bpk(randomBpk) + .pseudonym(Arrays.asList(randomPsydonym)) + .givenName(randomGivenName) + .familyName(randomFamilyName) + .dateOfBirth(randomBirthDate) + .build())); task.execute(pendingReq, executionContext); - String bPk = readBpkFromSessionData(pendingReq); - Assert.assertNull("Wrong bpk", bPk); + assertThrows(WorkflowException.class, () -> readBpkFromSessionData(pendingReq)); Boolean transitionGUI = (Boolean) executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK); Assert.assertTrue("Wrong transition", transitionGUI); Boolean transitionErnb = (Boolean) executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK); @@ -421,21 +498,29 @@ public class InitialSearchTaskTest { /** * NO match found in ZMR and ErnP with Initial search, one match with MDS search in ZMR + * @throws EidasSAuthenticationException */ @Test @DirtiesContext - public void testNode505_TransitionToGUI_Zmr() throws TaskExecutionException { - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - - Mockito.when(zmrClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn( - Collections.singletonList( - new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate))); + public void testNode505_TransitionToGUI_Zmr() throws TaskExecutionException, EidasSAuthenticationException { + BigInteger zmrProcessId = generateRandomProcessId(); + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPersonalIdentifier_DE)).thenReturn( + new ZmrRegisterResult(Collections.emptyList(), zmrProcessId)); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_DE)).thenReturn(Collections.emptyList()); + + Mockito.when(zmrClient.searchWithMds(zmrProcessId, randomGivenName, randomFamilyName, randomBirthDate, DE)).thenReturn( + new ZmrRegisterResult(Collections.singletonList(RegisterResult.builder() + .bpk(randomBpk) + .pseudonym(Arrays.asList(randomPsydonym)) + .givenName(randomGivenName) + .familyName(randomFamilyName) + .dateOfBirth(randomBirthDate) + .build()), + zmrProcessId)); task.execute(pendingReq, executionContext); - String bPk = readBpkFromSessionData(pendingReq); - Assert.assertNull("Wrong bpk", bPk); + assertThrows(WorkflowException.class, () -> readBpkFromSessionData(pendingReq)); Boolean transitionGUI = (Boolean) executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK); Assert.assertTrue("Wrong transition", transitionGUI); Boolean transitionErnb = (Boolean) executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK); @@ -444,23 +529,40 @@ public class InitialSearchTaskTest { /** * NO match found in ZMR and ErnP with Initial search, multiple matches found with MDS search + * @throws EidasSAuthenticationException */ @Test @DirtiesContext - public void testNode505_TransitionToGUI_Ernb_multi() throws TaskExecutionException { - Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList()); - ArrayList ernbResult = new ArrayList<>(); - ernbResult.add(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, - randomBirthDate)); - ernbResult.add(new RegisterResult(randomBpk + "1", randomIdentifier, randomGivenName, randomFamilyName, - randomBirthDate)); - Mockito.when(ernpClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn(ernbResult); + public void testNode505_TransitionToGUI_Ernb_multi() throws TaskExecutionException, EidasSAuthenticationException { + BigInteger zmrProcessId = generateRandomProcessId(); + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPersonalIdentifier_DE)).thenReturn( + new ZmrRegisterResult(Collections.emptyList(), zmrProcessId)); + Mockito.when(zmrClient.searchCountrySpecific(eq(zmrProcessId), any(PersonSuchenRequest.class), any(String.class))).thenReturn( + new ZmrRegisterResult(Collections.emptyList(), zmrProcessId)); + Mockito.when(zmrClient.searchWithMds(zmrProcessId, randomGivenName, randomFamilyName, randomBirthDate, DE)).thenReturn( + new ZmrRegisterResult(Collections.emptyList(), zmrProcessId)); + + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_DE)).thenReturn(Collections.emptyList()); + Mockito.when(ernpClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn( + Arrays.asList( + RegisterResult.builder() + .bpk(randomBpk) + .pseudonym(Arrays.asList(randomPsydonym)) + .givenName(randomGivenName) + .familyName(randomFamilyName) + .dateOfBirth(randomBirthDate) + .build(), + RegisterResult.builder() + .bpk(randomBpk + "1") + .pseudonym(Arrays.asList(randomPsydonym)) + .givenName(randomGivenName) + .familyName(randomFamilyName) + .dateOfBirth(randomBirthDate) + .build())); task.execute(pendingReq, executionContext); - String bPk = readBpkFromSessionData(pendingReq); - Assert.assertNull("Wrong bpk", bPk); + assertThrows(WorkflowException.class, () -> readBpkFromSessionData(pendingReq)); Boolean transitionGUI = (Boolean) executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK); Assert.assertTrue("Wrong transition", transitionGUI); Boolean transitionErnb = (Boolean) executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK); @@ -469,15 +571,14 @@ public class InitialSearchTaskTest { @NotNull private AuthenticationResponse buildDummyAuthResponseRandomPerson() throws URISyntaxException { - return buildDummyAuthResponse(randomGivenName, randomFamilyName, DE_ST + randomIdentifier, randomBirthDate); + return buildDummyAuthResponse(randomGivenName, randomFamilyName, DE_ST + randomPsydonym, randomBirthDate); } - private AuthenticationResponse buildDummyAuthResponseRandomPersonIT_Tax(String taxNumber) - throws URISyntaxException { - return buildDummyAuthResponse(randomGivenName, randomFamilyName, IT_ST + randomIdentifier, randomBirthDate, - taxNumber, null, null); + private BigInteger generateRandomProcessId() { + return new BigInteger(RandomStringUtils.randomNumeric(10)); + } - + @NotNull private AuthenticationResponse buildDummyAuthResponse(String givenName, String familyName, String identifier, String dateOfBirth) throws URISyntaxException { @@ -545,8 +646,10 @@ public class InitialSearchTaskTest { .attributeValueMarshaller(marshaller).build(); } - private String readBpkFromSessionData(TestRequestImpl pendingReq) { - return (String) pendingReq.getSessionData(AuthProcessDataWrapper.class) - .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK); + private String readBpkFromSessionData(TestRequestImpl pendingReq) throws WorkflowException { + return MatchingTaskUtils.getInitialRegisterResult(pendingReq) != null + ? MatchingTaskUtils.getInitialRegisterResult(pendingReq).getBpk() + : null; + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAustrianResidenceGuiResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAustrianResidenceGuiResponseTaskTest.java index d9405251..281be36f 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAustrianResidenceGuiResponseTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAustrianResidenceGuiResponseTaskTest.java @@ -1,20 +1,20 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAustrianResidenceGuiResponseTask; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; -import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; -import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; -import com.google.common.collect.Lists; +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAustrianResidenceGuiResponseTask.PARAM_CITY; +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAustrianResidenceGuiResponseTask.PARAM_FORMER_RESIDENCE_AVAILABLE; +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAustrianResidenceGuiResponseTask.PARAM_STREET; +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAustrianResidenceGuiResponseTask.PARAM_ZIPCODE; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertThrows; +import static org.mockito.ArgumentMatchers.eq; +import static org.springframework.util.Assert.isInstanceOf; + +import java.math.BigInteger; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; + import org.apache.commons.lang3.RandomStringUtils; import org.jetbrains.annotations.NotNull; import org.junit.Before; @@ -32,14 +32,25 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; -import java.util.Collections; -import java.util.List; +import com.google.common.collect.Lists; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAustrianResidenceGuiResponseTask.*; -import static org.junit.Assert.*; -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.ArgumentMatchers.eq; -import static org.springframework.util.Assert.isInstanceOf; +import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterOperationStatus; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAustrianResidenceGuiResponseTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAustrianResidenceGuiResponseTask.UserInput; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(locations = { @@ -50,11 +61,12 @@ public class ReceiveAustrianResidenceGuiResponseTaskTest { @Autowired protected MsConnectorDummyConfigMap authConfig; - @Autowired - private ReceiveAustrianResidenceGuiResponseTask task; + @MockBean private RegisterSearchService registerSearchService; + private ReceiveAustrianResidenceGuiResponseTask task; + private final ExecutionContext executionContext = new ExecutionContextImpl(); private MockHttpServletRequest httpReq; private MockHttpServletResponse httpResp; @@ -69,6 +81,8 @@ public class ReceiveAustrianResidenceGuiResponseTaskTest { public void setUp() throws Exception { MockitoAnnotations.initMocks(this); + task = new ReceiveAustrianResidenceGuiResponseTask(registerSearchService); + httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); httpResp = new MockHttpServletResponse(); RequestContextHolder.resetRequestAttributes(); @@ -85,9 +99,10 @@ public class ReceiveAustrianResidenceGuiResponseTaskTest { public void noRegisterResult() throws Exception { UserInput userInput = setupUserInput(); SimpleEidasData eidasData = setupEidasData(); - MergedRegisterSearchResult registerSearchResult = buildEmptyResult(); - mockRegisterSearch(userInput, registerSearchResult); - + RegisterSearchResult registerSearchResult = buildEmptyResult(); + mockRegisterSearch(userInput, registerSearchResult, eidasData); + MatchingTaskUtils.storeInitialRegisterResult(pendingReq, registerSearchResult); + task.execute(pendingReq, executionContext); assertEquals("Transition To S9", true, executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK)); @@ -97,21 +112,24 @@ public class ReceiveAustrianResidenceGuiResponseTaskTest { public void exactlyOneRegisterResult_Matching() throws Exception { UserInput userInput = setupUserInput(); SimpleEidasData eidasData = setupEidasData(); - MergedRegisterSearchResult registerSearchResult = buildResultWithOneMatch(buildMatchingRegisterResult(eidasData)); - mockRegisterSearch(userInput, registerSearchResult); + RegisterSearchResult registerSearchResult = buildResultWithOneMatch(buildMatchingRegisterResult(eidasData)); + MatchingTaskUtils.storeInitialRegisterResult(pendingReq, registerSearchResult); + mockRegisterSearch(userInput, registerSearchResult, eidasData); task.execute(pendingReq, executionContext); assertNull("Transition To S9", executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK)); - Mockito.verify(registerSearchService).step7aKittProcess(any(), eq(registerSearchResult), eq(eidasData), eq(pendingReq)); + Mockito.verify(registerSearchService).step7aKittProcess(eq(registerSearchResult), eq(eidasData)); + } @Test public void exactlyOneRegisterResult_NotMatching() throws Exception { UserInput userInput = setupUserInput(); SimpleEidasData eidasData = setupEidasData(); - MergedRegisterSearchResult registerSearchResult = buildResultWithOneMatch(buildNotMatchingRegisterResult(eidasData)); - mockRegisterSearch(userInput, registerSearchResult); + RegisterSearchResult registerSearchResult = buildResultWithOneMatch(buildNotMatchingRegisterResult(eidasData)); + MatchingTaskUtils.storeInitialRegisterResult(pendingReq, registerSearchResult); + mockRegisterSearch(userInput, registerSearchResult, eidasData); task.execute(pendingReq, executionContext); @@ -122,8 +140,9 @@ public class ReceiveAustrianResidenceGuiResponseTaskTest { public void moreThanOneRegisterResult() throws Exception { UserInput userInput = setupUserInput(); SimpleEidasData eidasData = setupEidasData(); - MergedRegisterSearchResult registerSearchResult = buildResultWithTwoMatches(); - mockRegisterSearch(userInput, registerSearchResult); + RegisterSearchResult registerSearchResult = buildResultWithTwoMatches(); + MatchingTaskUtils.storeInitialRegisterResult(pendingReq, registerSearchResult); + mockRegisterSearch(userInput, registerSearchResult, eidasData); TaskExecutionException e = assertThrows(TaskExecutionException.class, () -> task.execute(pendingReq, executionContext)); @@ -133,37 +152,70 @@ public class ReceiveAustrianResidenceGuiResponseTaskTest { assertNull("Transition To S16", executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK)); } - private void mockRegisterSearch(UserInput userInput, MergedRegisterSearchResult registerSearchResult) { - Mockito.when(registerSearchService.searchWithResidence(eq(userInput.getZipcode()), eq(userInput.getCity()), eq(userInput.getStreet()))).thenReturn(registerSearchResult); + private void mockRegisterSearch(UserInput userInput, RegisterSearchResult registerSearchResult, SimpleEidasData eidasData ) { + Mockito.when(registerSearchService.searchWithResidence(eq(registerSearchResult.getOperationStatus()), eq(eidasData), + eq(userInput.getZipcode()), eq(userInput.getCity()), eq(userInput.getStreet()))).thenReturn(registerSearchResult); } @NotNull - private MergedRegisterSearchResult buildEmptyResult() { - return new MergedRegisterSearchResult(Collections.emptyList(), Collections.emptyList()); + private RegisterSearchResult buildEmptyResult() { + return new RegisterSearchResult(new RegisterOperationStatus(generateRandomProcessId()), + Collections.emptyList(), Collections.emptyList()); + } + private BigInteger generateRandomProcessId() { + return new BigInteger(RandomStringUtils.randomNumeric(10)); + + } + @NotNull - private MergedRegisterSearchResult buildResultWithOneMatch(RegisterResult registerResult) { - return new MergedRegisterSearchResult(Collections.singletonList(registerResult), Collections.emptyList()); + private RegisterSearchResult buildResultWithOneMatch(RegisterResult registerResult) { + return new RegisterSearchResult(new RegisterOperationStatus(generateRandomProcessId()), + Collections.singletonList(registerResult), Collections.emptyList()); + } @NotNull - private MergedRegisterSearchResult buildResultWithTwoMatches() { + private RegisterSearchResult buildResultWithTwoMatches() { List results = Lists.newArrayList(buildRandomRegisterResult(), buildRandomRegisterResult()); - return new MergedRegisterSearchResult(results, Collections.emptyList()); + return new RegisterSearchResult(new RegisterOperationStatus(generateRandomProcessId()), + results, Collections.emptyList()); + } @NotNull private RegisterResult buildRandomRegisterResult() { - return new RegisterResult(RandomStringUtils.randomAlphabetic(8), RandomStringUtils.randomAlphabetic(8), RandomStringUtils.randomAlphabetic(8), RandomStringUtils.randomAlphabetic(8), RandomStringUtils.randomAlphabetic(8)); + return RegisterResult.builder() + .pseudonym(Arrays.asList(RandomStringUtils.randomAlphabetic(8))) + .givenName(RandomStringUtils.randomAlphabetic(8)) + .familyName(RandomStringUtils.randomAlphabetic(8)) + .dateOfBirth(RandomStringUtils.randomAlphabetic(8)) + .bpk(RandomStringUtils.randomAlphabetic(8)) + .build(); + } private RegisterResult buildMatchingRegisterResult(SimpleEidasData eidData) { - return new RegisterResult(RandomStringUtils.randomAlphabetic(8), eidData.getPseudonym(), eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); + return RegisterResult.builder() + .pseudonym(Arrays.asList(eidData.getPseudonym())) + .givenName(eidData.getGivenName()) + .familyName(eidData.getFamilyName()) + .dateOfBirth(eidData.getDateOfBirth()) + .bpk(RandomStringUtils.randomAlphabetic(8)) + .build(); + } private RegisterResult buildNotMatchingRegisterResult(SimpleEidasData eidData) { - return new RegisterResult(RandomStringUtils.randomAlphabetic(8), eidData.getPseudonym() + RandomStringUtils.randomAlphabetic(8), eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); + return RegisterResult.builder() + .pseudonym(Arrays.asList(eidData.getPseudonym() + RandomStringUtils.randomAlphabetic(8))) + .givenName(eidData.getGivenName()) + .familyName(eidData.getFamilyName()) + .dateOfBirth(eidData.getDateOfBirth()) + .bpk(RandomStringUtils.randomAlphabetic(8)) + .build(); + } private void setHttpParameters(UserInput input) { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java index 77b87264..8c137bb2 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java @@ -1,8 +1,50 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertThrows; +import static org.springframework.util.Assert.isInstanceOf; + +import java.io.IOException; +import java.io.InputStream; +import java.math.BigInteger; +import java.nio.charset.StandardCharsets; +import java.util.Arrays; +import java.util.Base64; +import java.util.Collections; +import java.util.List; +import java.util.Objects; + +import javax.xml.transform.TransformerException; + +import org.apache.commons.io.IOUtils; +import org.apache.commons.lang3.RandomStringUtils; +import org.jetbrains.annotations.NotNull; +import org.joda.time.DateTime; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.MockitoAnnotations; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.saml2.core.Issuer; +import org.opensaml.saml.saml2.core.Response; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.mock.mockito.MockBean; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import com.google.common.collect.Lists; + import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; @@ -11,9 +53,12 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustri import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterOperationStatus; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseTask; import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA; import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyPendingRequest; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafException; @@ -26,45 +71,7 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; -import com.google.common.collect.Lists; import net.shibboleth.utilities.java.support.xml.ParserPool; -import org.apache.commons.io.IOUtils; -import org.apache.commons.lang3.RandomStringUtils; -import org.jetbrains.annotations.NotNull; -import org.joda.time.DateTime; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.Mockito; -import org.mockito.MockitoAnnotations; -import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; -import org.opensaml.core.xml.io.MarshallingException; -import org.opensaml.core.xml.util.XMLObjectSupport; -import org.opensaml.saml.saml2.core.Issuer; -import org.opensaml.saml.saml2.core.Response; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.mock.mockito.MockBean; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; - -import javax.xml.transform.TransformerException; -import java.io.IOException; -import java.io.InputStream; -import java.nio.charset.StandardCharsets; -import java.util.Base64; -import java.util.Collections; -import java.util.List; -import java.util.Objects; - -import static org.junit.Assert.*; -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.ArgumentMatchers.eq; -import static org.springframework.util.Assert.isInstanceOf; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(locations = { @@ -278,9 +285,8 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest { task.execute(pendingReq, executionContext); - assertTrue("process not cancelled", executionContext.isProcessCancelled()); - assertTrue("process not stopped by user", pendingReq.isAbortedByUser()); - assertFalse("should not authenticated", pendingReq.isAuthenticated()); + assertEquals("Transition To S16", true, executionContext.get(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK)); + } @Test @@ -327,6 +333,8 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest { isInstanceOf(InvalidUserInputException.class, e.getOriginalException().getCause()); } + //TODO: implement new test that this test makes no sense any more + @Ignore @Test public void httpPostValidSignedAssertionEidValid_NoRegisterResult() throws Exception { setupMetadataResolver(); @@ -334,9 +342,10 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest { AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); SimpleEidasData eidData = createEidasDataMatchingToSamlResponse().build(); authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); - MergedRegisterSearchResult registerSearchResult = new MergedRegisterSearchResult(Collections.emptyList(), Collections.emptyList()); - Mockito.when(registerSearchService.searchWithBpkZp(eq(BPK_FROM_ID_AUSTRIA))).thenReturn(registerSearchResult); - + RegisterSearchResult registerSearchResult = new RegisterSearchResult(new RegisterOperationStatus(generateRandomProcessId()), + Collections.emptyList(), Collections.emptyList()); + MatchingTaskUtils.storeInitialRegisterResult(pendingReq, registerSearchResult); + task.execute(pendingReq, executionContext); AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); @@ -353,8 +362,8 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest { AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); SimpleEidasData eidData = createEidasDataMatchingToSamlResponse().build(); authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); - MergedRegisterSearchResult registerSearchResult = buildResultWithOneMatch(); - Mockito.when(registerSearchService.searchWithBpkZp(eq(BPK_FROM_ID_AUSTRIA))).thenReturn(registerSearchResult); + RegisterSearchResult registerSearchResult = buildResultWithOneMatch(); + MatchingTaskUtils.storeInitialRegisterResult(pendingReq, registerSearchResult); task.execute(pendingReq, executionContext); @@ -363,9 +372,13 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest { assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString()); assertNull("Matching BPK", session.getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK)); assertNull("Transition To S16", executionContext.get(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK)); - Mockito.verify(registerSearchService).step7aKittProcess(any(), eq(registerSearchResult), eq(eidData), eq(pendingReq)); + + //TODO: update this check because this task selects one result from MDS search result before and creates a new element + //Mockito.verify(registerSearchService).step7aKittProcess(eq(registerSearchResult), eq(eidData)); } + //TODO: implement new test that this test makes no sense any more + @Ignore @Test public void httpPostValidSignedAssertionEidValid_MoreThanOneRegisterResult() throws Exception { setupMetadataResolver(); @@ -373,34 +386,63 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest { AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); SimpleEidasData eidData = createEidasDataMatchingToSamlResponse().build(); authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); - MergedRegisterSearchResult registerSearchResult = buildResultWithTwoMatches(); - Mockito.when(registerSearchService.searchWithBpkZp(eq(BPK_FROM_ID_AUSTRIA))).thenReturn(registerSearchResult); - TaskExecutionException e = assertThrows(TaskExecutionException.class, () -> task.execute(pendingReq, executionContext)); + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); isInstanceOf(ManualFixNecessaryException.class, e.getOriginalException().getCause()); assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); - AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); + + + AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); assertNull("Matching BPK", session.getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK)); assertNull("Transition To S16", executionContext.get(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK)); } @NotNull - private MergedRegisterSearchResult buildResultWithOneMatch() { - return new MergedRegisterSearchResult(Collections.singletonList(new RegisterResult(BPK_FROM_ID_AUSTRIA, "bar", "foo", "foo", "bar")), Collections.emptyList()); + private RegisterSearchResult buildResultWithOneMatch() { + return new RegisterSearchResult(new RegisterOperationStatus(generateRandomProcessId()), + Collections.singletonList(RegisterResult.builder() + .bpk(BPK_FROM_ID_AUSTRIA) + .pseudonym(Arrays.asList("bar")) + .givenName("foo") + .familyName("foo") + .dateOfBirth("bar") + .build()), + Collections.emptyList()); + } @NotNull - private MergedRegisterSearchResult buildResultWithTwoMatches() { - List results = Lists.newArrayList(new RegisterResult(BPK_FROM_ID_AUSTRIA, "bar", "foo", "foo", "bar"), - new RegisterResult("bpk", "pseudonym", "givenName", "familyName", "dateOfBirth")); - return new MergedRegisterSearchResult(results, Collections.emptyList()); + private RegisterSearchResult buildResultWithTwoMatches() { + List results = Lists.newArrayList( + RegisterResult.builder() + .bpk(BPK_FROM_ID_AUSTRIA) + .pseudonym(Arrays.asList("bar")) + .givenName("foo") + .familyName("foo") + .dateOfBirth("bar") + .build(), + RegisterResult.builder() + .bpk("bpk") + .pseudonym(Arrays.asList("pseudonym")) + .givenName("givenName") + .familyName("familyName") + .dateOfBirth("dateOfBirth") + .build()); + + return new RegisterSearchResult(new RegisterOperationStatus(generateRandomProcessId()), + results, Collections.emptyList()); } + private BigInteger generateRandomProcessId() { + return new BigInteger(RandomStringUtils.randomNumeric(10)); + + } + private SimpleEidasData.SimpleEidasDataBuilder createEidasDataMatchingToSamlResponse() { // data from "/data/Response_with_EID.xml" return SimpleEidasData.builder() diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties index e6741c88..266c78bb 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties @@ -93,6 +93,13 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,tr eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true +#### matching###### +# ZMR communication +eidas.ms.auth.eIDAS.zmrclient.endpoint=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.zmrclient.req.organisation.behoerdennr=jUnit123456 + + + ## PVP2 S-Profile end-point configuration eidas.ms.pvp2.keystore.path=keys/..... eidas.ms.pvp2.keystore.password= diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties index fc0c7241..640138d8 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties @@ -24,6 +24,7 @@ eidas.ms.auth.eIDAS.node_v2.forward.endpoint=http://eidas.node/junit eidas.ms.auth.eIDAS.szrclient.useTestService=true eidas.ms.auth.eIDAS.szrclient.endpoint.prod= eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.type=jks eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/junit.jks eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password=password eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path= @@ -43,6 +44,18 @@ eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false +#### matching###### +# ZMR communication +eidas.ms.auth.eIDAS.zmrclient.endpoint=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.type=jks +eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.path=keys/junit.jks +eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.password=password +eidas.ms.auth.eIDAS.zmrclient.ssl.trustStore.path= +eidas.ms.auth.eIDAS.zmrclient.ssl.trustStore.password= + +eidas.ms.auth.eIDAS.zmrclient.req.organisation.behoerdennr=jUnit123456 + + ## PVP2 S-Profile end-point configuration eidas.ms.pvp2.keystore.type=jks diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_2.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_2.properties index 7c5e5a40..c3cec434 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_2.properties +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_2.properties @@ -86,6 +86,12 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,tr eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true +#### matching###### +# ZMR communication +eidas.ms.auth.eIDAS.zmrclient.endpoint=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.zmrclient.req.organisation.behoerdennr=jUnit123456 + + ## PVP2 S-Profile end-point configuration eidas.ms.pvp2.keystore.path=keys/..... eidas.ms.pvp2.keystore.password= diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties index c830d447..3cd9fcb4 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties @@ -88,6 +88,12 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,tr eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true +#### matching###### +# ZMR communication +eidas.ms.auth.eIDAS.zmrclient.endpoint=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.zmrclient.req.organisation.behoerdennr=jUnit123456 + + ## PVP2 S-Profile end-point configuration eidas.ms.pvp2.keystore.path=keys/..... eidas.ms.pvp2.keystore.password= diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_4.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_4.properties index 01e72069..82f9a798 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_4.properties +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_4.properties @@ -86,6 +86,12 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,tr eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true +#### matching###### +# ZMR communication +eidas.ms.auth.eIDAS.zmrclient.endpoint=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.zmrclient.req.organisation.behoerdennr=jUnit123456 + + ## PVP2 S-Profile end-point configuration eidas.ms.pvp2.keystore.path=keys/..... eidas.ms.pvp2.keystore.password= diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_de_attributes.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_de_attributes.properties index 6b235667..5261aef9 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_de_attributes.properties +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_de_attributes.properties @@ -88,6 +88,12 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,tr eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true +#### matching###### +# ZMR communication +eidas.ms.auth.eIDAS.zmrclient.endpoint=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.zmrclient.req.organisation.behoerdennr=jUnit123456 + + ## PVP2 S-Profile end-point configuration eidas.ms.pvp2.keystore.path=keys/..... eidas.ms.pvp2.keystore.password= -- cgit v1.2.3 From ce2ba5f8d0a63e91dcbc6c5b80509f28d7fb32e8 Mon Sep 17 00:00:00 2001 From: Christian Kollmann Date: Mon, 12 Jul 2021 09:46:53 +0200 Subject: Rename bean to match class name --- .../modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java | 10 +++++----- .../src/main/resources/eIDAS.Authentication.process.xml | 4 ++-- .../src/main/resources/eidas_v2_auth.beans.xml | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java index 92f58877..9e8ff9ae 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java @@ -60,12 +60,12 @@ import lombok.extern.slf4j.Slf4j; /** * Authentication-process task that generates the Authn. Request to eIDAS Node. - * + * * @author tlenz * */ @Slf4j -@Component("ConnecteIDASNodeTask") +@Component("GenerateAuthnRequestTask") public class GenerateAuthnRequestTask extends AbstractAuthServletTask { @Autowired @@ -110,7 +110,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { // set citizen country code for foreign uses authnRequestBuilder.citizenCountryCode(citizenCountryCode); - + //set Issuer final String issur = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_ENTITYID); if (StringUtils.isEmpty(issur)) { @@ -121,7 +121,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { } authnRequestBuilder.issuer(issur); - + // Add country-specific informations into eIDAS request ccSpecificProcessing.preProcess(citizenCountryCode, pendingReq, authnRequestBuilder); @@ -206,7 +206,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { * one countrycode on each instance. In consequence, more than one eIDAS Ref. * Impl nodes are required to support producation, testing, or QS stages for one * country by using one ms-specific eIDAS connector - * + * * @param environment Environment selector from CountrySlection page * @return */ diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index 2379295b..da35b0c7 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -3,11 +3,11 @@ xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> - + - + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index cec75682..9dac91e5 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -95,7 +95,7 @@ - -- cgit v1.2.3 From b31f383f421f414db92919d28bafc0767d898057 Mon Sep 17 00:00:00 2001 From: Christian Kollmann Date: Mon, 12 Jul 2021 09:48:27 +0200 Subject: Rename task to match bean name --- .../src/main/resources/eIDAS.Authentication.process.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index da35b0c7..55ac348e 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -3,7 +3,7 @@ xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> - + @@ -20,8 +20,8 @@ - - + + -- cgit v1.2.3 From 07ae7be3386d0ddc34d23d10bda91d7995b718e1 Mon Sep 17 00:00:00 2001 From: Christian Kollmann Date: Mon, 12 Jul 2021 09:52:26 +0200 Subject: Rename bean to match class name --- .../specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java | 2 +- .../src/main/resources/eIDAS.Authentication.process.xml | 2 +- .../authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java index 0f733e8d..377e62a2 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java @@ -45,7 +45,7 @@ import eu.eidas.auth.commons.light.ILightResponse; import lombok.extern.slf4j.Slf4j; @Slf4j -@Component("ReceiveResponseFromeIDASNodeTask") +@Component("ReceiveAuthnResponseTask") public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { @Autowired diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index 55ac348e..e20fd7aa 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -4,7 +4,7 @@ - + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 9dac91e5..09e0234d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -99,7 +99,7 @@ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask" scope="prototype" /> - -- cgit v1.2.3 From 09af792ce3ed3df430f8d7ae6099f284756147a0 Mon Sep 17 00:00:00 2001 From: Christian Kollmann Date: Mon, 12 Jul 2021 11:00:48 +0200 Subject: Add option to provide alternative eIDAS login for matching process --- basicConfig/templates/other_login_method.html | 5 +- .../specific/modules/auth/eidas/v2/Constants.java | 38 ++-- .../auth/eidas/v2/tasks/AlternativeSearchTask.java | 214 +++++++++++++++++++++ .../eidas/v2/tasks/GenerateAuthnRequestTask.java | 1 - .../auth/eidas/v2/tasks/InitialSearchTask.java | 22 +-- .../tasks/ReceiveAuthnResponseAlternativeTask.java | 131 +++++++++++++ .../eidas/v2/tasks/ReceiveAuthnResponseTask.java | 1 - .../resources/eIDAS.Authentication.process.xml | 38 ++-- .../src/main/resources/eidas_v2_auth.beans.xml | 11 +- 9 files changed, 413 insertions(+), 48 deletions(-) create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/basicConfig/templates/other_login_method.html b/basicConfig/templates/other_login_method.html index 1e2fb8f3..035c359f 100644 --- a/basicConfig/templates/other_login_method.html +++ b/basicConfig/templates/other_login_method.html @@ -167,12 +167,11 @@ form { - - +
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 5edde8a4..70bade43 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -29,7 +29,7 @@ public class Constants { //TODO: should we make it configurable? public static final String MATCHING_INTERNAL_BPK_TARGET = EaafConstants.URN_PREFIX_CDID + "ZP"; - + public static final String ERRORCODE_00 = "module.eidasauth.00"; public static final String DATA_REQUESTERID = "req_requesterId"; @@ -37,6 +37,7 @@ public class Constants { public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA"; public static final String DATA_REQUESTED_LOA_COMPERISON = "req_requestedLoAComperision"; public static final String DATA_FULL_EIDAS_RESPONSE = "resp_fulleIDASResponse"; + public static final String DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE = "resp_fulleIDASResponseAlternative"; /** * Stored when one match from register was found. @@ -115,7 +116,7 @@ public class Constants { public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYS_ALIAS = CONIG_PROPS_EIDAS_ZMRCLIENT + ".ssl.key.alias"; public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEY_PASSWORD = CONIG_PROPS_EIDAS_ZMRCLIENT - + ".ssl.key.password"; + + ".ssl.key.password"; public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_PATH = CONIG_PROPS_EIDAS_ZMRCLIENT + ".ssl.trustStore.path"; public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_PASSWORD = CONIG_PROPS_EIDAS_ZMRCLIENT @@ -124,15 +125,15 @@ public class Constants { + ".ssl.trustStore.type"; public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_NAME = CONIG_PROPS_EIDAS_ZMRCLIENT + ".ssl.trustStore.name"; - + public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_REQ_ORGANIZATION_NR = CONIG_PROPS_EIDAS_ZMRCLIENT + ".req.organisation.behoerdennr"; public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_REQ_UPDATE_REASON_CODE = CONIG_PROPS_EIDAS_ZMRCLIENT + ".req.update.reason.code"; public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_REQ_UPDATE_REASON_TEXT = CONIG_PROPS_EIDAS_ZMRCLIENT + ".req.update.reason.text"; - - + + // SZR Client configuration properties public static final String CONIG_PROPS_EIDAS_SZRCLIENT = CONIG_PROPS_EIDAS_PREFIX + ".szrclient"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE = CONIG_PROPS_EIDAS_SZRCLIENT @@ -162,7 +163,7 @@ public class Constants { public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYS_ALIAS = CONIG_PROPS_EIDAS_SZRCLIENT + ".ssl.key.alias"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEY_PASSWORD = CONIG_PROPS_EIDAS_SZRCLIENT - + ".ssl.key.password"; + + ".ssl.key.password"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PATH = CONIG_PROPS_EIDAS_SZRCLIENT + ".ssl.trustStore.path"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PASSWORD = CONIG_PROPS_EIDAS_SZRCLIENT @@ -171,7 +172,7 @@ public class Constants { + ".ssl.trustStore.type"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_NAME = CONIG_PROPS_EIDAS_SZRCLIENT + ".ssl.trustStore.name"; - + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE = CONIG_PROPS_EIDAS_SZRCLIENT + ".params.documenttype"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ = CONIG_PROPS_EIDAS_SZRCLIENT @@ -208,7 +209,7 @@ public class Constants { // eIDAS request parameters public static final String eIDAS_REQ_NAMEID_FORMAT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"; - // eIDAS attribute names + // eIDAS attribute names public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier"; public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth"; public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName"; @@ -221,19 +222,19 @@ public class Constants { public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier"; public static final String eIDAS_ATTR_LEGALNAME = "LegalName"; - + //eIDAS attribute URN public static final String eIDAS_ATTRURN_PREFIX = "http://eidas.europa.eu/attributes/"; public static final String eIDAS_ATTRURN_PREFIX_NATURAL = eIDAS_ATTRURN_PREFIX + "naturalperson/"; - - public static final String eIDAS_ATTRURN_PERSONALIDENTIFIER = + + public static final String eIDAS_ATTRURN_PERSONALIDENTIFIER = eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_PERSONALIDENTIFIER; - public static final String eIDAS_ATTRURN_PLACEOFBIRTH = + public static final String eIDAS_ATTRURN_PLACEOFBIRTH = eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_PLACEOFBIRTH; - public static final String eIDAS_ATTRURN_BIRTHNAME = + public static final String eIDAS_ATTRURN_BIRTHNAME = eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_BIRTHNAME; - - + + public static final String eIDAS_REQ_PARAM_SECTOR_PUBLIC = "public"; public static final String eIDAS_REQ_PARAM_SECTOR_PRIVATE = "private"; @@ -292,9 +293,12 @@ public class Constants { "TASK_GenerateMobilePhoneSignatureRequestTask"; /** - * TODO Second eidas login. + * {@link at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask}. */ - public static final String TRANSITION_TO_GENERATE_EIDAS_LOGIN = "TASK_TODO"; + public static final String TRANSITION_TO_GENERATE_EIDAS_LOGIN = "TASK_GenerateAlternativeEidasAuthn"; + /** + * Stores login selection from user. + */ public static final String REQ_SELECTED_LOGIN_METHOD_PARAMETER = "loginSelection"; } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java new file mode 100644 index 00000000..fe3a9560 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java @@ -0,0 +1,214 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterOperationStatus; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterStatusResults; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSet; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.AttributeValue; +import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; +import org.jetbrains.annotations.NotNull; +import org.joda.time.DateTime; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK; +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK; + +/** + * Searches registers (ERnP and ZMR) after alternative eIDAS authn, before adding person to SZR. + * Input: + *
    + *
  • {@link Constants#DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE}
    • + *
+ * Output: + *
    + *
  • {@link Constants#DATA_PERSON_MATCH_RESULT} results after second search in registers with MDS
    • + *
  • {@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found
    • + *
+ * Transitions: + *
    + *
  • {@link GenerateOtherLoginMethodGuiTask} if no results in registers were found for this user
    • + *
  • {@link CreateIdentityLinkTask} if search in register returned one match, user is uniquely identified
    • + *
+ * + * @author amarsalek + * @author ckollmann + * @author tlenz + */ +@Slf4j +@Component("AlternativeSearchTask") +@SuppressWarnings("PMD.TooManyStaticImports") +public class AlternativeSearchTask extends AbstractAuthServletTask { + + private final RegisterSearchService registerSearchService; + private final ICcSpecificEidProcessingService eidPostProcessor; + + /** + * Constructor. + * + * @param registerSearchService Service for register search access + * @param eidPostProcessor Country-Specific post processing of attributes + */ + public AlternativeSearchTask(RegisterSearchService registerSearchService, + ICcSpecificEidProcessingService eidPostProcessor) { + this.registerSearchService = registerSearchService; + this.eidPostProcessor = eidPostProcessor; + } + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + final SimpleEidasData eidasData = convertEidasAttrToSimpleData(); + step11RegisterSearchWithPersonIdentifier(executionContext, eidasData); + } catch (WorkflowException e) { + throw new TaskExecutionException(pendingReq, "Initial search failed", e); + } catch (final Exception e) { + log.error("Initial search failed", e); + throw new TaskExecutionException(pendingReq, "Initial search failed with a generic error", e); + } + } + + private void step11RegisterSearchWithPersonIdentifier( + ExecutionContext executionContext, SimpleEidasData eidasData) throws WorkflowException, EaafStorageException { + try { + log.trace("Starting step11RegisterSearchWithPersonIdentifier"); + RegisterStatusResults searchResult = registerSearchService.searchWithPersonIdentifier(eidasData); + int resultCount = searchResult.getResultCount(); + if (resultCount == 0) { + step12CountrySpecificSearch(executionContext, searchResult.getOperationStatus(), eidasData); + } else if (resultCount == 1) { + foundMatchFinalizeTask(searchResult, eidasData); + } else { + throw new WorkflowException("step11RegisterSearchWithPersonIdentifier", + "More than one entry with unique personal-identifier", true); + } + } catch (WorkflowException e) { + //TODO: what we do in case of a workflow error and manual matching are necessary?? + log.warn("Workflow error during matching step: {}. Reason: {}", e.getProcessStepName(), e.getErrorReason()); + throw e; + } + } + + private void step12CountrySpecificSearch( + ExecutionContext executionContext, RegisterOperationStatus registerOperationStatus, SimpleEidasData eidasData) + throws EaafStorageException, WorkflowException { + log.trace("Starting 'step12CountrySpecificSearch' ... "); + RegisterStatusResults searchResult = registerSearchService.searchWithCountrySpecifics( + registerOperationStatus, eidasData); + if (searchResult.getResultCount() == 0) { + log.trace("'step12CountrySpecificSearch' ends with no result. Forward to GUI based matching step ... "); + log.debug("Forward to GUI based matching steps ... "); + executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true); + } else if (searchResult.getResultCount() == 1) { + log.trace("'step12CountrySpecificSearch' finds a person. Forward to 'step7aKittProcess' step ... "); + // TODO is step 7b kitt different from step 7a? + registerSearchService.step7aKittProcess(searchResult, eidasData); + foundMatchFinalizeTask(searchResult, eidasData); + } else { + throw new WorkflowException("step12CountrySpecificSearch", + "More than one entry with unique country-specific information", true); + } + } + + private void foundMatchFinalizeTask(RegisterStatusResults searchResult, SimpleEidasData eidasData) + throws WorkflowException, EaafStorageException { + MatchedPersonResult result = MatchedPersonResult.generateFormMatchingResult( + searchResult.getResult(), eidasData.getCitizenCountryCode()); + MatchingTaskUtils.storeFinalMatchingResult(pendingReq, result); + } + + @NotNull + private SimpleEidasData convertEidasAttrToSimpleData() + throws EidasAttributeException, EidPostProcessingException { + final ILightResponse eidasResponse = MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq) + .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE, ILightResponse.class); + Map simpleMap = convertEidasAttrToSimpleMap(eidasResponse.getAttributes().getAttributeMap()); + return eidPostProcessor.postProcess(simpleMap); + } + + private Map convertEidasAttrToSimpleMap( + ImmutableMap, ImmutableSet>> attributeMap) { + final Map result = new HashMap<>(); + for (final AttributeDefinition el : attributeMap.keySet()) { + final Class parameterizedType = el.getParameterizedType(); + if (DateTime.class.equals(parameterizedType)) { + final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el).asList()); + if (attribute != null) { + result.put(el.getFriendlyName(), attribute); + log.trace("Find attr '{}' with value: {}", el.getFriendlyName(), attribute); + } else { + log.info("Ignore empty 'DateTime' attribute"); + } + } else if (PostalAddress.class.equals(parameterizedType)) { + final PostalAddress addressAttribute = EidasResponseUtils + .translateAddressAttribute(el, attributeMap.get(el).asList()); + if (addressAttribute != null) { + result.put(el.getFriendlyName(), addressAttribute); + log.trace("Find attr '{}' with value: {}", el.getFriendlyName(), addressAttribute); + } else { + log.info("Ignore empty 'PostalAddress' attribute"); + } + } else { + final List natPersonIdObj = EidasResponseUtils.translateStringListAttribute(el, attributeMap.get(el)); + final String stringAttr = natPersonIdObj.get(0); + if (StringUtils.isNotEmpty(stringAttr)) { + result.put(el.getFriendlyName(), stringAttr); + log.trace("Find attr '{}' with value: {}", el.getFriendlyName(), stringAttr); + } else { + log.info("Ignore empty 'String' attribute"); + } + } + } + log.debug("Receive #{} attributes with names: {}", result.size(), result.keySet()); + return result; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java index 33d3f175..da9c8174 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java @@ -64,7 +64,6 @@ import java.util.UUID; /** * Generates the authn request to the eIDAS Node. This is the first task in the process. - *

* Input: *

    *
  • none
    • diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index 4103939d..a55af1c4 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -62,7 +62,7 @@ import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSIT import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK; /** - * Task that searches registers (ERnP and ZMR) before adding person to SZR. + * Searches registers (ERnP and ZMR) after initial user auth, before adding person to SZR. * Input: *
      *
    • {@link Constants#DATA_FULL_EIDAS_RESPONSE}
      • @@ -126,12 +126,12 @@ public class InitialSearchTask extends AbstractAuthServletTask { ExecutionContext executionContext, SimpleEidasData eidasData) throws WorkflowException, EaafStorageException { try { log.trace("Starting step2RegisterSearchWithPersonIdentifier"); - RegisterStatusResults initialSearchResult = registerSearchService.searchWithPersonIdentifier(eidasData); - int resultCount = initialSearchResult.getResultCount(); + RegisterStatusResults searchResult = registerSearchService.searchWithPersonIdentifier(eidasData); + int resultCount = searchResult.getResultCount(); if (resultCount == 0) { - step6CountrySpecificSearch(executionContext, initialSearchResult.getOperationStatus(), eidasData); + step6CountrySpecificSearch(executionContext, searchResult.getOperationStatus(), eidasData); } else if (resultCount == 1) { - foundMatchFinalizeTask(initialSearchResult, eidasData); + foundMatchFinalizeTask(searchResult, eidasData); } else { throw new WorkflowException("step2RegisterSearchWithPersonIdentifier", "More than one entry with unique personal-identifier", true); @@ -147,15 +147,15 @@ public class InitialSearchTask extends AbstractAuthServletTask { ExecutionContext executionContext, RegisterOperationStatus registerOperationStatus, SimpleEidasData eidasData) throws EaafStorageException, WorkflowException { log.trace("Starting 'step6CountrySpecificSearch' ... "); - RegisterStatusResults countrySpecificResult = registerSearchService.searchWithCountrySpecifics( + RegisterStatusResults searchResult = registerSearchService.searchWithCountrySpecifics( registerOperationStatus, eidasData); - if (countrySpecificResult.getResultCount() == 0) { + if (searchResult.getResultCount() == 0) { log.trace("'step6CountrySpecificSearch' ends with no result. Forward to next matching step ... "); - step8RegisterSearchWithMds(executionContext, countrySpecificResult.getOperationStatus(), eidasData); - } else if (countrySpecificResult.getResultCount() == 1) { + step8RegisterSearchWithMds(executionContext, searchResult.getOperationStatus(), eidasData); + } else if (searchResult.getResultCount() == 1) { log.trace("'step6CountrySpecificSearch' finds a person. Forward to 'step7aKittProcess' step ... "); - registerSearchService.step7aKittProcess(countrySpecificResult, eidasData); - foundMatchFinalizeTask(countrySpecificResult, eidasData); + registerSearchService.step7aKittProcess(searchResult, eidasData); + foundMatchFinalizeTask(searchResult, eidasData); } else { throw new WorkflowException("step6CountrySpecificSearch", "More than one entry with unique country-specific information", true); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java new file mode 100644 index 00000000..aa04f55e --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java @@ -0,0 +1,131 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasValidationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.validator.EidasResponseValidator; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import eu.eidas.auth.commons.light.ILightResponse; +import lombok.extern.slf4j.Slf4j; +import org.jetbrains.annotations.NotNull; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + + +/** + * Receives the authn response from the eIDAS Node, containing the (alternative) eIDAS authentication. + * Input: + *
        + *
      • none
        • + *
      + * Output: + *
        + *
      • {@link Constants#DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE} the full response details
        • + *
      + * Transitions: + *
        + *
      • {@link InitialSearchTask} to perform search in registers
        • + *
      + * + * @author tlenz + * @author ckollmann + */ +@Slf4j +@Component("ReceiveAuthnResponseTask") +public class ReceiveAuthnResponseAlternativeTask extends AbstractAuthServletTask { + + @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection") + @Autowired + private IConfiguration basicConfig; + + @Autowired + private EidasAttributeRegistry attrRegistry; + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, + HttpServletResponse response) throws TaskExecutionException { + try { + final ILightResponse eidasResponse = extractEidasResponse(request); + checkStatusCode(eidasResponse); + validateMsSpecificResponse(executionContext, eidasResponse); + storeInSession(eidasResponse); + } catch (final Exception e) { + log.warn("eIDAS Response processing FAILED.", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), + new EidasSAuthenticationException("eidas.05", new Object[]{e.getMessage()}, e)); + } + } + + @NotNull + private ILightResponse extractEidasResponse(HttpServletRequest request) throws EidasSAuthenticationException { + final ILightResponse eidasResponse = (ILightResponse) request.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE); + if (eidasResponse == null) { + log.warn("NO eIDAS response-message found."); + throw new EidasSAuthenticationException("eidas.01", null); + } + log.debug("Receive eIDAS response with RespId: {} for ReqId: {}", + eidasResponse.getId(), eidasResponse.getInResponseToId()); + log.trace("Full eIDAS-Resp: {}", eidasResponse); + return eidasResponse; + } + + private void checkStatusCode(ILightResponse eidasResponse) throws EidasSAuthenticationException { + if (!eidasResponse.getStatus().getStatusCode().equals(Constants.SUCCESS_URI)) { + log.info("Receive eIDAS Response with StatusCode: {} Subcode: {} Msg: {}", + eidasResponse.getStatus().getStatusCode(), + eidasResponse.getStatus().getSubStatusCode(), + eidasResponse.getStatus().getStatusMessage()); + throw new EidasSAuthenticationException("eidas.02", new Object[]{eidasResponse.getStatus() + .getStatusCode(), eidasResponse.getStatus().getStatusMessage()}); + } + } + + private void validateMsSpecificResponse(ExecutionContext executionContext, ILightResponse eidasResponse) + throws EidasValidationException { + final String spCountry = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); + final String citizenCountryCode = (String) executionContext.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY); + EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, attrRegistry); + } + + private void storeInSession(ILightResponse eidasResponse) throws EaafException { + log.debug("Store eIDAS response information into pending-request."); + final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance()); + authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE, eidasResponse); + requestStoreage.storePendingRequest(pendingReq); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java index dcc1b7d5..ae582e91 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java @@ -48,7 +48,6 @@ import javax.servlet.http.HttpServletResponse; /** * Receives the authn response from the eIDAS Node, containing the (initial) eIDAS authentication. - *

      * Input: *

        *
      • none
        • diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index e20fd7aa..2a8a0141 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -17,6 +17,9 @@ + + + @@ -24,26 +27,35 @@ - - + + - - - - - - - + + + + + + + + + - + - - - + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 09e0234d..5a113550 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -100,8 +100,12 @@ scope="prototype" /> + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAuthnResponseTask" + scope="prototype" /> + + + Date: Mon, 26 Jul 2021 10:33:21 +0200 Subject: update ZMR client WSDL to new version and refactor code to new API --- .../connector/test/FullStartUpAndProcessTest.java | 5 ++- .../auth/eidas/v2/clients/zmr/ZmrSoapClient.java | 24 ++++++------- .../handler/DeSpecificDetailSearchProcessor.java | 2 +- .../eidas/v2/tasks/GenerateAuthnRequestTask.java | 27 ++++++++------- .../zmr_client/xsd/allgemein/BasTabelleAbfrage.xsd | 19 +++++++++- .../wsdl/zmr_client/xsd/zmr/ErnpAbfrage.xsd | 40 +++++++++++++++++++--- .../wsdl/zmr_client/xsd/zmr/Personensuche.xsd | 2 +- .../xsd/zmr/entities/EidasIdentitaet.xsd | 27 ++++++++------- 8 files changed, 98 insertions(+), 48 deletions(-) (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java index 61312c3e..1690016e 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java @@ -57,7 +57,6 @@ import at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalContro import at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint; import at.asitplus.eidas.specific.connector.provider.PvpEndPointCredentialProvider; import at.asitplus.eidas.specific.connector.provider.PvpMetadataProvider; -import at.asitplus.eidas.specific.connector.provider.StatusMessageProvider; import at.asitplus.eidas.specific.connector.test.saml2.Pvp2SProfileEndPointTest; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet; @@ -452,9 +451,9 @@ public class FullStartUpAndProcessTest { EidasIdentitaetErgebnisType eidasPersonalIdentifier = new EidasIdentitaetErgebnisType(); personInfo.getEidasIdentitaet().add(eidasPersonalIdentifier); - eidasPersonalIdentifier.setDokumentNummer(personalId); + eidasPersonalIdentifier.setEidasWert(personalId); eidasPersonalIdentifier.setEidasArt(Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER); - eidasPersonalIdentifier.setStaatscode3(cc); + eidasPersonalIdentifier.setStaatscode2(cc); NatuerlichePersonErgebnisType natInfo = new NatuerlichePersonErgebnisType(); IdentificationType bpk = new IdentificationType(); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java index c5f01392..29914e21 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java @@ -125,9 +125,9 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient { final PersonSuchenRequest searchPersonReq = new PersonSuchenRequest(); req.setPersonSuchenRequest(searchPersonReq); final EidasSuchdatenType eidasInfos = new EidasSuchdatenType(); - searchPersonReq.setEidasSuchdaten(eidasInfos); + searchPersonReq.getEidasSuchdaten().add(eidasInfos); eidasInfos.setEidasArt(Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER); - eidasInfos.setEidasNummer(personPseudonym); + eidasInfos.setEidasWert(personPseudonym); // set work-flow client information req.setWorkflowInfoClient(generateWorkFlowInfos(PROCESS_SEARCH_PERSONAL_IDENTIFIER, null)); @@ -583,8 +583,8 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient { String eidasAttrurnPersonalidentifier) { return person.getEidasIdentitaet().stream() .filter(el -> eidasAttrurnPersonalidentifier.equals(el.getEidasArt()) - && el.getStaatscode3().equals(citizenCountryCode)) - .map(el -> el.getDokumentNummer()) + && el.getStaatscode2().equals(citizenCountryCode)) + .map(el -> el.getEidasWert()) .collect(Collectors.toList()); } @@ -603,9 +603,9 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient { String eidasAttrurnPersonalidentifier) { return person.getEidasIdentitaet().stream() .filter(el -> eidasAttrurnPersonalidentifier.equals(el.getEidasArt()) - && el.getStaatscode3().equals(citizenCountryCode)) + && el.getStaatscode2().equals(citizenCountryCode)) .findFirst() - .map(el -> el.getDokumentNummer()) + .map(el -> el.getEidasWert()) .orElse(null); } @@ -701,30 +701,30 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient { // check if eIDAS attribute is already includes an eIDAS-Document boolean alreadyExist = zmrPersonToKitt.getEidasIdentitaet().stream() - .filter(el -> el.getDokumentNummer().equals(attrValue) + .filter(el -> el.getEidasWert().equals(attrValue) && el.getEidasArt().equals(attrName) - && el.getStaatscode3().equals(citizenCountryCode)) + && el.getStaatscode2().equals(citizenCountryCode)) .findAny() .isPresent(); if (!alreadyExist) { // check eIDAS documents already contains a document with this pair of country-code and attribute-name Optional oneDocWithNameExists = zmrPersonToKitt.getEidasIdentitaet().stream() - .filter(el -> el.getStaatscode3().equals(citizenCountryCode) + .filter(el -> el.getStaatscode2().equals(citizenCountryCode) && el.getEidasArt().equals(attrName)) .findAny(); if (!allowMoreThanOneEntry && oneDocWithNameExists.isPresent() - && !oneDocWithNameExists.get().getDokumentNummer().equals(attrValue)) { + && !oneDocWithNameExists.get().getEidasWert().equals(attrValue)) { log.warn("eIDAS document: {} already exists for country: {} but attribute-value does not match. " + "Skip update process because no multi-value allowed for this ... ", attrName, citizenCountryCode); } else { EidasIdentitaetAnlageType eidasDocToAdd = new EidasIdentitaetAnlageType(); - eidasDocToAdd.setStaatscode3(citizenCountryCode); + eidasDocToAdd.setStaatscode2(citizenCountryCode); eidasDocToAdd.setEidasArt(attrName); - eidasDocToAdd.setEidasNummer(attrValue); + eidasDocToAdd.setEidasWert(attrValue); log.info("Add eIDAS document: {} for country: {} to ZMR person", attrName, citizenCountryCode); result.add(eidasDocToAdd); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java index 471cb115..b7fb25ea 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java @@ -63,7 +63,7 @@ public class DeSpecificDetailSearchProcessor implements CountrySpecificDetailSea //TODO: how we can search for more than one eIDAS attribute as a Set EidasSuchdatenType eidasInfos = new EidasSuchdatenType(); - req.setEidasSuchdaten(eidasInfos); + req.getEidasSuchdaten().add(eidasInfos); return req; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java index da9c8174..2b3fabd9 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java @@ -23,6 +23,20 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import java.io.IOException; +import java.util.UUID; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.jetbrains.annotations.NotNull; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.stereotype.Component; +import org.springframework.web.util.UriComponentsBuilder; + import at.asitplus.eidas.specific.connector.MsConnectorEventCodes; import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.connector.gui.StaticGuiBuilderConfiguration; @@ -48,18 +62,6 @@ import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; import eu.eidas.specificcommunication.exception.SpecificCommunicationException; import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; import lombok.extern.slf4j.Slf4j; -import org.apache.commons.lang3.StringUtils; -import org.jetbrains.annotations.NotNull; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.stereotype.Component; -import org.springframework.web.util.UriComponentsBuilder; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.util.UUID; /** @@ -249,6 +251,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { final UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(forwardUrl); redirectUrl.queryParam(EidasParameterKeys.TOKEN.toString(), tokenBase64); response.sendRedirect(redirectUrl.build().encode().toString()); + } private void sendPost(HttpServletRequest request, HttpServletResponse response, String tokenBase64, String forwardUrl) diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/BasTabelleAbfrage.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/BasTabelleAbfrage.xsd index 4c2387d7..ca78a990 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/BasTabelleAbfrage.xsd +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/allgemein/BasTabelleAbfrage.xsd @@ -19,6 +19,7 @@ Aenderungshistorie: + @@ -51,6 +52,7 @@ Aenderungshistorie: + @@ -152,6 +154,22 @@ Aenderungshistorie: + + + + Ein SMI.RELIGIONCODE Eintrag mit den fürs ZMR3 relevanten Feldern + + + + + + + + + + + + @@ -172,5 +190,4 @@ Aenderungshistorie: - \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ErnpAbfrage.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ErnpAbfrage.xsd index db36e0d5..12ecd771 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ErnpAbfrage.xsd +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/ErnpAbfrage.xsd @@ -29,6 +29,7 @@ Author(s): Richard Mayrhofer xmayrh2 + @@ -36,6 +37,33 @@ Author(s): Richard Mayrhofer xmayrh2 + + + + + + + + + + + + + + + + + + + + + + Geburtsdatum, simple type for dates (union), which may omit day and/or month + + + + + @@ -43,13 +71,13 @@ Author(s): Richard Mayrhofer xmayrh2 + - @@ -146,16 +174,18 @@ Author(s): Richard Mayrhofer xmayrh2 - + + + - + - + - + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Personensuche.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Personensuche.xsd index 31606d6f..a501ba1f 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Personensuche.xsd +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/Personensuche.xsd @@ -50,7 +50,7 @@ Aenderungshistorie: - + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/EidasIdentitaet.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/EidasIdentitaet.xsd index cd07bd8a..361c0c95 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/EidasIdentitaet.xsd +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/zmr_client/xsd/zmr/entities/EidasIdentitaet.xsd @@ -20,9 +20,9 @@ Author(s): Richard Mayrhofer - + - + @@ -35,9 +35,9 @@ Author(s): Richard Mayrhofer - + - + @@ -52,9 +52,9 @@ Author(s): Richard Mayrhofer - + - + @@ -69,16 +69,17 @@ Author(s): Richard Mayrhofer - + + - + - - + + @@ -87,16 +88,16 @@ Author(s): Richard Mayrhofer - + - + - + -- cgit v1.2.3 From 87ef6576fe73299f0c152f6b92209de4a459cd90 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Mon, 26 Jul 2021 11:42:24 +0200 Subject: add WDSL to search addresses by using ZMR --- eidas_modules/authmodule-eIDAS-v2/pom.xml | 13 +- .../Muster/WienBezirkRequest.xml | 58 + .../Muster/WienBezirkResponse.xml | 12422 +++++++++++++++++++ .../Muster/WienBezirkStrasseRequest.xml | 59 + .../Muster/WienBezirkStrasseResponse.xml | 92 + .../addresssearching_client/Muster/WienRequest.xml | 52 + .../Muster/WienResponse.xml | 478 + .../Muster/WienStrasseAuswahlRequest.xml | 60 + .../Muster/WienStrasseAuswahlResponse.xml | 311 + .../wsdl/addresssearching_client/wsdl/Messages.xsd | 50 + .../wsdl/addresssearching_client/wsdl/Service.wsdl | 62 + .../wsdl/addresssearching_client/wsdl/secext.xsd | 150 + .../addresssearching_client/wsdl/secext_pvp.xsd | 152 + .../xsd/allgemein/Messages.xsd | 27 + .../xsd/allgemein/Service.xsd | 40 + .../xsd/eingebunden/AbfrageMuster.xsd | 140 + .../xsd/eingebunden/AkademischerGradFelder.xsd | 61 + .../xsd/eingebunden/Blaettern.xsd | 56 + .../xsd/eingebunden/DokumentFelder.xsd | 74 + .../xsd/eingebunden/EingebundenProxy.xsd | 28 + .../xsd/eingebunden/Entity.xsd | 135 + .../xsd/eingebunden/InfoFachlich.xsd | 103 + .../xsd/eingebunden/InfoTechnisch.xsd | 103 + .../xsd/eingebunden/MeldungFelder.xsd | 283 + .../xsd/eingebunden/PersonDataZMR.xsd | 741 ++ .../xsd/eingebunden/PersonExport.xsd | 107 + .../xsd/eingebunden/PersonFelder.xsd | 70 + .../xsd/eingebunden/SimpleTypes.xsd | 173 + .../xsd/eingebunden/W3C-XMLDSig.xsd | 274 + .../xsd/eingebunden/Workflow.xsd | 200 + .../xsd/zmr/Adresssuche.xsd | 128 + .../addresssearching_client/xsd/zmr/ZMRProxy.xsd | 33 + 32 files changed, 16734 insertions(+), 1 deletion(-) create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienBezirkRequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienBezirkResponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienBezirkStrasseRequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienBezirkStrasseResponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienRequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienResponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienStrasseAuswahlRequest.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienStrasseAuswahlResponse.xml create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/wsdl/Messages.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/wsdl/Service.wsdl create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/wsdl/secext.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/wsdl/secext_pvp.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/allgemein/Messages.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/allgemein/Service.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/AbfrageMuster.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/AkademischerGradFelder.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/Blaettern.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/DokumentFelder.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/EingebundenProxy.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/Entity.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/InfoFachlich.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/InfoTechnisch.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/MeldungFelder.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/PersonDataZMR.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/PersonExport.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/PersonFelder.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/SimpleTypes.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/W3C-XMLDSig.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/Workflow.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/zmr/Adresssuche.xsd create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/zmr/ZMRProxy.xsd (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/resources') diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml index 95ad2856..a51d031d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/pom.xml +++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml @@ -279,13 +279,24 @@ -verbose - + ${basedir}/src/main/resources/wsdl/zmr_client/wsdl/Service.wsdl -verbose + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienBezirkRequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienBezirkRequest.xml new file mode 100644 index 00000000..fae66796 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienBezirkRequest.xml @@ -0,0 +1,58 @@ + + + + + + AT:B:xxx + + userid + full name + AT:B:xxx + Organisation + 3 + AT:B:112:PID:71923 + e@mail + + + + + + + + + + + + + GP_Abfragen + 786700000003030 + 0 + ZMR_VO_Adresssuche_im_GWR__6 + + + + 09999 + + ZMR3-GUI 1.2.36.2- + + + + ADRESSSUCHE + + + + Wien + 90001 + Wien,Favoriten + + + + + + 17232 + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienBezirkResponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienBezirkResponse.xml new file mode 100644 index 00000000..20151698 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienBezirkResponse.xml @@ -0,0 +1,12422 @@ + + + + + + GP_Mindestsicherung + Mindestsicherung + 786700000003031 + 0 + + + ZMR-Server Version: 0.0 + 2021-05-27T10:58:13.555 + 8581910000014155 + + + + + ADRESSSUCHE + + + + Wien + 90001 + Wien,Favoriten + + + 17232 + + H + false + false + + + + 30115 + Adresssuche durchgeführt, mehrere Treffer zur Auswahl. + + + Strassenname + 589 + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Absbergbrücke + false + + + + + 17232 + 910326 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Absberggasse + false + + + + + 17232 + 900007 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Ada-Christen-Gasse + false + + + + + 17232 + 905509 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Adolf-Kirchl-Gasse + false + + + + + 17232 + 900025 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Adolf-Unger-Gasse + false + + + + + 17232 + 905520 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Ahornhof + false + + + + + 17232 + 914201 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Alaudagasse + false + + + + + 17232 + 905508 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Alfred-Adler-Straße + false + + + + + 17232 + 906627 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Alfred-Stix-Platz + false + + + + + 17232 + 900066 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Alma-Rosé-Gasse + false + + + + + 17232 + 905519 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Alpengasse + false + + + + + 17232 + 900085 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Altdorferstraße + false + + + + + 17232 + 900092 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Alte Laaer Straße + false + + + + + 17232 + 900094 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Alxingergasse + false + + + + + 17232 + 900106 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Am Belvedere + false + + + + + 17232 + 912045 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Am Hauptbahnhof + false + + + + + 17232 + 901314 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Am Johannesberg + false + + + + + 17232 + 909120 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Am Laaer Berg + false + + + + + 17232 + 914005 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Amalienbad + false + + + + + 17232 + 922002 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Amarantgasse + false + + + + + 17232 + 900110 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Ampferergasse + false + + + + + 17232 + 900149 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + An der Hölle + false + + + + + 17232 + 900175 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + An der Kuhtrift + false + + + + + 17232 + 909729 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + An der Ostbahn + false + + + + + 17232 + 900180 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Angeligasse + false + + + + + 17232 + 900198 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Anna-Boschek-Hof + false + + + + + 17232 + 914348 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Anningerweg + false + + + + + 17232 + 909142 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Anny-Angel-Katan-Weg + false + + + + + 17232 + 906981 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Anton-Balzer-Weg + false + + + + + 17232 + 912511 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Anton-Hölzl-Hof + false + + + + + 17232 + 914252 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Antonie-Alt-Gasse + false + + + + + 17232 + 906624 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Antonsplatz + false + + + + + 17232 + 900229 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Arnold-Holm-Gasse + false + + + + + 17232 + 905521 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Arsenalstraße + false + + + + + 17232 + 900260 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Arthaberplatz + false + + + + + 17232 + 900263 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Artholdgasse + false + + + + + 17232 + 906724 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Aspangbahn + false + + + + + 17232 + 990713 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + August-Forel-Gasse + false + + + + + 17232 + 900299 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + August-Kronberger-Gasse + false + + + + + 17232 + 900303 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + August-Motz-Rettungsstation + false + + + + + 17232 + 918434 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + August-Sigl-Straße + false + + + + + 17232 + 906124 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Bahnhof Matzleinsdorfer Platz + false + + + + + 17232 + 990534 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Bahnlände + false + + + + + 17232 + 900342 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Baron-Karl-Gasse + false + + + + + 17232 + 906085 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Battiggasse + false + + + + + 17232 + 900371 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Beichlgasse + false + + + + + 17232 + 909318 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Belgradplatz + false + + + + + 17232 + 900403 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Benischkegasse + false + + + + + 17232 + 909155 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Bergtaidingweg + false + + + + + 17232 + 905510 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Berlepschgasse + false + + + + + 17232 + 900434 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Bernadottegasse + false + + + + + 17232 + 900435 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Bernhardtstalgasse + false + + + + + 17232 + 900439 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Berthold-Viertel-Gasse + false + + + + + 17232 + 900444 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Biererlgasse + false + + + + + 17232 + 900468 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Bildungscampus Sonnwendviertel + false + + + + + 17232 + 921151 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Birkenhof + false + + + + + 17232 + 914203 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Birnbaumgasse + false + + + + + 17232 + 900480 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Bischofgasse + false + + + + + 17232 + 900486 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Bischofplatz + false + + + + + 17232 + 900487 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Bitterlichstraßenbrücke + false + + + + + 17232 + 910452 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Bitterlichstraße + false + + + + + 17232 + 900488 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Blaschkagasse + false + + + + + 17232 + 909124 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Bleichsteinerstraße + false + + + + + 17232 + 900498 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Bleigasse + false + + + + + 17232 + 900499 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Bloch-Bauer-Promenade + false + + + + + 17232 + 912685 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Braheplatz + false + + + + + 17232 + 900552 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Brantinggasse + false + + + + + 17232 + 900561 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Braunspergengasse + false + + + + + 17232 + 900568 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Brigitte-Neumeister-Platz + false + + + + + 17232 + 906747 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Brunngraberhof + false + + + + + 17232 + 914020 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Brunnweg + false + + + + + 17232 + 900626 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Brücke Ferdinand-Löwe-Straße + false + + + + + 17232 + 910300 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Buchengasse + false + + + + + 17232 + 900630 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Bullgasse + false + + + + + 17232 + 900650 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Burgenlandgasse + false + + + + + 17232 + 900654 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Bürgergasse + false + + + + + 17232 + 900641 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Canettistraße + false + + + + + 17232 + 906628 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Carl-Appel-Straße + false + + + + + 17232 + 906526 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Carl-Prohaska-Platz + false + + + + + 17232 + 900678 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Ceralegasse + false + + + + + 17232 + 900688 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Chiarigasse + false + + + + + 17232 + 900694 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Clemens-Holzmeister-Straße + false + + + + + 17232 + 906529 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Collmanngasse + false + + + + + 17232 + 909153 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Columbusgasse + false + + + + + 17232 + 900724 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Columbusplatz + false + + + + + 17232 + 900725 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Computerstraße + false + + + + + 17232 + 905998 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Czeikestraße + false + + + + + 17232 + 905930 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Dampfgasse + false + + + + + 17232 + 900769 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Daumegasse + false + + + + + 17232 + 909736 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Davidgasse + false + + + + + 17232 + 900786 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Dieselgasse + false + + + + + 17232 + 900826 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Doerenkampgasse + false + + + + + 17232 + 909159 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Domaniggasse + false + + + + + 17232 + 905947 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Donabaumgasse + false + + + + + 17232 + 900889 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Dr.-Eberle-Gasse + false + + + + + 17232 + 909145 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Dr.-Franz-Pauer-Hof + false + + + + + 17232 + 914206 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Durchlass Volksparkteich + false + + + + + 17232 + 910449 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Eckertgasse + false + + + + + 17232 + 900963 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Eckhelgasse + false + + + + + 17232 + 909139 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Economogasse + false + + + + + 17232 + 900966 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Eddagasse + false + + + + + 17232 + 900967 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Eibesbrunnergasse + false + + + + + 17232 + 901002 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Eichenstraße + false + + + + + 17232 + 901009 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Eisenmengergasse + false + + + + + 17232 + 901025 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Eisenstadtplatz + false + + + + + 17232 + 901026 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Ellen-Key-Gasse + false + + + + + 17232 + 901040 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Emil-Fucik-Gasse + false + + + + + 17232 + 906513 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Emil-Fucik-Hof + false + + + + + 17232 + 914309 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Emil-Hertzka-Platz + false + + + + + 17232 + 901050 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Emil-Ottenthal-Gasse + false + + + + + 17232 + 901052 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Emilie-Flöge-Weg + false + + + + + 17232 + 912763 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Endlichergasse + false + + + + + 17232 + 901056 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Enge Lucken + false + + + + + 17232 + 905538 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Erlachgasse + false + + + + + 17232 + 901086 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Erlachplatz + false + + + + + 17232 + 901087 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Ernst-Kirchweger-Hof + false + + + + + 17232 + 914282 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Ernst-Ludwig-Gasse + false + + + + + 17232 + 901095 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Eschenallee + false + + + + + 17232 + 901100 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Eschenkogelgasse + false + + + + + 17232 + 901102 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Ettenreichgasse + false + + + + + 17232 + 901113 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Eugenie-Fink-Gasse + false + + + + + 17232 + 905524 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Eva-Zilcher-Gasse + false + + + + + 17232 + 906721 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Favoriten + Evangelischer Friedhof + false + + + + + 17232 + 919048 + + H + true + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Fatinitzaweg + false + + + + + 17232 + 901145 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Favoritenstraße + false + + + + + 17232 + 901147 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Favoritner Gewerbering + false + + + + + 17232 + 909900 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Felix-Grafe-Gasse + false + + + + + 17232 + 905533 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Ferdinand-Löwe-Straße + false + + + + + 17232 + 901173 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Fernkorngasse + false + + + + + 17232 + 901177 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Feuchterslebengasse + false + + + + + 17232 + 901183 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Feßlergasse + false + + + + + 17232 + 901181 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Filmstadttreppenbrücke + false + + + + + 17232 + 910444 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Filmteichstraße + false + + + + + 17232 + 901204 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Fingergasse + false + + + + + 17232 + 901195 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Fischhofgasse + false + + + + + 17232 + 909135 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Favoriten + Fliederhof + false + + + + + 17232 + 905672 + + H + true + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Fliederhof + false + + + + + 17232 + 914204 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Florian-Geyer-Gasse + false + + + + + 17232 + 901224 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Fontanastraße + false + + + + + 17232 + 905936 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Franz-Jachym-Platz + false + + + + + 17232 + 906268 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Franz-Koci-Straße + false + + + + + 17232 + 905535 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Franz-Mika-Weg + false + + + + + 17232 + 912560 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Franz-Schreker-Gasse + false + + + + + 17232 + 901278 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Franz-Schuh-Gasse + false + + + + + 17232 + 901281 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Franz-von-Sales-Steg + false + + + + + 17232 + 910440 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Franzosenweg + false + + + + + 17232 + 901272 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Favoriten + Friedhofstraße + false + + + + + 17232 + 901312 + + H + true + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Friedrich-Adler-Weg + false + + + + + 17232 + 906120 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Friedrich-Knauer-Gasse + false + + + + + 17232 + 901321 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Friedrich-Teller-Gasse + false + + + + + 17232 + 901327 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Friesenplatz + false + + + + + 17232 + 901330 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Fritz-Hahn-Gasse + false + + + + + 17232 + 906719 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Fritz-Pregl-Gasse + false + + + + + 17232 + 901335 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Frödenplatz + false + + + + + 17232 + 901338 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Fußgehersteg über die A3 + false + + + + + 17232 + 910448 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Fürstenhoferstraße + false + + + + + 17232 + 905933 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Gaißmayrgasse + false + + + + + 17232 + 901383 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Favoriten + Gartengasse + false + + + + + 17232 + 905709 + + H + true + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Gartenschaugasse + false + + + + + 17232 + 909156 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Gartensteg + false + + + + + 17232 + 910381 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Gasparoneweg + false + + + + + 17232 + 901405 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Geißfußgasse + false + + + + + 17232 + 901428 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Gellertgasse + false + + + + + 17232 + 901432 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Gellertplatz + false + + + + + 17232 + 901433 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Georg-Prentl-Gasse + false + + + + + 17232 + 901448 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Georg-Wiesmayer-Gasse + false + + + + + 17232 + 901451 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Georg-Wilhelm-Pabst-Gasse + false + + + + + 17232 + 905531 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + George-Washington-Hof + false + + + + + 17232 + 914200 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Gerhard-Bronner-Straße + false + + + + + 17232 + 906629 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Gertrude-Fröhlich-Sandner-Straße + false + + + + + 17232 + 906626 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Gimniggasse + false + + + + + 17232 + 901496 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Gombrichgasse + false + + + + + 17232 + 906701 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Graffgasse + false + + + + + 17232 + 901570 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Grenzackerstraße + false + + + + + 17232 + 901595 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Grohnergasse + false + + + + + 17232 + 906125 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Grundäckergasse + false + + + + + 17232 + 901650 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Gudrunstraße + false + + + + + 17232 + 901660 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Gutheil-Schoder-Gasse + false + + + + + 17232 + 901690 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Gußriegelstraße + false + + + + + 17232 + 901682 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Gödelgasse + false + + + + + 17232 + 912783 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Göteborggasse + false + + + + + 17232 + 901535 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Götzgasse + false + + + + + 17232 + 901538 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Güterzentrum Wien Süd + false + + + + + 17232 + 919100 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hackergasse + false + + + + + 17232 + 906699 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hantzenbergergasse + false + + + + + 17232 + 901798 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hardtmuthgasse + false + + + + + 17232 + 901802 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Harry-Glück-Platz + false + + + + + 17232 + 906780 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hasengasse + false + + + + + 17232 + 901818 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hasenöhrlstraße + false + + + + + 17232 + 901821 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hauptwegbrücke + false + + + + + 17232 + 910443 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hausergasse + false + + + + + 17232 + 901844 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hebbelgasse + false + + + + + 17232 + 901857 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hebbelplatz + false + + + + + 17232 + 901858 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hederichgasse + false + + + + + 17232 + 901862 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Heimkehrergasse + false + + + + + 17232 + 901880 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Heinrich-Zeder-Weg + false + + + + + 17232 + 912577 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Helmut-Zilk-Park + false + + + + + 17232 + 920314 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hentzigasse + false + + + + + 17232 + 901915 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hermann-Mark-Gasse + false + + + + + 17232 + 906683 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hermann-Schöne-Platz + false + + + + + 17232 + 901930 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hermine-Fiala-Hof + false + + + + + 17232 + 914259 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Herndlgasse + false + + + + + 17232 + 901937 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Herogasse + false + + + + + 17232 + 901939 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Herschelgasse + false + + + + + 17232 + 901942 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hertha-Firnberg-Straße + false + + + + + 17232 + 906253 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Herzgasse + false + + + + + 17232 + 901948 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Heuberggstättenstraße + false + + + + + 17232 + 901959 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Himberger Brücke + false + + + + + 17232 + 910075 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Himberger Straße + false + + + + + 17232 + 901972 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hintere Liesingbachstraße + false + + + + + 17232 + 901980 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hintschiggasse + false + + + + + 17232 + 906123 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hlawkagasse + false + + + + + 17232 + 906722 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hofherrgasse + false + + + + + 17232 + 902033 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Holbeingasse + false + + + + + 17232 + 902054 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Holeyplatz + false + + + + + 17232 + 902056 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hollitzergasse + false + + + + + 17232 + 902061 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Holzknechtstraße + false + + + + + 17232 + 902069 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Horrplatz + false + + + + + 17232 + 900376 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hubert-Gsur-Gasse + false + + + + + 17232 + 905526 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hueberhof + false + + + + + 17232 + 914084 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hugo-Meisl-Weg + false + + + + + 17232 + 912447 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Humboldtgasse + false + + + + + 17232 + 902101 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Humboldtplatz + false + + + + + 17232 + 902102 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Huppgasse + false + + + + + 17232 + 902106 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Hämmerlegasse + false + + + + + 17232 + 901719 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Ignaz-Pleyel-Gasse + false + + + + + 17232 + 902122 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Indigoweg + false + + + + + 17232 + 902143 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Innovationsstraße + false + + + + + 17232 + 906582 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Inzersdorfer Straße + false + + + + + 17232 + 902154 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Jagdgasse + false + + + + + 17232 + 902171 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Jean-Jaures-Hof + false + + + + + 17232 + 914086 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Jenny-Lind-Gasse + false + + + + + 17232 + 902198 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Johann-Friedl-Gasse + false + + + + + 17232 + 902221 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Johann-Friedl-Steg + false + + + + + 17232 + 910079 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Johann-Pölzer-Gasse + false + + + + + 17232 + 905545 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Johannitergasse + false + + + + + 17232 + 902225 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Josef-Enslein-Platz + false + + + + + 17232 + 902241 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Jungbauerweg + false + + + + + 17232 + 912451 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Jura-Soyfer-Gasse + false + + + + + 17232 + 905544 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Am Lindkogl + false + + + + + 17232 + 916411 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Amarantgasse + false + + + + + 17232 + 916518 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG An der Rosiwalgasse + false + + + + + 17232 + 916701 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Anningerblick + false + + + + + 17232 + 916362 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Arbeiter Schrebergarten Verein Favoriten + false + + + + + 17232 + 916363 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Aus eigener Kraft + false + + + + + 17232 + 916034 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Bitterlichstraße + false + + + + + 17232 + 916583 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Blumental Alt + false + + + + + 17232 + 916039 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Blumental Neu + false + + + + + 17232 + 916354 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Boschberg + false + + + + + 17232 + 916040 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Eremit + false + + + + + 17232 + 916429 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Eschenkogel + false + + + + + 17232 + 916412 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Ettenreich + false + + + + + 17232 + 916067 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Favoriten + false + + + + + 17232 + 916069 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Fischeralm + false + + + + + 17232 + 916071 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Frohsinn + false + + + + + 17232 + 916076 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Garten-und Tierfreunde + false + + + + + 17232 + 916087 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Grenzacker + false + + + + + 17232 + 916085 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Hentzigasse + false + + + + + 17232 + 916437 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Heuberggstätten + false + + + + + 17232 + 916428 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Karl-Fürstenhofer + false + + + + + 17232 + 916419 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Kriegsinvalide Österreich + false + + + + + 17232 + 916434 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Laaerwald Gruppe Ferstl + false + + + + + 17232 + 916519 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Laxenburger Allee + false + + + + + 17232 + 916410 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Liesingbach + false + + + + + 17232 + 916451 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Löwygrube + false + + + + + 17232 + 916361 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Mühlbach + false + + + + + 17232 + 916427 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Rasenstadt + false + + + + + 17232 + 916413 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Reifental + false + + + + + 17232 + 916194 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Rudolfshöhe + false + + + + + 17232 + 916210 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Rudolfshügel + false + + + + + 17232 + 916211 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG SDL Laaerwald + false + + + + + 17232 + 916516 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Südhang + false + + + + + 17232 + 916498 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Unterer Gaisberg + false + + + + + 17232 + 916244 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Unterm Sender + false + + + + + 17232 + 916517 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Weichselgarten + false + + + + + 17232 + 916259 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Weichseltal + false + + + + + 17232 + 916463 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Wienerberg + false + + + + + 17232 + 916477 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Wienerfeld + false + + + + + 17232 + 916414 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Wilhelmshöhe + false + + + + + 17232 + 916261 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Zum Acker + false + + + + + 17232 + 916702 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG Zwillingsee + false + + + + + 17232 + 916356 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG ÖBB Maxing Schwimmschulteich + false + + + + + 17232 + 916526 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG ÖBB Wien-Süd 2054 + false + + + + + 17232 + 916435 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + KLG ÖBB Zweigverein 2066 + false + + + + + 17232 + 916525 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Kaistraße + false + + + + + 17232 + 902323 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Karl-Diener-Gasse + false + + + + + 17232 + 902364 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Karl-Popper-Straße + false + + + + + 17232 + 906622 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Karl-Wrba-Hof + false + + + + + 17232 + 914224 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Karmarschgasse + false + + + + + 17232 + 902392 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Karplusgasse + false + + + + + 17232 + 902397 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Katharinengasse + false + + + + + 17232 + 902404 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Keldorfergasse + false + + + + + 17232 + 902421 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Kempelengasse + false + + + + + 17232 + 902425 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Kennergasse + false + + + + + 17232 + 902428 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Keplergasse + false + + + + + 17232 + 902430 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Keplerplatz + false + + + + + 17232 + 902431 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Kerschbaumgasse + false + + + + + 17232 + 906381 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Kiesewettergasse + false + + + + + 17232 + 902451 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Favoriten + Kirchengasse + false + + + + + 17232 + 902463 + + H + true + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Kirsteweg + false + + + + + 17232 + 905810 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Kittelsengasse + false + + + + + 17232 + 902473 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Kiurinagasse + false + + + + + 17232 + 902474 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Klasterskygasse + false + + + + + 17232 + 909143 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Klausenburger Straße + false + + + + + 17232 + 902484 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Klederinger Brücke + false + + + + + 17232 + 910081 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Klederinger Straße + false + + + + + 17232 + 902489 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Klemens-Dorn-Gasse + false + + + + + 17232 + 902506 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Knöllgasse + false + + + + + 17232 + 902535 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Koliskogasse + false + + + + + 17232 + 902572 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Kolowratgasse + false + + + + + 17232 + 909157 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Kornauthgasse + false + + + + + 17232 + 909972 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Kossmatplatz + false + + + + + 17232 + 902618 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Favoriten + Kreuzgasse + false + + + + + 17232 + 902654 + + H + true + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Kreuzsteg + false + + + + + 17232 + 910078 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Kronawettergasse + false + + + + + 17232 + 902667 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Kudlichgasse + false + + + + + 17232 + 902683 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Kundratstraße + false + + + + + 17232 + 902708 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Kur-und Erholungspark Laaer Berg + false + + + + + 17232 + 920103 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Kurbadstraße + false + + + + + 17232 + 902758 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Kurt-Tichy-Gasse + false + + + + + 17232 + 909138 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Kästenbaumgasse + false + + + + + 17232 + 902304 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Kästenbaumtunnel + false + + + + + 17232 + 910771 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Käthe-Odwody-Gasse + false + + + + + 17232 + 912608 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Köglergasse + false + + + + + 17232 + 902546 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Laaer Berg + false + + + + + 17232 + 918154 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Laaer Wald + false + + + + + 17232 + 905673 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Laaer-Berg-Straße + false + + + + + 17232 + 902724 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Laaer-Wald-Straße + false + + + + + 17232 + 902725 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Laaerbergbad + false + + + + + 17232 + 922018 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Laimäckergasse + false + + + + + 17232 + 902741 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Landgutgasse + false + + + + + 17232 + 902754 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Langsulzgasse + false + + + + + 17232 + 902771 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Laubeplatz + false + + + + + 17232 + 902789 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Laxenburger Brücke + false + + + + + 17232 + 910293 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Laxenburger Straße + false + + + + + 17232 + 902802 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Lecherweg + false + + + + + 17232 + 902812 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Leebgasse + false + + + + + 17232 + 902817 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Lehmgasse + false + + + + + 17232 + 902822 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Leibnizgasse + false + + + + + 17232 + 902828 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Leopoldsdorfer Brücke + false + + + + + 17232 + 910076 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Leopoldsdorfer Straße + false + + + + + 17232 + 902856 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Libussagasse + false + + + + + 17232 + 902879 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Liesingbachstraße + false + + + + + 17232 + 902899 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Lindkogelgasse + false + + + + + 17232 + 902913 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Lippmanngasse + false + + + + + 17232 + 902926 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Ludwig-von-Höhnel-Gasse + false + + + + + 17232 + 902992 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Lundgasse + false + + + + + 17232 + 903000 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Löwyweg + false + + + + + 17232 + 906101 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Macholdastraße + false + + + + + 17232 + 906214 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Maiklgasse + false + + + + + 17232 + 903025 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Maillygasse + false + + + + + 17232 + 903027 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Malborghetgasse + false + + + + + 17232 + 903032 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Malmögasse + false + + + + + 17232 + 903036 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Mannhartgasse + false + + + + + 17232 + 903044 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Mannschildgasse + false + + + + + 17232 + 903046 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Marconiweg + false + + + + + 17232 + 903060 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Margareta-Heinrich-Weg + false + + + + + 17232 + 905931 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Margarete-Hilferding-Hof + false + + + + + 17232 + 914338 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Margaretengürtel + false + + + + + 17232 + 903065 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Maria-Kuhn-Gasse + false + + + + + 17232 + 906527 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Maria-Lassnig-Straße + false + + + + + 17232 + 906720 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Maria-Rekker-Gasse + false + + + + + 17232 + 905920 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Maria-und-Rudolf-Fischer-Hof + false + + + + + 17232 + 914113 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Marianne-Pollak-Gasse + false + + + + + 17232 + 906723 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Marizaweg + false + + + + + 17232 + 909943 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Matzleinsdorf Frachtenbahnhof + false + + + + + 17232 + 990507 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Max-Fleischer-Gasse + false + + + + + 17232 + 905561 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Max-Mauermann-Gasse + false + + + + + 17232 + 903137 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Medeagasse + false + + + + + 17232 + 903150 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Migerkastraße + false + + + + + 17232 + 903208 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Mithlingerhof + false + + + + + 17232 + 914120 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Moritz-Seeler-Gasse + false + + + + + 17232 + 905528 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Moselgasse + false + + + + + 17232 + 909152 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Muhrengasse + false + + + + + 17232 + 903315 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Munchgasse + false + + + + + 17232 + 903318 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Munchplatz + false + + + + + 17232 + 903319 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Mundygasse + false + + + + + 17232 + 903320 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Munthegasse + false + + + + + 17232 + 903321 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Murbangasse + false + + + + + 17232 + 906167 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Männertreugasse + false + + + + + 17232 + 903017 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Mühlgasse + false + + + + + 17232 + 903296 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Mühlstraße + false + + + + + 17232 + 903303 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Naderstraße + false + + + + + 17232 + 903338 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Neilreichgasse + false + + + + + 17232 + 903355 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Neuburgergasse + false + + + + + 17232 + 905503 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Neugrabenstraße + false + + + + + 17232 + 903381 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Neusetzgasse + false + + + + + 17232 + 903391 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Nielrosenweg + false + + + + + 17232 + 905704 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Ober-Laa Frachtenbahnhof + false + + + + + 17232 + 990508 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Ober-Laaer Friedhof + false + + + + + 17232 + 919030 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Ober-Laaer Platz + false + + + + + 17232 + 903466 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Obere Grenzgasse + false + + + + + 17232 + 905588 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Oberlaaer Steg + false + + + + + 17232 + 910077 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Oberlaaer Straße + false + + + + + 17232 + 903467 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Olaus-Petri-Gasse + false + + + + + 17232 + 903498 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Olof-Palme-Hof + false + + + + + 17232 + 914278 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Oppenheimgasse + false + + + + + 17232 + 903510 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Oppenheimweg + false + + + + + 17232 + 905609 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Ordengasse + false + + + + + 17232 + 903514 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Otto-Geißler-Platz + false + + + + + 17232 + 906390 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Otto-Probst-Platz + false + + + + + 17232 + 906211 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Otto-Probst-Straße + false + + + + + 17232 + 906062 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Otto-Willmann-Gasse + false + + + + + 17232 + 905816 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Ottokar-Fischer-Gasse + false + + + + + 17232 + 906766 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Palisagasse + false + + + + + 17232 + 903550 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Paltramplatz + false + + + + + 17232 + 903556 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Passage Gudrunstraße + false + + + + + 17232 + 910311 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Passage Triester Straße + false + + + + + 17232 + 910320 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Passinigasse + false + + + + + 17232 + 903584 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Patrubangasse + false + + + + + 17232 + 903589 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Per-Albin-Hansson-Straße + false + + + + + 17232 + 903617 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Pernerstorfergasse + false + + + + + 17232 + 903623 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Pernerstorferhof + false + + + + + 17232 + 914126 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Pernerstorfersteg + false + + + + + 17232 + 910382 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Peutlmühlensteg + false + + + + + 17232 + 910049 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Pichelmayergasse + false + + + + + 17232 + 903676 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Pickgasse + false + + + + + 17232 + 906274 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Pirchangasse + false + + + + + 17232 + 903693 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Planetengasse + false + + + + + 17232 + 903700 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Popovweg + false + + + + + 17232 + 903729 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Puchsbaumgasse + false + + + + + 17232 + 903789 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Puchsbaumplatz + false + + + + + 17232 + 903790 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Pölzerhof + false + + + + + 17232 + 914130 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Quaringasse + false + + + + + 17232 + 903807 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Quarinhof + false + + + + + 17232 + 914135 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Quellenplatz + false + + + + + 17232 + 903809 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Quellenstraße + false + + + + + 17232 + 903810 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + R.-Platzer-Hof + false + + + + + 17232 + 914194 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Raaber-Bahn-Gasse + false + + + + + 17232 + 903815 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Radnitzkygasse + false + + + + + 17232 + 903830 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Ramsaygasse + false + + + + + 17232 + 903845 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Randhartingergasse + false + + + + + 17232 + 903848 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Ranzonigasse + false + + + + + 17232 + 903853 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Raxstraße + false + + + + + 17232 + 903875 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Rechberggasse + false + + + + + 17232 + 903878 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Reichenbachgasse + false + + + + + 17232 + 903892 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Reisingergasse + false + + + + + 17232 + 903912 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Remystraße + false + + + + + 17232 + 903921 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Restaurantbrücke + false + + + + + 17232 + 910442 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Reumannplatz + false + + + + + 17232 + 903933 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Ricarda-Huch-Weg + false + + + + + 17232 + 905815 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Rickard-Lindström-Gasse + false + + + + + 17232 + 903943 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Rieplstraße + false + + + + + 17232 + 903953 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Rissaweggasse + false + + + + + 17232 + 903963 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Rosiwalgasse + false + + + + + 17232 + 904037 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Rotdornallee + false + + + + + 17232 + 904043 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Rotenhofgasse + false + + + + + 17232 + 904046 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Rothneusiedler Gasse + false + + + + + 17232 + 904058 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Rothneusiedl + false + + + + + 17232 + 918350 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Roubiczekgasse + false + + + + + 17232 + 909140 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Rudolf-Friemel-Gasse + false + + + + + 17232 + 906580 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Rudolf-Kalab-Gasse + false + + + + + 17232 + 909929 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Rudolf-Skodak-Gasse + false + + + + + 17232 + 901402 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Rustenfeldgasse + false + + + + + 17232 + 905587 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Rädda-Barnen-Platz + false + + + + + 17232 + 903828 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + SMZ-Süd Kaiser-Franz-Josef-Spital + false + + + + + 17232 + 921005 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + SP-Favoritner-Athletik-Club + false + + + + + 17232 + 922224 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + SP-Haus des Sportes + false + + + + + 17232 + 922223 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + SP-Laaerberg + false + + + + + 17232 + 922225 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + SP-Rapid Oberlaa + false + + + + + 17232 + 922222 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + SP-Stadt Wien + false + + + + + 17232 + 922226 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + SP-WSTW-Verkehrsbetriebe + false + + + + + 17232 + 922227 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + SP-Wienerberg + false + + + + + 17232 + 922228 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Sahulkastraße + false + + + + + 17232 + 904112 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Saligergasse + false + + + + + 17232 + 904119 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Salvatorianerplatz + false + + + + + 17232 + 904128 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Sanzingasse + false + + + + + 17232 + 904164 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Sapphogasse + false + + + + + 17232 + 904166 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Saßmanngasse + false + + + + + 17232 + 904169 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Schautagasse + false + + + + + 17232 + 904206 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Scheugasse + false + + + + + 17232 + 904232 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Scheunenstraße + false + + + + + 17232 + 904233 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Schleiergasse + false + + + + + 17232 + 904272 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Schrackbrücke + false + + + + + 17232 + 910450 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Schrankenberggasse + false + + + + + 17232 + 904348 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Schrödingerhof + false + + + + + 17232 + 914147 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Schröttergasse + false + + + + + 17232 + 904361 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Schwarzgrubergasse + false + + + + + 17232 + 904415 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Schönygasse + false + + + + + 17232 + 906050 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Sebastianbrücke + false + + + + + 17232 + 910080 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Sedlacekweg + false + + + + + 17232 + 912448 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Segnerstraße + false + + + + + 17232 + 904459 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Selma-Lagerlöf-Gasse + false + + + + + 17232 + 904476 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Senefeldergasse + false + + + + + 17232 + 904482 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Senfgasse + false + + + + + 17232 + 904483 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Servaesgasse + false + + + + + 17232 + 904487 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Sibeliusstraße + false + + + + + 17232 + 904497 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Siccardsburggasse + false + + + + + 17232 + 904498 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Sickingengasse + false + + + + + 17232 + 904500 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Sindelargasse + false + + + + + 17232 + 904543 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Sindinggasse + false + + + + + 17232 + 904544 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Sissy-Löwinger-Weg + false + + + + + 17232 + 906727 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Soesergasse + false + + + + + 17232 + 904562 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Sonderadresse 10. Bezirk + false + + + + + 17232 + 918910 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Sonnleithnergasse + false + + + + + 17232 + 904586 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Sonnwendgasse + false + + + + + 17232 + 904587 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Starkegasse + false + + + + + 17232 + 904661 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Staudiglgasse + false + + + + + 17232 + 904665 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Stefan-Fadinger-Platz + false + + + + + 17232 + 904710 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Steg Absberggasse + false + + + + + 17232 + 910375 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Steg an der Kaistraße + false + + + + + 17232 + 910074 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Steineichengasse + false + + + + + 17232 + 904690 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Steinschötelgasse + false + + + + + 17232 + 904703 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Stella-Kadmon-Weg + false + + + + + 17232 + 909937 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Steudelgasse + false + + + + + 17232 + 904717 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Stinygasse + false + + + + + 17232 + 904728 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Stockholmer Platz + false + + + + + 17232 + 904731 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Suchenwirtplatz + false + + + + + 17232 + 904803 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Susi-Nicoletti-Weg + false + + + + + 17232 + 909137 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Südtiroler Platz + false + + + + + 17232 + 904807 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Tegnérgasse + false + + + + + 17232 + 904843 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Favoriten + Teichgasse + false + + + + + 17232 + 904845 + + H + true + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Tesarekplatz + false + + + + + 17232 + 906212 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Tessingasse + false + + + + + 17232 + 904859 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Theodor-Sickel-Gasse + false + + + + + 17232 + 904875 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Thermalbad Oberlaa + false + + + + + 17232 + 922007 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Thomas-Münzer-Gasse + false + + + + + 17232 + 904885 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Trambauerstraße + false + + + + + 17232 + 904929 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Triester Straße + false + + + + + 17232 + 904954 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Troststraße + false + + + + + 17232 + 904962 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Twin Tower + false + + + + + 17232 + 918483 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Tyrnauer Gasse + false + + + + + 17232 + 904989 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + U-Bahn Station Alaudagasse + false + + + + + 17232 + 990134 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + U-Bahn Station Altes Landgut + false + + + + + 17232 + 990133 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + U-Bahn Station Keplerplatz + false + + + + + 17232 + 990041 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + U-Bahn Station Neulaa + false + + + + + 17232 + 990135 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + U-Bahn Station Oberlaa + false + + + + + 17232 + 990136 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + U-Bahn Station Reumannplatz + false + + + + + 17232 + 990027 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + U-Bahn Station Troststraße + false + + + + + 17232 + 990132 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Uetzgasse + false + + + + + 17232 + 904995 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Uhlandgasse + false + + + + + 17232 + 904996 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Uhligstraße + false + + + + + 17232 + 904997 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Undsetgasse + false + + + + + 17232 + 905008 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Unter-Laaer Straße + false + + + + + 17232 + 905027 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Unter-Meidlinger Straße + false + + + + + 17232 + 905028 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Untere Bahnlände + false + + + + + 17232 + 906292 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Untere Kaistraße + false + + + + + 17232 + 906293 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Unterfahrung Laaer-Berg-Straße + false + + + + + 17232 + 910313 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Unterführung Laaer Wald + false + + + + + 17232 + 910447 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Unterführung Neilreichgasse + false + + + + + 17232 + 910123 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Unterlaaer Platz + false + + + + + 17232 + 906159 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Unterlaa + false + + + + + 17232 + 918298 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Upsalagasse + false + + + + + 17232 + 905030 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Urselbrunnengasse + false + + + + + 17232 + 905036 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Vally-Weigl-Gasse + false + + + + + 17232 + 906700 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Van-der-Nüll-Gasse + false + + + + + 17232 + 905040 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Vettersgasse + false + + + + + 17232 + 905072 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Victor-Gruen-Gasse + false + + + + + 17232 + 906047 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Viktor-Adler-Hof + false + + + + + 17232 + 914169 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Viktor-Adler-Markt + false + + + + + 17232 + 917024 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Viktor-Adler-Platz + false + + + + + 17232 + 905075 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Vitalygasse + false + + + + + 17232 + 906716 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Vivaldigasse + false + + + + + 17232 + 909971 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Vogentalgasse + false + + + + + 17232 + 905102 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Volkmargasse + false + + + + + 17232 + 905109 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Volkspark-Laaerberge + false + + + + + 17232 + 920047 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Vollnhoferplatz + false + + + + + 17232 + 906611 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Vondrakplatz + false + + + + + 17232 + 906369 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Waldgasse + false + + + + + 17232 + 905140 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Waldmüllerpark + false + + + + + 17232 + 920091 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Waltenhofengasse + false + + + + + 17232 + 905164 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Walter-Lindenbaum-Gasse + false + + + + + 17232 + 905573 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Watzlawickweg + false + + + + + 17232 + 912762 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Weichselbaumgasse + false + + + + + 17232 + 905199 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Weidelstraße + false + + + + + 17232 + 905202 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Weigandhof + false + + + + + 17232 + 905698 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Weitmosergasse + false + + + + + 17232 + 905239 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Weizengasse + false + + + + + 17232 + 905241 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Weldengasse + false + + + + + 17232 + 905243 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Wendstattgasse + false + + + + + 17232 + 905574 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Wiedner Gürtel + false + + + + + 17232 + 905278 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Wielandgasse + false + + + + + 17232 + 905281 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Wielandplatz + false + + + + + 17232 + 905282 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Wienerbergerplatz + false + + + + + 17232 + 907013 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Wienerbergstraße + false + + + + + 17232 + 905284 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Wienerfeldgasse + false + + + + + 17232 + 905285 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Wiesenthalgasse + false + + + + + 17232 + 906048 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Wilczekgasse + false + + + + + 17232 + 905310 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Wilhelm-Pinka-Platz + false + + + + + 17232 + 906257 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Windtenstraße + false + + + + + 17232 + 905343 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Wirerstraße + false + + + + + 17232 + 905354 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Wöhlergasse + false + + + + + 17232 + 905367 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Zelda-Kaplan-Weg + false + + + + + 17232 + 912782 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Zentralverschiebebahnhof + false + + + + + 17232 + 990547 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Zohmanngasse + false + + + + + 17232 + 905474 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Zur Spinnerin + false + + + + + 17232 + 905487 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Zwölfpfenniggasse + false + + + + + 17232 + 905502 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Zülowgasse + false + + + + + 17232 + 905572 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Zürcher Hof + false + + + + + 17232 + 914180 + + H + false + false + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienBezirkStrasseRequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienBezirkStrasseRequest.xml new file mode 100644 index 00000000..5e10d725 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienBezirkStrasseRequest.xml @@ -0,0 +1,59 @@ + + + + + + AT:B:xxx + + userid + full name + AT:B:xxx + Organisation + 3 + AT:B:112:PID:71923 + e@mail + + + + + + + + + + + + + GP_Abfragen + 786700000003031 + 0 + ZMR_VO_Adresssuche_im_GWR__6 + + + + 09999 + + ZMR3-GUI 1.2.36.2- + + + + ADRESSSUCHE + + + + Wien + 90001 + Wien,Favoriten + + Pal* + + + + + 17232 + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienBezirkStrasseResponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienBezirkStrasseResponse.xml new file mode 100644 index 00000000..f7f3a7c6 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienBezirkStrasseResponse.xml @@ -0,0 +1,92 @@ + + + + + + GP_Mindestsicherung + Mindestsicherung + 786700000003032 + 0 + + + ZMR-Server Version: 0.0 + 2021-05-27T10:58:33.454 + 8581910000014159 + + + + + ADRESSSUCHE + + + + Wien + 90001 + Wien,Favoriten + + Pal* + false + + + + 17232 + + H + false + false + + + + 30115 + Adresssuche durchgeführt, mehrere Treffer zur Auswahl. + + + Strassenname + 2 + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Palisagasse + false + + + + + 17232 + 903550 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + Paltramplatz + false + + + + + 17232 + 903556 + + H + false + false + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienRequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienRequest.xml new file mode 100644 index 00000000..aa32c91c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienRequest.xml @@ -0,0 +1,52 @@ + + + + + + AT:B:xxx + + userid + full name + AT:B:xxx + Organisation + 3 + AT:B:112:PID:71923 + e@mail + + + + + + + + + + + + + GP_Abfragen + ZMR_VO_Adresssuche_im_GWR__6 + + + + 09999 + + ZMR3-GUI 1.2.36.2- + + + + ADRESSSUCHE + + + + wien + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienResponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienResponse.xml new file mode 100644 index 00000000..8a246423 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienResponse.xml @@ -0,0 +1,478 @@ + + + + + + GP_Mindestsicherung + Mindestsicherung + 786700000003030 + 0 + + + ZMR-Server Version: 0.0 + 2021-05-27T10:53:35.703 + 8581910000014151 + + + + + ADRESSSUCHE + + + + wien + + H + false + false + + + + 30115 + Adresssuche durchgeführt, mehrere Treffer zur Auswahl. + + + Ortschaft + 23 + + + AUT + Österreich + Wien + 90001 + Wien,Alsergrund + + false + + + + + 17231 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Brigittenau + + false + + + + + 17242 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Donaustadt + + false + + + + + 17244 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Döbling + + false + + + + + 17241 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Favoriten + + false + + + + + 17232 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Floridsdorf + + false + + + + + 17243 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Hernals + + false + + + + + 17239 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Hietzing + + false + + + + + 17235 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Innere Stadt + + false + + + + + 17223 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Josefstadt + + false + + + + + 17230 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Landstraße + + false + + + + + 17225 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Leopoldstadt + + false + + + + + 17224 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Liesing + + false + + + + + 17245 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Margareten + + false + + + + + 17227 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Mariahilf + + false + + + + + 17228 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Meidling + + false + + + + + 17234 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Neubau + + false + + + + + 17229 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Ottakring + + false + + + + + 17238 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Penzing + + false + + + + + 17236 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Rudolfsheim-Fünfhaus + + false + + + + + 17237 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Simmering + + false + + + + + 17233 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Wieden + + false + + + + + 17226 + + H + false + false + + + + AUT + Österreich + Wien + 90001 + Wien,Währing + + false + + + + + 17240 + + H + false + false + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienStrasseAuswahlRequest.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienStrasseAuswahlRequest.xml new file mode 100644 index 00000000..f00859b6 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienStrasseAuswahlRequest.xml @@ -0,0 +1,60 @@ + + + + + + AT:B:xxx + + userid + full name + AT:B:xxx + Organisation + 3 + AT:B:112:PID:71923 + e@mail + + + + + + + + + + + + + GP_Abfragen + 786700000003032 + 0 + ZMR_VO_Adresssuche_im_GWR__6 + + + + 09999 + + ZMR3-GUI 1.2.36.2- + + + + ADRESSSUCHE + + + + Wien + 90001 + Wien,Favoriten + + Paltramplatz + + + + + 17232 + 903556 + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienStrasseAuswahlResponse.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienStrasseAuswahlResponse.xml new file mode 100644 index 00000000..359b6cbb --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/Muster/WienStrasseAuswahlResponse.xml @@ -0,0 +1,311 @@ + + + + + + GP_Mindestsicherung + Mindestsicherung + 786700000003033 + 0 + + + ZMR-Server Version: 0.0 + 2021-05-27T11:10:51.129 + 8581910000014163 + + + + + ADRESSSUCHE + + + + Wien + 90001 + Wien,Favoriten + + Paltramplatz + false + + + + 17232 + 903556 + + H + false + false + + + + 30115 + Adresssuche durchgeführt, mehrere Treffer zur Auswahl. + + + Orientierungsnummer + 10 + + + AUT + Österreich + 1100 + Wien + 90001 + Wien,Favoriten + + Paltramplatz + 1 + false + + 6823056 + + + + HXX1XXWXX + + 17232 + 903556 + + H + false + true + + + + AUT + Österreich + 1100 + Wien + 90001 + Wien,Favoriten + + Paltramplatz + 2 + false + + 6823057 + + + + HXX1XXWXX + + 17232 + 903556 + + H + false + true + + + + AUT + Österreich + 1100 + Wien + 90001 + Wien,Favoriten + + Paltramplatz + 3 + false + + 6823058 + + + + HXX1XXWXX + + 17232 + 903556 + + H + false + true + + + + AUT + Österreich + 1100 + Wien + 90001 + Wien,Favoriten + + Paltramplatz + 4 + false + + 6823059 + + + + HXX1XXWXX + + 17232 + 903556 + + H + false + true + + + + AUT + Österreich + 1100 + Wien + 90001 + Wien,Favoriten + + Paltramplatz + 5-6 + false + + 6823060 + + + + HXX1XXWXX + + 17232 + 903556 + + H + false + true + + + + AUT + Österreich + 1100 + Wien + 90001 + Wien,Favoriten + + Paltramplatz + 7 + false + + 6823061 + + + + HXX1XXWXX + + 17232 + 903556 + + I + false + true + + + + AUT + Österreich + 1100 + Wien + 90001 + Wien,Favoriten + + Paltramplatz + 8 + false + + 6823062 + + + + HXX1XXWXX + + 17232 + 903556 + + H + false + true + + + + AUT + Österreich + 1100 + Wien + 90001 + Wien,Favoriten + + Paltramplatz + 9 + false + + 6823063 + + + + HXX1XXWXX + + 17232 + 903556 + + I + false + true + + + + AUT + Österreich + 1100 + Wien + 90001 + Wien,Favoriten + + Paltramplatz + 10 + false + + 6823064 + + + + HXX1XXWXX + + 17232 + 903556 + + H + false + true + + + + AUT + Österreich + 1100 + Wien + 90001 + Wien,Favoriten + + Paltramplatz + 11 + false + + 6823065 + + + + HXX1XXWXX + + 17232 + 903556 + + I + false + true + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/wsdl/Messages.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/wsdl/Messages.xsd new file mode 100644 index 00000000..03b711f1 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/wsdl/Messages.xsd @@ -0,0 +1,50 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/wsdl/Service.wsdl b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/wsdl/Service.wsdl new file mode 100644 index 00000000..3dbeabc7 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/wsdl/Service.wsdl @@ -0,0 +1,62 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/wsdl/secext.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/wsdl/secext.xsd new file mode 100644 index 00000000..1005b12a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/wsdl/secext.xsd @@ -0,0 +1,150 @@ + + + + + + + This element defines header block to use for security-relevant data directed at a specific SOAP actor. + + + + + + + + The use of "any" is to allow extensibility and different forms of security data. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + A security token that is encoded in binary + + + + + + + + + + + + + + + + This element is used reference a security token. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/wsdl/secext_pvp.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/wsdl/secext_pvp.xsd new file mode 100644 index 00000000..24896b99 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/wsdl/secext_pvp.xsd @@ -0,0 +1,152 @@ + + + + + + + + This element defines header block to use for security-relevant data directed at a specific SOAP actor. + + + + + + + + + The use of "any" is to allow extensibility and different forms of security data. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + A security token that is encoded in binary + + + + + + + + + + + + + + + + This element is used reference a security token. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/allgemein/Messages.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/allgemein/Messages.xsd new file mode 100644 index 00000000..47dcda53 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/allgemein/Messages.xsd @@ -0,0 +1,27 @@ + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/allgemein/Service.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/allgemein/Service.xsd new file mode 100644 index 00000000..81cd3e80 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/allgemein/Service.xsd @@ -0,0 +1,40 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/AbfrageMuster.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/AbfrageMuster.xsd new file mode 100644 index 00000000..9430ade8 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/AbfrageMuster.xsd @@ -0,0 +1,140 @@ + + + + + + Daten zu einem Suchmuster (Ausdruck) + + + + + + + + + + + Dient zur Klammerung von Suchmuster-Ausdrücken. + Muss erst dann unterstützt werden, wenn eine Klammerung nötig wird. + + + + + + + + + + + + Eine Sucheinschränkung (= Einschränkung für ein Feld) + + + + + + + + + + + + Verknüpfung mit der nächsten Zeile (Default: AND) + + + + + + + + + + + + Mögliche Vergleichsoperatoren. + + + + + + + + + + + + + + + + + + + + + + + Daten zur Sortierung einer Abfrage + + + + + + + + + + Sortierungsschluessel einer Abfrage + + + + + + + + + + + + + + + + + + + + + + + + + + + + Daten zur Parametrisierung einer Abfrage + + + + + + + + + + Ein einzelner Abfrageparameter + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/AkademischerGradFelder.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/AkademischerGradFelder.xsd new file mode 100644 index 00000000..fc910841 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/AkademischerGradFelder.xsd @@ -0,0 +1,61 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/Blaettern.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/Blaettern.xsd new file mode 100644 index 00000000..5b556802 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/Blaettern.xsd @@ -0,0 +1,56 @@ + + + + + + + + + + Für Suchvorgänge, in deren Ergebnisliste geblättert werden kann, stellt dieser Request + eine generische Schnittstelle zum Blättern dar. Er wird mit demselben Vorgang-Namen in der + Workflowschnittstelle geschickt, wie der ursprüngliche Suche-Request. Als Ergebnis wird + das Suchergebnis des ensprechenden Suchvorgangs analog zur rsprünglichen Suche-Response geliefert. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/DokumentFelder.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/DokumentFelder.xsd new file mode 100644 index 00000000..270cb52a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/DokumentFelder.xsd @@ -0,0 +1,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/EingebundenProxy.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/EingebundenProxy.xsd new file mode 100644 index 00000000..450fad59 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/EingebundenProxy.xsd @@ -0,0 +1,28 @@ + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/Entity.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/Entity.xsd new file mode 100644 index 00000000..4ed61a4f --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/Entity.xsd @@ -0,0 +1,135 @@ + + + + + + + + + + Referenziert eine Entity in der Datenbank für Suchergebnisse + + + + + + + + + + + + + + + Referenziert eine Entity in der Datenbank für Aenderungen (immer die aktuellste, das heisst jüngstes 'Von') + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Die derzeit bekannten Organisationen sind strikt definiert (BehoerdenNr, GemeindeNr, KundenNr); + neue, noch nicht definierte Organiationen, können mittels eines (Orgtyp, OrgCode)-Paares übermittelt werden. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/InfoFachlich.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/InfoFachlich.xsd new file mode 100644 index 00000000..9bf8ceb0 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/InfoFachlich.xsd @@ -0,0 +1,103 @@ + + + + + + + + + + + + + + Letze-Änderung-Timestamp des Gesamt-Satzes (Jüngster Timestamp aller Entities im Satz), + Muss bei einem Änderungsvorgang als Letzte-Änderung-Timestamp geschickt werden. + + + + + + + + + + + + + + + + + + + + + + + + + + + + allgemeine fachliche Informationen + + + + + + + + + + + + + Bereichspezifische Bürgerkarten-Information einer Person + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/InfoTechnisch.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/InfoTechnisch.xsd new file mode 100644 index 00000000..567a91f0 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/InfoTechnisch.xsd @@ -0,0 +1,103 @@ + + + + + + + + + + + Technische Client-Informationen + + + + + + + Herstellername der Client-Software inklusive Version (Bsp.: ZMRHTMLClient V3.0) + + + + + + + + + + + + + + + + + + + + + Technische Server-Informationen + + + + + + Applikationsname und -version + + + + + Generierung Timestamp + + + + + Transaktionsnummer des Servers + + + + + + Enthält neue User-Information (wie z.B. Information über Wartungarbeiten am ZMR) + Diese Info kann dem User am Bildschirm angezeigt werden. + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/MeldungFelder.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/MeldungFelder.xsd new file mode 100644 index 00000000..7a9feda1 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/MeldungFelder.xsd @@ -0,0 +1,283 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/PersonDataZMR.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/PersonDataZMR.xsd new file mode 100644 index 00000000..8a05c612 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/PersonDataZMR.xsd @@ -0,0 +1,741 @@ + + + + + + + This version of person deploys only global elements. All types derived from abstract types have been replaced by substitution groups + + + + + unique identification entities + + + + + unique identifier + + + + + actual value of the identifier. + + + + + type of value (eg 'ZMR', 'SV-Nummer', 'Martrikelnummer', database identification, ...) + + + + + zusätzliche felder + + + + + + + + + Personendatenstruktur + + + + + + + + + + + + + + element of physical person type + + + + + element of person type + + + + + + main structure of person data + + + + + unique identification entities + + + + + + + + + + physical person + + + + + + + + + + + + + + + + + any additional properties + + + + + + + + + + Former name, Artist name, changes of Given name ... type of name is given as attribute - choose from list or define new type + + + + + + + + + + + + + + + + + + + + known types of alternative names + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + simple type for dates (union), which may omit day and/or month + + + + + + + + simple type for dates (union), which may omit day and/or month + + + + + + + + + simple type for marital status of a person + + + + + + + + + + + + + + + + + + + + simple type for sex (gender) of person + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + any additional properties + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Post oder ZMR Adresse, entspricht PostalAddress + + + + + main structure of address data + + + + + unique identification entities + + + + + + + + + postal address + + + + + + + + + + + + + + + + + + + any additional properties + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Entspricht InternetAddress + + + + + Container für Telefonnummern, entspricht TelephoneAddress + + + + + + internet based communication + + + + + + + certificate for secure communication + + + + + eURI: mail-Adresse, Web, FTP, LDAP, ..., entspricht Address + + + + + + + + + + + any additional properties + + + + + + + + + + phone numbers + + + + + + + type of phononumber - category (eg 'Festnetz', 'Mobile', 'fax', ...) + + + + + + + + + + + + phonenumber + + + + + any additional properties + + + + + + + + + + + + + + + + + + + + + + + + + + + entspricht InternationalCountryCode + + + + + entspricht NationalNumber + + + + + entspricht AreaCityCode + + + + + entspricht SubscriberNumber + + + + + + + + + + + + + + entspricht Extension + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + entspricht Region + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/PersonExport.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/PersonExport.xsd new file mode 100644 index 00000000..ae0b5712 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/PersonExport.xsd @@ -0,0 +1,107 @@ + + + + + + Definiert allgemein nutzbare Export-Schnittstelle um eine Liste von Personen abzubilden. + + + + + + Root-Element des Personenexports. + + + + + + Root-Element des Personenexports. + + + + + + + + + + + + + + + + Gruppiert nach Personen werden alle Elemente in dieser + Liste abgebildet. + + + + + + + + + Dieser Type beinhaltet alle Elemente die zu einer Person gehören. + + + + + + + + Diese Liste beinhaltet alle Sätze die zu einer + Person gehören. Unabhängig von der Tabelle oder + Strang-Historie. + Fehlt die Liste, ist die Entity zu löschen. + + + + + + + + + + Dieser Type beinhaltet alle Elemente die sich auf einen Eintrag + in einer beliebigen Tabelle beziehen. + + + + + + + + + + + + + + + + + + + + + Generiersche Name/Wert-Paare für Export + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/PersonFelder.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/PersonFelder.xsd new file mode 100644 index 00000000..0a80e0de --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/PersonFelder.xsd @@ -0,0 +1,70 @@ + + + + + + + + Personendaten-Felder + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + simple type for dates (union), which may omit day and/or month + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/SimpleTypes.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/SimpleTypes.xsd new file mode 100644 index 00000000..fb02488d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/SimpleTypes.xsd @@ -0,0 +1,173 @@ + + + + + + + + IntegerType: nicht negativer Integer mit Maximalwert 2^31-1 (Beschränkung durch Datenbank) + + + + + + + + + DatumType: Format richtet sich nach xsd:date, '00' bei Monat und Tag erlaubt + + + + + + + + + + TimestampType: Format richtet sich nach xsd:dateTime, Angabe der Millisekunden ist Pflicht, Zeitzone nicht erlaubt + + + + + + + + + IDs + + + + + + + Entity-IDs (können auch alphanumerisch sein, z.B. alte edvzahlen) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/W3C-XMLDSig.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/W3C-XMLDSig.xsd new file mode 100644 index 00000000..3745c774 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/W3C-XMLDSig.xsd @@ -0,0 +1,274 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/Workflow.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/Workflow.xsd new file mode 100644 index 00000000..ce300b0e --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/eingebunden/Workflow.xsd @@ -0,0 +1,200 @@ + + + + + + + + + + + Workflowinformationen des Clients + + + + + + + + Wenn der Geschäftsprozess aus mehreren Vorgängen besteht, + müssen die ProzessinstanzID und SequenzID aus der letzten + Server-Response vom Client geschickt werden. + Beim ersten Vorgang eines neuen Geschäftsprozesses dürfen die beiden + Felder nicht geschickt werden. + Bei Beginn einen neuen Geschäftsprozesses SOLLTE die InstanzID des letztzen + Prozesses als VerlassenerProzessInstanzID mitgeschickt werden + + + + + + + + + + + + + + Workflowinformationen des Servers + + + + + + Der Prozessname dient zur technischen Identifikation des Prozesses, der ProzessAnzeigeName + kann zur Anzeige auf der Benutzeroberfläche verwendet werden. + + + + + + + + + + + + + + + + + Der VorgangName dient zur technischen Identifikation des Vorgangs, der VorgangAnzeigeName + kann zur Anzeige auf der Benutzeroberfläche verwendet werden. + Die Elemente VorgangRestriction und VorgangConditions werden in näherer Zukunft nicht implementiert + und können ignoriert werden (werden nicht befüllt). + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + regionale Restriktion, die fuer den Vorgang gilt (z.B. Gemeindenummer, fuer die Personen angemeldet werden duerfen. + + + + + + + + + + + + + Liste von Bedingungen, unter denen das Item aktiv wird. + + + + + + Liste von alternativen Voraussetzungen (ODER) für die Anwählbarkeit der Activity. Ein Eintrag repräsentiert eine Reihe von Objekten, die im Suchergebnis ausgewählt sein müssen (UND). + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/zmr/Adresssuche.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/zmr/Adresssuche.xsd new file mode 100644 index 00000000..4952ff44 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/zmr/Adresssuche.xsd @@ -0,0 +1,128 @@ + + + + + + + + + + + Suchdaten für die STATA - Adresssuche im ZMR + + + + + + + + + + + + Anfragedaten, sowie Suchergebnis oder Text-Meldung (falls nichts gefunden) + + + + + + + + + + + + + + + + + + + + + + + + + Fachliche Informationen zur Adresssuche + + + + + + + + + + + + + + + + + + + + Gibt der Detailgrad der Adressen im Suchergebnis an + + + + + + + + + + + + + + + + Gesamtanzahl der gefundenen Sätze + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/zmr/ZMRProxy.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/zmr/ZMRProxy.xsd new file mode 100644 index 00000000..a29b2b92 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/wsdl/addresssearching_client/xsd/zmr/ZMRProxy.xsd @@ -0,0 +1,33 @@ + + + + + + + + -- cgit v1.2.3