From 58b3c1c2d7a27775af8c0b7c9d12dea08aa575fa Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Tue, 19 Jan 2021 10:37:45 +0100
Subject: build 'requesterId' for private-sector SP's based on hashed unique
 AppIds set 'requesterId' and 'providerName' to static value for any type of
 SP

---
 .../test/tasks/GenerateAuthnRequestTaskTest.java   | 148 ++++++++++++++++++++-
 .../EidasRequestPreProcessingFirstTest.java        |   3 +-
 .../EidasRequestPreProcessingSecondTest.java       |  48 +++++++
 3 files changed, 196 insertions(+), 3 deletions(-)

(limited to 'eidas_modules/authmodule-eIDAS-v2/src/test/java/at')

diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
index c416b515..f796bd86 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
@@ -83,6 +83,7 @@ public class GenerateAuthnRequestTaskTest {
     pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue());
     pendingReq.setAuthUrl("http://test.com/");
 
+    basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm", "true");
     basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.entityId", 
         RandomStringUtils.randomAlphabetic(10));
     basicConfig.putConfigValue(
@@ -297,7 +298,7 @@ public class GenerateAuthnRequestTaskTest {
     basicConfig.putConfigValue(
         "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
     basicConfig.putConfigValue(
-        "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true");
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderNames", "true");
     basicConfig.putConfigValue(
         "eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs", "myNode");
     
@@ -365,6 +366,101 @@ public class GenerateAuthnRequestTaskTest {
     
   }
   
+  @Test
+  public void publicSpWithCountryLu() throws TaskExecutionException,
+      SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException {
+    //set-up test
+    executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU");
+    executionContext.put("selectedEnvironment", "prod");
+    
+    String providerName = RandomStringUtils.randomAlphanumeric(10);
+    pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+            
+    basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
+            
+    String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);    
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
+    
+    //execute test
+    task.execute(pendingReq, executionContext);
+        
+    //validate state
+    Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus());
+    Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location"));
+    Assert.assertTrue("Wrong redirect endpoint", 
+        ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint));
+        
+    
+    final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
+
+    Assert.assertEquals("PrividerName", "myNode", eidasReq.getProviderName());
+    Assert.assertEquals("RequesterId found", "myNode", eidasReq.getRequesterId());
+    Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType());
+    Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH, 
+        eidasReq.getLevelOfAssurance());
+    
+    Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size());
+    
+  }
+  
+  @Test
+  public void privateSpWithCountryLu() throws TaskExecutionException,
+      SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException {
+    //set-up test
+    executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU");
+    executionContext.put("selectedEnvironment", "prod");
+    
+    String providerName = RandomStringUtils.randomAlphanumeric(10);
+    String requesterId = RandomStringUtils.randomAlphanumeric(10);
+    pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+    pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, requesterId);
+    
+    spConfig.put("target", 
+        EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6));
+            
+    basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true");
+            
+    String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);    
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
+    
+    //execute test
+    task.execute(pendingReq, executionContext);
+        
+    //validate state
+    Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus());
+    Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location"));
+    Assert.assertTrue("Wrong redirect endpoint", 
+        ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint));
+        
+    
+    final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
+
+    Assert.assertEquals("PrividerName", "myNode", eidasReq.getProviderName());
+    Assert.assertEquals("RequesterId", "myNode", eidasReq.getRequesterId());
+    Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType());
+    Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH, 
+        eidasReq.getLevelOfAssurance());
+    
+    Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size());
+    
+  }
+  
   @Test
   public void withEidasNodePostReqNotValidTemplate() throws TaskExecutionException,
       SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException {
@@ -409,6 +505,53 @@ public class GenerateAuthnRequestTaskTest {
         EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6));
     String providerName = RandomStringUtils.randomAlphanumeric(10);
     pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+    pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, "http://junit.sp");
+
+    basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false");
+    
+    String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);    
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
+        
+    
+    //perform test
+    task.execute(pendingReq, executionContext);
+    
+    //validate state
+    Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus());
+    Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location"));
+    Assert.assertTrue("Wrong redirect endpoint", 
+        ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint));
+    
+
+    final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
+
+    Assert.assertEquals("PrividerName", providerName, eidasReq.getProviderName());
+    Assert.assertEquals("RequesterId", "Wr8LrrVf5SYneblOlZdZNaLQQCCgzklfKQvyeZjBx10=", eidasReq.getRequesterId());
+    Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType());
+    Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance());
+    
+  }
+  
+  @Test
+  public void privateSPWithoutRequestIdHashing() throws TaskExecutionException,
+      SpecificCommunicationException, EaafStorageException {
+    //set-up test
+    executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC");
+    spConfig.put("target", 
+        EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6));
+    String providerName = RandomStringUtils.randomAlphanumeric(10);
+    String requesterId = RandomStringUtils.randomAlphanumeric(10);
+    pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+    pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, requesterId);
 
     basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
     basicConfig.putConfigValue(
@@ -417,6 +560,7 @@ public class GenerateAuthnRequestTaskTest {
         "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
     basicConfig.putConfigValue(
         "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false");
+    basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm", "false");
     
     String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
     basicConfig.putConfigValue(
@@ -438,7 +582,7 @@ public class GenerateAuthnRequestTaskTest {
     final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
 
     Assert.assertEquals("PrividerName", providerName, eidasReq.getProviderName());
-    Assert.assertEquals("RequesterId", providerName, eidasReq.getRequesterId());
+    Assert.assertEquals("RequesterId", requesterId, eidasReq.getRequesterId());
     Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType());
     Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance());
     
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
index d0ab50f4..7ac41500 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
@@ -146,9 +146,10 @@ public class EidasRequestPreProcessingFirstTest {
 
     Assert.assertEquals("ProviderName is not Static",
         Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, lightReq.getProviderName());
+    Assert.assertNotSame("RequesterId was set", lightReq.getRequesterId());
     Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
     Assert.assertEquals("Requested attribute size not match", 8, lightReq.getRequestedAttributes().size());
 
   }
-
+    
 }
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
index c44e803b..4a03fac1 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
@@ -86,6 +86,9 @@ public class EidasRequestPreProcessingSecondTest {
     authnRequestBuilder.issuer("Test");
     authnRequestBuilder.levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH);
 
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "true");
+    
   }
 
   @Test
@@ -106,4 +109,49 @@ public class EidasRequestPreProcessingSecondTest {
 
   }
 
+
+  /*
+   * Set ProviderName according to general configuration
+   */
+  @Test
+  public void prePreProcessLuPublicSpWithoutRequestId() throws EidPostProcessingException {
+
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "false");
+    
+    final String testCountry = "LU";
+    authnRequestBuilder.citizenCountryCode(testCountry);
+    preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
+
+    final LightRequest lightReq = authnRequestBuilder.build();
+
+    Assert.assertEquals("ProviderName is not Static", "myNode", lightReq.getProviderName());
+    Assert.assertNull("RequesterId", lightReq.getRequesterId());
+    Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
+    Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size());
+
+  }
+  
+  /* 
+   * Always set requesterId and providername in case of country LU
+   */
+  @Test
+  public void prePreProcessLuPublicSpWithStaticRequesterId() throws EidPostProcessingException {
+
+    
+    final String testCountry = "LU";
+    authnRequestBuilder.citizenCountryCode(testCountry);
+    preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
+
+    final LightRequest lightReq = authnRequestBuilder.build();
+
+    Assert.assertEquals("ProviderName is not Static",
+        "myNode", lightReq.getProviderName());
+    Assert.assertEquals("RequesterId is not Static",
+        "myNode", lightReq.getRequesterId());
+    Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
+    Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size());
+
+  }
+  
 }
-- 
cgit v1.2.3


From 07318e70ea3a9d25ca945c391820149183c61ca0 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Mon, 8 Feb 2021 18:47:34 +0100
Subject: add Binding Public-Key into technical AuthBlock in case of an ID
 Austria process

---
 .../verification/AuthnRequestValidator.java        | 114 +++++++++++++--------
 .../test/utils/AuthnRequestValidatorTest.java      |   5 +
 connector/src/test/resources/data/pvp2_authn_3.xml |   3 +
 .../specific/connector/MsEidasNodeConstants.java   |   3 +
 .../eidas/v2/service/AuthBlockSigningService.java  |  12 +++
 .../tasks/CreateIdentityLinkTaskEidNewTest.java    |  25 ++++-
 6 files changed, 116 insertions(+), 46 deletions(-)

(limited to 'eidas_modules/authmodule-eIDAS-v2/src/test/java/at')

diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
index a9eb06be..881eeb8a 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
@@ -75,7 +75,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
       if (nameIdPolicy != null) {
         final String nameIdFormat = nameIdPolicy.getFormat();
         if (nameIdFormat != null) {
-          if (!(NameIDType.TRANSIENT.equals(nameIdFormat) 
+          if (!(NameIDType.TRANSIENT.equals(nameIdFormat)
               || NameIDType.PERSISTENT.equals(nameIdFormat))) {
 
             throw new NameIdFormatNotSupportedException(nameIdFormat);
@@ -114,10 +114,10 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
       // post-process requested LoA comparison-level
       pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setLoAMachtingMode(
           extractComparisonLevel(authnReq));
-      
-      //extract information from requested attributes
+
+      // extract information from requested attributes
       extractFromRequestedAttriutes(pendingReq, authnReq);
-      
+
     } catch (final EaafStorageException e) {
       log.info("Can NOT store Authn. Req. data into pendingRequest.", e);
       throw new AuthnRequestValidatorException("internal.02", null, e);
@@ -126,14 +126,14 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
 
   }
 
-  private void extractFromRequestedAttriutes(IRequest pendingReq, AuthnRequest authnReq) 
-      throws AuthnRequestValidatorException {
+  private void extractFromRequestedAttriutes(IRequest pendingReq, AuthnRequest authnReq)
+      throws AuthnRequestValidatorException, EaafStorageException {
     // validate and process requested attributes
     boolean sectorDetected = false;
-    
+
     final ServiceProviderConfiguration spConfig = pendingReq.getServiceProviderConfiguration(
         ServiceProviderConfiguration.class);
-    
+
     if (authnReq.getExtensions() != null) {
       final List<XMLObject> requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects();
       for (final XMLObject reqAttrObj : requestedAttributes) {
@@ -143,77 +143,101 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
             for (final EaafRequestedAttribute el : reqAttr.getAttributes()) {
               log.trace("Processing req. attribute '" + el.getName() + "' ... ");
               if (el.getName().equals(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
-                sectorDetected = extractBpkTargetIdentifier(el, spConfig); 
-               
+                sectorDetected = extractBpkTargetIdentifier(el, spConfig);
+
               } else if (el.getName().equals(ExtendedPvpAttributeDefinitions.EID_TRANSACTION_ID_NAME)) {
                 extractUniqueTransactionId(el, pendingReq);
-                
+
+              } else if (el.getName().equals(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME)) {
+                extractBindingPublicKey(el, pendingReq);
+
               } else {
                 log.debug("Ignore req. attribute: " + el.getName());
-                
+
               }
             }
 
           } else {
             log.debug("No requested Attributes in Authn. Request");
-            
+
           }
 
         } else {
           log.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString());
-          
+
         }
       }
     }
-    
+
     if (!sectorDetected) {
       log.warn("Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information.");
       throw new AuthnRequestValidatorException("pvp2.22", new Object[] {
           "NO or NO VALID target-sector information" });
 
     }
-    
+
+  }
+
+  private void extractBindingPublicKey(EaafRequestedAttribute el, IRequest pendingReq)
+      throws EaafStorageException {
+    if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
+      final String bindingPubKey = el.getAttributeValues().get(0).getDOM().getTextContent();
+      pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey);
+      log.info("Find Binding Public-Key. eIDAS authentication will be used to create an ID Austria Binding");
+
+    } else {
+      log.warn(
+          "Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute",
+          el.getName());
+
+    }
   }
 
   /**
    * Extract unique transactionId from AuthnRequest.
-   * 
-   * @param el Requested attribute from AuthnRequest
-   * @param pendingReq Current pendingRequest object (has to be of type {@link RequestImpl})
-   * @return <code>true</code> if transactionId extraction was successful, otherwise <code>false</code>
+   *
+   * @param el         Requested attribute from AuthnRequest
+   * @param pendingReq Current pendingRequest object (has to be of type
+   *                   {@link RequestImpl})
+   * @return <code>true</code> if transactionId extraction was successful,
+   *         otherwise <code>false</code>
    */
   private boolean extractUniqueTransactionId(EaafRequestedAttribute el, IRequest pendingReq) {
     if (!(pendingReq instanceof RequestImpl)) {
-      log.warn("Can NOT set unique transactionId from AuthnRequest,because 'PendingRequest' is NOT from Type: {}",
+      log.warn(
+          "Can NOT set unique transactionId from AuthnRequest,because 'PendingRequest' is NOT from Type: {}",
           RequestImpl.class.getName());
-      
-    } else {        
+
+    } else {
       if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
-        final String transactionId = el.getAttributeValues().get(0).getDOM().getTextContent();      
-        ((RequestImpl)pendingReq).setUniqueTransactionIdentifier(transactionId);      
+        final String transactionId = el.getAttributeValues().get(0).getDOM().getTextContent();
+        ((RequestImpl) pendingReq).setUniqueTransactionIdentifier(transactionId);
         return true;
 
       } else {
-        log.warn("Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute", 
+        log.warn(
+            "Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute",
             el.getName());
-        
+
       }
-      
+
     }
-    
+
     return false;
   }
 
   /**
    * Extract the bPK target from requested attribute.
-   * 
-   * @param el Requested attribute from AuthnRequest
+   *
+   * @param el       Requested attribute from AuthnRequest
    * @param spConfig Service-Provider configuration for current process
-   * @return <code>true</code> if bPK target extraction was successful, otherwise <code>false</code>
+   * @return <code>true</code> if bPK target extraction was successful, otherwise
+   *         <code>false</code>
    */
-  private boolean extractBpkTargetIdentifier(EaafRequestedAttribute el, ServiceProviderConfiguration spConfig) {        
+  private boolean extractBpkTargetIdentifier(EaafRequestedAttribute el,
+      ServiceProviderConfiguration spConfig) {
     if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
-      final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent();      
+      final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent();
       try {
         spConfig.setBpkTargetIdentifier(sectorId);
         return true;
@@ -227,16 +251,16 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
       log.warn("Req. attribute '" + el.getName()
           + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute");
     }
-    
+
     return false;
-    
+
   }
-  
-  private void postprocessLoaLevel(IRequest pendingReq, AuthnRequest authnReq) 
+
+  private void postprocessLoaLevel(IRequest pendingReq, AuthnRequest authnReq)
       throws AuthnRequestValidatorException {
     final List<String> reqLoA = extractLoA(authnReq);
-    log.trace("SP requests LoA with: {}", String.join(", ",reqLoA));
-    
+    log.trace("SP requests LoA with: {}", String.join(", ", reqLoA));
+
     LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration(
         MsEidasNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL,
         EaafConstants.EIDAS_LOA_HIGH));
@@ -246,15 +270,15 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
       minimumLoAFromConfig = LevelOfAssurance.HIGH;
 
     }
-          
+
     log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...",
-        minimumLoAFromConfig);      
+        minimumLoAFromConfig);
     final List<String> allowedLoA = new ArrayList<>();
     for (final String loa : reqLoA) {
       try {
         final LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa);
         String selectedLoA = EaafConstants.EIDAS_LOA_HIGH;
-        if (intLoa != null 
+        if (intLoa != null
             && intLoa.numericValue() <= minimumLoAFromConfig.numericValue()) {
           log.info("Client: {} requested LoA: {} will be upgraded to: {}",
               pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(),
@@ -281,7 +305,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
 
     pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA(
         allowedLoA);
-    
+
   }
 
   private String extractComparisonLevel(AuthnRequest authnReq) {
@@ -335,7 +359,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
   private String extractScopeRequsterId(AuthnRequest authnReq) {
     if (authnReq.getScoping() != null) {
       final Scoping scoping = authnReq.getScoping();
-      if (scoping.getRequesterIDs() != null 
+      if (scoping.getRequesterIDs() != null
           && scoping.getRequesterIDs().size() > 0) {
         if (scoping.getRequesterIDs().size() == 1) {
           return scoping.getRequesterIDs().get(0).getRequesterID();
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java
index 9aafb4b6..c57515a0 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java
@@ -214,6 +214,11 @@ public class AuthnRequestValidatorTest {
         
     Assert.assertEquals("wrong transactionId", "transId_11223344556677aabbcc", 
         pendingReq.getUniqueTransactionIdentifier());
+   
+    Assert.assertEquals("wrong binding pubkey", "binding_pubKey_1144225247125dsfasfasdf", 
+        pendingReq.getRawData(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, String.class));
+    
+    
     
   }
   
diff --git a/connector/src/test/resources/data/pvp2_authn_3.xml b/connector/src/test/resources/data/pvp2_authn_3.xml
index 35e49b0f..5352c441 100644
--- a/connector/src/test/resources/data/pvp2_authn_3.xml
+++ b/connector/src/test/resources/data/pvp2_authn_3.xml
@@ -31,6 +31,9 @@
       <eid:RequestedAttribute FriendlyName="transactionId" Name="urn:eidgvat:attributes.transactionId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
         <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">transId_11223344556677aabbcc</eid:AttributeValue>
       </eid:RequestedAttribute>
+      <eid:RequestedAttribute FriendlyName="Binding-PublicKey" Name="urn:eidgvat:attributes.binding.pubkey" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+        <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">binding_pubKey_1144225247125dsfasfasdf</eid:AttributeValue>
+      </eid:RequestedAttribute>
     </eid:RequestedAttributes>
   </saml2p:Extensions>
   <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java
index 133f104d..027d0832 100644
--- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java
+++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java
@@ -169,6 +169,9 @@ public class MsEidasNodeConstants {
   public static final List<String> COUNTRY_SELECTION_PARAM_WHITELIST =
       Arrays.asList(REQ_PARAM_SELECTED_COUNTRY, REQ_PARAM_SELECTED_ENVIRONMENT);
 
+  
+  public static final String EID_BINDING_PUBLIC_KEY_NAME = "urn:eidgvat:attributes.binding.pubkey";
+  
   private MsEidasNodeConstants() {
     //hidden Constructor for class with static values only.
   }
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
index 234d52dd..a2af4342 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
@@ -18,6 +18,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import com.fasterxml.jackson.annotation.JsonFormat;
+import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -81,6 +82,14 @@ public class AuthBlockSigningService {
     authBlock.setTimestamp(LocalDateTime.now().truncatedTo(ChronoUnit.SECONDS));
     authBlock.setUniqueId(pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class)); 
     authBlock.setPiiTransactionId(pendingReq.getUniquePiiTransactionIdentifier());
+    
+    //set Binding PublicKey if available
+    Object bindingPubKey = pendingReq.getRawData(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME);
+    if (bindingPubKey instanceof String) {
+      authBlock.setBindingPublicKey((String) bindingPubKey);
+      
+    }
+    
     String jwsPayload = mapper.writeValueAsString(authBlock);
     log.debug("Building and sign authBlock with data: {}", jwsPayload);
     
@@ -172,6 +181,7 @@ public class AuthBlockSigningService {
    *
    */
   @Data
+  @JsonInclude(JsonInclude.Include.NON_NULL)
   private static class EidasAuchBlock {
 
     @JsonProperty("challenge")
@@ -189,6 +199,8 @@ public class AuthBlockSigningService {
     @JsonProperty("piiTransactionId")
     private String piiTransactionId;
     
+    @JsonProperty("bindingPublicKey")
+    private String bindingPublicKey;
     
   }
 
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
index 2e6790c5..0621081a 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -221,6 +221,7 @@ public class CreateIdentityLinkTaskEidNewTest {
     Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText());    
     Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty());
     Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty());
+    Assert.assertFalse("binding pubKey", authBlockJson.has("bindingPublicKey"));
     
     
     // check vsz request
@@ -312,9 +313,11 @@ public class CreateIdentityLinkTaskEidNewTest {
     signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10));
     signContentResp.getOut().add(signContentEntry);
     when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp);
-
+    
     String randomTestSp = RandomStringUtils.randomAlphabetic(10);
+    String bindingPubKey = RandomStringUtils.randomAlphabetic(10);
     pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp);
+    pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey);
     
     //perform test
     task.execute(pendingReq, executionContext);
@@ -329,8 +332,28 @@ public class CreateIdentityLinkTaskEidNewTest {
     Assert.assertNotNull("AuthProcessData", authProcessData);
     Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class));
 
+    // check authblock signature
     String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class);
     Assert.assertNotNull("AuthBlock", authBlock);
+    final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT,
+        BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()]));
+    Pair<KeyStore, Provider> keyStore = getKeyStore();
+    X509Certificate[] trustedCerts = EaafKeyStoreUtils
+        .getPrivateKeyAndCertificates(keyStore.getFirst(), ALIAS, PW.toCharArray(), true, "junit").getSecond();
+    JwsResult result = JoseUtils.validateSignature(authBlock, Arrays.asList(trustedCerts), constraints);
+    Assert.assertTrue("AuthBlock not valid", result.isValid());        
+    JsonNode authBlockJson = mapper.readTree(result.getPayLoad());    
+    Assert.assertNotNull("deserialized AuthBlock", authBlockJson);
+    
+    Assert.assertNotNull("no piiTransactionId in pendingRequesdt", 
+        storedPendingReq.getUniquePiiTransactionIdentifier());
+    Assert.assertEquals("piiTransactionId", storedPendingReq.getUniquePiiTransactionIdentifier(), 
+        authBlockJson.get("piiTransactionId").asText());
+    Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText());    
+    Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty());
+    Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty());
+    Assert.assertTrue("binding pubKey", authBlockJson.has("bindingPublicKey"));
+    Assert.assertEquals("binding PubKey", bindingPubKey, authBlockJson.get("bindingPublicKey").asText());
     
     Assert.assertTrue("EID process", authProcessData.isEidProcess());
     Assert.assertTrue("foreigner process", authProcessData.isForeigner());
-- 
cgit v1.2.3


From c5c6344931f67ccaba335ffa476b5e8117948020 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Wed, 10 Mar 2021 12:25:10 +0100
Subject: switch to EAAF-components 1.1.13-SNAPSHOT to add
 EID-IDENTITY-STATUS-LEVEL attribute into SAML2 response

---
 basicConfig/default_config.properties              |   2 ++
 .../builder/AuthenticationDataBuilder.java         |  26 +++++++++++-----
 .../src/main/resources/application.properties      |   2 ++
 .../resources/specific_eIDAS_connector.beans.xml   |   6 ++++
 .../connector/test/FullStartUpAndProcessTest.java  |   7 +++--
 .../ProcessEngineSignalControllerTest.java         |   2 +-
 .../test/utils/AuthenticationDataBuilderTest.java  |  16 +++++++++-
 .../data/metadata_valid_without_encryption.xml     |   1 +
 .../spring/SpringTest_connector.beans.xml          |   6 ++++
 .../specific/modules/auth/eidas/v2/Constants.java  |   2 ++
 .../eidas/v2/tasks/ReceiveAuthnResponseTask.java   |   9 ++++--
 .../test/tasks/ReceiveEidasResponseTaskTest.java   |  34 +++++++++++++++++++--
 infos/handbook-work_in_progress.docx               | Bin 44486 -> 44445 bytes
 pom.xml                                            |   2 +-
 14 files changed, 98 insertions(+), 17 deletions(-)

(limited to 'eidas_modules/authmodule-eIDAS-v2/src/test/java/at')

diff --git a/basicConfig/default_config.properties b/basicConfig/default_config.properties
index 725fac7c..2ea12b17 100644
--- a/basicConfig/default_config.properties
+++ b/basicConfig/default_config.properties
@@ -18,6 +18,8 @@ eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret
 
 
 ## eIDAS Ref. Implementation connector ###
+eidas.ms.auth.eIDAS.eid.testidentity.default=false
+
 eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector
 eidas.ms.auth.eIDAS.node_v2.forward.endpoint=
 
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java
index c41660ce..3a93c1b8 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java
@@ -30,6 +30,7 @@ import org.springframework.stereotype.Service;
 import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
@@ -37,8 +38,9 @@ import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
 import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
 import lombok.extern.slf4j.Slf4j;
 
 @Service("AuthenticationDataBuilder")
@@ -47,9 +49,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
   
   @Override
   protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException {        
-    final IAuthProcessDataContainer authProcessData =
-        pendingReq.getSessionData(AuthProcessDataWrapper.class);    
-    AuthenticationData authData = new AuthenticationData();
+    final EidAuthProcessDataWrapper authProcessData =
+        pendingReq.getSessionData(EidAuthProcessDataWrapper.class);    
+    EidAuthenticationData authData = new EidAuthenticationData();
     
     //set basis infos
     super.generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData);
@@ -58,6 +60,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
     authData.setSsoSessionValidTo(
         new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
     
+    authData.setEidStatus(authProcessData.isTestIdentity() 
+        ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY);
+    
     return authData;
 
   }
@@ -65,16 +70,21 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
   @Override
   protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) 
       throws EaafException {
-    if (authData instanceof AuthenticationData) {
-      ((AuthenticationData)authData).setGenericData(
+    if (authData instanceof EidAuthenticationData) {
+      ((EidAuthenticationData)authData).setGenericData(
           ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, 
           pendingReq.getUniquePiiTransactionIdentifier());
       log.trace("Inject piiTransactionId: {} into AuthData", pendingReq.getUniquePiiTransactionIdentifier());
     
       // set specific informations
-      ((AuthenticationData)authData).setSsoSessionValidTo(
+      ((EidAuthenticationData)authData).setSsoSessionValidTo(
           new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
 
+      //set E-ID status-level
+      final EidAuthProcessDataWrapper authProcessData =
+          pendingReq.getSessionData(EidAuthProcessDataWrapper.class);        
+      ((EidAuthenticationData)authData).setEidStatus(authProcessData.isTestIdentity() 
+          ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY);
       
     } else {
       throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: " 
@@ -86,7 +96,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 
   @Override
   protected IAuthData getAuthDataInstance(IRequest arg0) throws EaafException {
-    return new AuthenticationData();
+    return new EidAuthenticationData();
 
   }
 
diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties
index 9a4ae54f..2411fde3 100644
--- a/connector/src/main/resources/application.properties
+++ b/connector/src/main/resources/application.properties
@@ -48,6 +48,8 @@ eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256
 
 ## eIDAS Ref. Implementation connector ###
 eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector
+eidas.ms.auth.eIDAS.eid.testidentity.default=false
+
 #eidas.ms.auth.eIDAS.node_v2.forward.endpoint=
 eidas.ms.auth.eIDAS.node_v2.forward.method=POST
 eidas.ms.auth.eIDAS.node_v2.countrycode=AT
diff --git a/connector/src/main/resources/specific_eIDAS_connector.beans.xml b/connector/src/main/resources/specific_eIDAS_connector.beans.xml
index f6fdeefe..0f8511d5 100644
--- a/connector/src/main/resources/specific_eIDAS_connector.beans.xml
+++ b/connector/src/main/resources/specific_eIDAS_connector.beans.xml
@@ -49,6 +49,9 @@
     <property name="pvpIdpCredentials">
       <ref bean="PVPEndPointCredentialProvider" />
     </property>
+    <property name="metadataProvider">
+      <ref bean="PVPMetadataProvider" />
+    </property>   
   </bean>
 
   <bean id="AuthnRequestValidator"
@@ -69,6 +72,9 @@
     <property name="pvpIdpCredentials">
       <ref bean="PVPEndPointCredentialProvider" />
     </property>
+    <property name="metadataProvider">
+      <ref bean="PVPMetadataProvider" />
+    </property>     
   </bean>
 
   <bean id="eaafProtocolAuthenticationService"
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
index fcb0e73a..f50829c7 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
@@ -62,6 +62,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
 import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController;
 import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
@@ -99,7 +100,7 @@ import szrservices.SignContentResponseType;
 @ActiveProfiles(profiles = {"JUNIT", "jUnitTestMode"})
 public class FullStartUpAndProcessTest {
 
-  private static final String FINAL_REDIRECT = "http://localhost/finalizeAuthProtocol?pendingid=";
+  private static final String FINAL_REDIRECT = "http://localhost/public/secure/finalizeAuthProtocol?pendingid=";
   
   @Autowired private WebApplicationContext wac;
   @Autowired private PvpEndPointCredentialProvider credentialProvider;
@@ -379,7 +380,7 @@ public class FullStartUpAndProcessTest {
     Assert.assertEquals("SAML2 status", Constants.SUCCESS_URI, saml2.getStatus().getStatusCode().getValue());
     
     final AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(saml2);
-    Assert.assertEquals("wrong resp attr. size", 6, extractor.getAllIncludeAttributeNames().size());
+    Assert.assertEquals("wrong resp attr. size", 7, extractor.getAllIncludeAttributeNames().size());
     Assert.assertEquals("Wrong attr: LoA ", "http://eidas.europa.eu/LoA/high", 
         extractor.getSingleAttributeValue("urn:oid:1.2.40.0.10.2.1.1.261.108"));
     Assert.assertEquals("Wrong attr: PVP_VERSION ", "2.2", 
@@ -392,6 +393,8 @@ public class FullStartUpAndProcessTest {
         extractor.getSingleAttributeValue("urn:eidgvat:attributes.authblock.signed"));
     Assert.assertNotNull("Wrong attr: piiTras.Id ", 
         extractor.getSingleAttributeValue("urn:eidgvat:attributes.piiTransactionId"));
+    Assert.assertEquals("Wrong attr:EID_STATUS_LEVEL ", "http://eid.gv.at/eID/status/identity",
+        extractor.getSingleAttributeValue(PvpAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_NAME));
     
   }
 
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java
index d2c4aff2..5b612036 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java
@@ -69,7 +69,7 @@ public class ProcessEngineSignalControllerTest {
     Assert.assertEquals("http StatusCode", 302, httpResp.getStatus());
     Assert.assertNotNull("redirect header", httpResp.getHeaderValue("Location"));
     Assert.assertTrue("wrong redirect header", 
-        httpResp.getHeader("Location").startsWith("http://localhost/errorHandling?errorid="));
+        httpResp.getHeader("Location").startsWith("http://localhost/public/secure/errorHandling?errorid="));
   
   }
   
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java
index 5f1c5dcf..0df8638c 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java
@@ -11,6 +11,7 @@ import java.util.Map;
 import javax.xml.transform.TransformerException;
 
 import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang3.RandomUtils;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.BeforeClass;
@@ -35,6 +36,7 @@ import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
 import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
@@ -42,8 +44,10 @@ import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.EaafParserException;
 import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
 import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
 import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
 import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
@@ -118,8 +122,10 @@ public class AuthenticationDataBuilderTest {
   @Test
   public void eidMode() throws EaafAuthenticationException {
     // initialize state
+    boolean isTestIdentity = RandomUtils.nextBoolean();
     pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
-
+    pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity);
+    
     // execute
     IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
 
@@ -128,6 +134,9 @@ public class AuthenticationDataBuilderTest {
     Assert.assertNotNull("authBlock null", authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class));
     Assert.assertNotNull("eidasBind null", authData.getGenericData(Constants.EIDAS_BIND, String.class));
     Assert.assertNotNull("LoA null", authData.getEidasQaaLevel());
+    Assert.assertEquals("testIdentity flag", 
+        isTestIdentity ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY, 
+        ((EidAuthenticationData)authData).getEidStatus());
 
     String authBlock = authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class);
     String eidasBind = authData.getGenericData(Constants.EIDAS_BIND, String.class);
@@ -159,6 +168,8 @@ public class AuthenticationDataBuilderTest {
   @Test
   public void moaIdMode() throws EaafAuthenticationException, EaafBuilderException {
     //initialize state
+    boolean isTestIdentity = RandomUtils.nextBoolean();
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);    
     pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(false);
     IIdentityLink idl = buildDummyIdl();
     pendingReq.getSessionData(AuthProcessDataWrapper.class).setIdentityLink(idl);
@@ -173,6 +184,9 @@ public class AuthenticationDataBuilderTest {
     Assert.assertNull("piiTransactionId", 
         authData.getGenericData(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, String.class));
     
+    Assert.assertEquals("testIdentity flag", 
+        isTestIdentity ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY, 
+        ((EidAuthenticationData)authData).getEidStatus());
     
     Assert.assertNotNull("assertion validTo", authData.getSsoSessionValidTo());
     Assert.assertNotNull("LoA null", authData.getEidasQaaLevel());
diff --git a/connector/src/test/resources/data/metadata_valid_without_encryption.xml b/connector/src/test/resources/data/metadata_valid_without_encryption.xml
index b224c336..32b24e91 100644
--- a/connector/src/test/resources/data/metadata_valid_without_encryption.xml
+++ b/connector/src/test/resources/data/metadata_valid_without_encryption.xml
@@ -71,6 +71,7 @@ ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L</ds:X509Certificate>
       <md:RequestedAttribute FriendlyName="userAuthBlock" Name="urn:eidgvat:attributes.authblock.signed" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
       <md:RequestedAttribute FriendlyName="eidBind" Name="urn:eidgvat:attributes.eidbind" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
       <md:RequestedAttribute FriendlyName="piiTransactionId" Name="urn:eidgvat:attributes.piiTransactionId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+      <md:RequestedAttribute FriendlyName="EID-IDENTITY-STATUS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.109" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
     </md:AttributeConsumingService>
   </md:SPSSODescriptor>
   <md:Organization>
diff --git a/connector/src/test/resources/spring/SpringTest_connector.beans.xml b/connector/src/test/resources/spring/SpringTest_connector.beans.xml
index ba385cb9..83acf445 100644
--- a/connector/src/test/resources/spring/SpringTest_connector.beans.xml
+++ b/connector/src/test/resources/spring/SpringTest_connector.beans.xml
@@ -41,6 +41,9 @@
     <property name="pvpIdpCredentials">
       <ref bean="PVPEndPointCredentialProvider" />
     </property>
+    <property name="metadataProvider">
+      <ref bean="PVPMetadataProvider" />
+    </property>       
   </bean>
 
   <bean id="AuthnRequestValidator"
@@ -61,6 +64,9 @@
     <property name="pvpIdpCredentials">
       <ref bean="PVPEndPointCredentialProvider" />
     </property>
+    <property name="metadataProvider">
+      <ref bean="PVPMetadataProvider" />
+    </property>     
   </bean>
 
   <bean id="eaafProtocolAuthenticationService"
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index c175d999..d13dd00f 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -41,6 +41,8 @@ public class Constants {
 
   // configuration properties
   public static final String CONIG_PROPS_EIDAS_PREFIX = "auth.eIDAS";
+  public static final String CONIG_PROPS_EIDAS_IS_TEST_IDENTITY = CONIG_PROPS_EIDAS_PREFIX 
+      + ".eid.testidentity.default";
   public static final String CONIG_PROPS_EIDAS_NODE = CONIG_PROPS_EIDAS_PREFIX + ".node_v2";
   public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode";
   public static final String CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS = CONIG_PROPS_EIDAS_NODE
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
index 684546f7..6cab9214 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
@@ -39,7 +39,7 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import eu.eidas.auth.commons.light.ILightResponse;
 import lombok.extern.slf4j.Slf4j;
@@ -99,10 +99,15 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 
       // update MOA-Session data with received information
       log.debug("Store eIDAS response information into pending-request.");
-      final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+      final EidAuthProcessDataWrapper authProcessData = pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
       authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance());
       authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
 
+      
+      //inject set flag to inject 
+      authProcessData.setTestIdentity(
+          basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_IS_TEST_IDENTITY, false));
+            
       // store MOA-session to database
       requestStoreage.storePendingRequest(pendingReq);
 
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java
index de9b2d3b..0e56e2b3 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java
@@ -39,7 +39,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
 import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
 import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
 import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
@@ -84,6 +84,7 @@ public class ReceiveEidasResponseTaskTest {
     RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
 
     basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false");
+    basicConfig.putConfigValue("eidas.ms.auth.eIDAS.eid.testidentity.default", "false");
     
     final Map<String, String> spConfig = new HashMap<>();
     spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp");
@@ -153,15 +154,44 @@ public class ReceiveEidasResponseTaskTest {
     IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
     Assert.assertNotNull("pendingReq not stored", storedReq);
     
-    final AuthProcessDataWrapper authProcessData = storedReq.getSessionData(AuthProcessDataWrapper.class);
+    final EidAuthProcessDataWrapper authProcessData = storedReq.getSessionData(EidAuthProcessDataWrapper.class);
     Assert.assertEquals("LoA", eidasResponse.getLevelOfAssurance(), authProcessData.getQaaLevel());
     Assert.assertNotNull("eIDAS response", 
         authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
     Assert.assertEquals("eIDAS response", eidasResponse, 
         authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
+    Assert.assertFalse("testIdentity flag", authProcessData.isTestIdentity());
         
   }
   
+  @Test
+  public void successWithTestIdentity() throws URISyntaxException, TaskExecutionException, PendingReqIdValidationException {    
+    basicConfig.putConfigValue("eidas.ms.auth.eIDAS.eid.testidentity.default", "true");
+    
+    @NotNull        
+    AuthenticationResponse eidasResponse = buildDummyAuthResponse(Constants.SUCCESS_URI);
+    httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
+    executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU");    
+      
+    //execute test
+    task.execute(pendingReq, executionContext);
+    
+    //validate state
+    IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
+    Assert.assertNotNull("pendingReq not stored", storedReq);
+    
+    final EidAuthProcessDataWrapper authProcessData = storedReq.getSessionData(EidAuthProcessDataWrapper.class);
+    Assert.assertEquals("LoA", eidasResponse.getLevelOfAssurance(), authProcessData.getQaaLevel());
+    Assert.assertNotNull("eIDAS response", 
+        authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
+    Assert.assertEquals("eIDAS response", eidasResponse, 
+        authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
+    Assert.assertTrue("testIdentity flag", authProcessData.isTestIdentity());
+        
+  }
+  
+  
+  
   @NotNull
   private AuthenticationResponse buildDummyAuthResponse(String statusCode) throws URISyntaxException {
     final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
diff --git a/infos/handbook-work_in_progress.docx b/infos/handbook-work_in_progress.docx
index d311fa80..192db5d4 100644
Binary files a/infos/handbook-work_in_progress.docx and b/infos/handbook-work_in_progress.docx differ
diff --git a/pom.xml b/pom.xml
index 46d02706..808d71b9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
     <!-- ===================================================================== -->
     <egiz-spring-api>0.3</egiz-spring-api>
     <egiz-eventlog-slf4jBackend>0.4</egiz-eventlog-slf4jBackend>
-    <eaaf-core.version>1.1.11</eaaf-core.version>
+    <eaaf-core.version>1.1.13-SNAPSHOT</eaaf-core.version>
 
     <spring-boot-starter-web.version>2.4.1</spring-boot-starter-web.version>
     <spring-boot-admin-starter-client.version>2.3.1</spring-boot-admin-starter-client.version>
-- 
cgit v1.2.3


From 291905eed9c187444c83657241b589d31d825149 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Wed, 12 May 2021 12:46:07 +0200
Subject: update third-party libs to latest versions

---
 basicConfig/templates/error_message.html           |  10 +-
 connector/pom.xml                                  |  14 +++
 connector/src/main/resources/logback.xml           | 107 +--------------------
 .../resources/specific_eIDAS_connector.beans.xml   |   3 +
 .../connector/test/FullStartUpAndProcessTest.java  |   2 +-
 .../test/utils/AuthenticationDataBuilderTest.java  |   2 +-
 .../spring/SpringTest_connector.beans.xml          |   3 +
 eidas_modules/authmodule-eIDAS-v2/pom.xml          |   4 +
 .../modules/auth/eidas/v2/test/SzrClientTest.java  |   9 +-
 .../tasks/CreateIdentityLinkTaskEidNewTest.java    |   2 +-
 .../v2/test/tasks/CreateIdentityLinkTaskTest.java  |   2 +-
 infos/handbook-work_in_progress.docx               | Bin 44445 -> 44928 bytes
 infos/readme_1.2.0.md                              |   7 +-
 pom.xml                                            |  33 ++++---
 14 files changed, 63 insertions(+), 135 deletions(-)

(limited to 'eidas_modules/authmodule-eIDAS-v2/src/test/java/at')

diff --git a/basicConfig/templates/error_message.html b/basicConfig/templates/error_message.html
index f9788f6a..b1367962 100644
--- a/basicConfig/templates/error_message.html
+++ b/basicConfig/templates/error_message.html
@@ -21,16 +21,12 @@
               <div id="alert_area" class="hell" role="application" >
                 <p th:text="#{gui.errorpage.msg.information}">Error Information</p>
                 <br/>
-                <p><b th:text="#{gui.errorpage.msg.errorcode}">Code :</b> <span th:text="${errorCode}"></span></p> 
+                <p><b th:text="#{gui.errorpage.msg.errorcode}">Code :</b> <span th:text="${extErrorCode}"></span></p>
                 <p><b th:text="#{gui.errorpage.msg.errormsg}">Msg   :</b > <span th:text="${#messages.msgWithParams('__${errorCode}__', '__${errorParams}__')}"></span></p>
               </div>
       </div>
-      
-      <div th:if="${msg.stacktrace}">
-        <p><b th:text="#{gui.errorpage.msg.stacktrace}">fullError</b> <span th:text="${msg.stacktrace}"></span></p> 
-      </div>
-      
+            
 		</div>
 	</div>
 </body>
-</html>
\ No newline at end of file
+</html>
diff --git a/connector/pom.xml b/connector/pom.xml
index 36a6d9df..6516e351 100644
--- a/connector/pom.xml
+++ b/connector/pom.xml
@@ -135,6 +135,20 @@
       <groupId>com.github.skjolber</groupId>
       <artifactId>mockito-soap-cxf</artifactId>
       <scope>test</scope>
+      <!--exclusions>
+        <exclusion>
+          <groupId>org.apache.cxf</groupId>
+          <artifactId>cxf-rt-wsdl</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.apache.cxf</groupId>
+          <artifactId>cxf-rt-bindings-soap</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.apache.cxf</groupId>
+          <artifactId>cxf-core</artifactId>
+        </exclusion>
+      </exclusions-->
     </dependency>
     <dependency>
       <groupId>org.powermock</groupId>
diff --git a/connector/src/main/resources/logback.xml b/connector/src/main/resources/logback.xml
index 7aa2d0cc..9679d9e4 100644
--- a/connector/src/main/resources/logback.xml
+++ b/connector/src/main/resources/logback.xml
@@ -8,96 +8,6 @@
 <!-- http://www.qos.ch/shop/products/professionalSupport -->
 <!-- -->
 <configuration>
-  <appender name="msnode"
-    class="ch.qos.logback.core.rolling.RollingFileAppender">
-    <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender -->
-    <File>logs/eidas-ms-specific.log</File>
-    <encoder>
-      <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern>
-    </encoder>
-    <rollingPolicy
-      class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
-      <maxIndex>9999</maxIndex>
-      <FileNamePattern>logs/eidas-ms-specific.log.%i
-      </FileNamePattern>
-    </rollingPolicy>
-    <triggeringPolicy
-      class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
-      <MaxFileSize>10000KB</MaxFileSize>
-    </triggeringPolicy>
-  </appender>
-  <appender name="EIDASNODE"
-    class="ch.qos.logback.core.rolling.RollingFileAppender">
-    <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender -->
-    <File>logs/eIDAS_node.log</File>
-    <encoder>
-      <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern>
-    </encoder>
-    <rollingPolicy
-      class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
-      <maxIndex>9999</maxIndex>
-      <FileNamePattern>logs/eIDAS_node.log.%i
-      </FileNamePattern>
-    </rollingPolicy>
-    <triggeringPolicy
-      class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
-      <MaxFileSize>10000KB</MaxFileSize>
-    </triggeringPolicy>
-  </appender>
-  <appender name="reversion"
-    class="ch.qos.logback.core.rolling.RollingFileAppender">
-    <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender -->
-    <File>logs/eidas-ms-reversion.log</File>
-    <encoder>
-      <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern>
-    </encoder>
-    <rollingPolicy
-      class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
-      <maxIndex>9999</maxIndex>
-      <FileNamePattern>logs/eidas-ms-reversion.log.%i
-      </FileNamePattern>
-    </rollingPolicy>
-    <triggeringPolicy
-      class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
-      <MaxFileSize>10000KB</MaxFileSize>
-    </triggeringPolicy>
-  </appender>
-  <appender name="statistic"
-    class="ch.qos.logback.core.rolling.RollingFileAppender">
-    <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender -->
-    <File>logs/eidas-ms-statistic.log</File>
-    <encoder>
-      <pattern>%m%n</pattern>
-    </encoder>
-    <rollingPolicy
-      class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
-      <maxIndex>9999</maxIndex>
-      <FileNamePattern>logs/eidas-ms-statistic.log.%i
-      </FileNamePattern>
-    </rollingPolicy>
-    <triggeringPolicy
-      class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
-      <MaxFileSize>10000KB</MaxFileSize>
-    </triggeringPolicy>
-  </appender>
-  <appender name="stdout"
-    class="ch.qos.logback.core.rolling.RollingFileAppender">
-    <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender -->
-    <File>logs/console.log</File>
-    <encoder>
-      <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern>
-    </encoder>
-    <rollingPolicy
-      class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
-      <maxIndex>9999</maxIndex>
-      <FileNamePattern>logs/console.log.%i
-      </FileNamePattern>
-    </rollingPolicy>
-    <triggeringPolicy
-      class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
-      <MaxFileSize>10000KB</MaxFileSize>
-    </triggeringPolicy>
-  </appender>
   <appender name="console"
     class="ch.qos.logback.core.ConsoleAppender">
     <encoder>
@@ -105,27 +15,16 @@
     </encoder>
   </appender>
   <logger name="at.gv.egiz.eaaf" level="info">
-    <appender-ref ref="msnode" />
+    <appender-ref ref="console" />
   </logger>
   <logger name="eu.eidas" additivity="false" level="info">
-    <appender-ref ref="EIDASNODE" />
+    <appender-ref ref="console" />
   </logger>
   <logger name="at.gv.egiz.eidas.specific" additivity="false"
     level="info">
-    <appender-ref ref="msnode" />
-  </logger>
-  <logger
-    name="at.gv.egiz.eidas.specific.connector.logger.RevisionLogger"
-    additivity="false" level="info">
-    <appender-ref ref="reversion" />
-  </logger>
-  <logger
-    name="at.gv.egiz.eidas.specific.connector.logger.StatisticLogger"
-    additivity="false" level="info">
-    <appender-ref ref="statistic" />
+    <appender-ref ref="console" />
   </logger>
   <root level="info">
-    <appender-ref ref="stdout" />
     <appender-ref ref="console" />
   </root>
 </configuration>
diff --git a/connector/src/main/resources/specific_eIDAS_connector.beans.xml b/connector/src/main/resources/specific_eIDAS_connector.beans.xml
index 0f8511d5..df2a9aa4 100644
--- a/connector/src/main/resources/specific_eIDAS_connector.beans.xml
+++ b/connector/src/main/resources/specific_eIDAS_connector.beans.xml
@@ -82,6 +82,9 @@
     <property name="guiBuilder" ref="mvcGUIBuilderImpl" />
   </bean>
 
+  <bean id="defaultErrorHandler"
+        class="at.gv.egiz.eaaf.core.impl.idp.auth.services.DefaultErrorService"/>
+
   <bean id="securePendingRequestIdGeneration"
     class="at.gv.egiz.eaaf.core.impl.utils.SecurePendingRequestIdGenerationStrategy" />
 
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
index f50829c7..64e8272e 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
@@ -50,7 +50,7 @@ import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
-import com.skjolberg.mockito.soap.SoapServiceRule;
+import com.github.skjolber.mockito.soap.SoapServiceRule;
 
 import at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalController;
 import at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint;
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java
index cea20f04..17ecb2ca 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java
@@ -199,7 +199,7 @@ public class AuthenticationDataBuilderTest {
     
     Assert.assertEquals("FamilyName", idl.getFamilyName(), authData.getFamilyName());
     Assert.assertEquals("GivenName", idl.getGivenName(), authData.getGivenName());
-    Assert.assertEquals("DateOfBirth", idl.getDateOfBirth(), authData.getFormatedDateOfBirth());
+    Assert.assertEquals("DateOfBirth", idl.getDateOfBirth(), authData.getDateOfBirth());
     Assert.assertEquals("bPK", 
         BpkBuilder.generateAreaSpecificPersonIdentifier(
             idl.getIdentificationValue(), EaafConstants.URN_PREFIX_CDID + "XX").getFirst(), 
diff --git a/connector/src/test/resources/spring/SpringTest_connector.beans.xml b/connector/src/test/resources/spring/SpringTest_connector.beans.xml
index 83acf445..4d770570 100644
--- a/connector/src/test/resources/spring/SpringTest_connector.beans.xml
+++ b/connector/src/test/resources/spring/SpringTest_connector.beans.xml
@@ -74,6 +74,9 @@
     <property name="guiBuilder" ref="mvcGUIBuilderImpl" />
   </bean>
 
+  <bean id="defaultErrorHandler"
+        class="at.gv.egiz.eaaf.core.impl.idp.auth.services.DefaultErrorService"/>
+
   <bean id="securePendingRequestIdGeneration"
     class="at.gv.egiz.eaaf.core.impl.utils.SecurePendingRequestIdGenerationStrategy" />
 
diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml
index 074a4205..78039e9c 100644
--- a/eidas_modules/authmodule-eIDAS-v2/pom.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml
@@ -102,6 +102,10 @@
       <groupId>org.springframework</groupId>
       <artifactId>spring-webmvc</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-core</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.apache.cxf</groupId>
       <artifactId>cxf-rt-frontend-jaxws</artifactId>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java
index cf4ed95c..786b10de 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java
@@ -54,6 +54,8 @@ import org.junit.runner.RunWith;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.util.Base64Utils;
@@ -63,7 +65,7 @@ import org.xml.sax.SAXException;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonMappingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.skjolberg.mockito.soap.SoapServiceRule;
+import com.github.skjolber.mockito.soap.SoapServiceRule;
 
 import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
@@ -96,6 +98,7 @@ import szrservices.TravelDocumentType;
 @ContextConfiguration(locations = {
     "/SpringTest-context_tasks_test.xml",
     "/SpringTest-context_basic_mapConfig.xml"})
+@DirtiesContext(classMode = ClassMode.AFTER_CLASS)
 public class SzrClientTest {
   private static final Logger log = LoggerFactory.getLogger(SzrClientTest.class);
 
@@ -134,9 +137,11 @@ public class SzrClientTest {
     eidData.setPseudonym("1234sdgsdfg56789ABCDEF");
     
     basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject", "false");
-    
+      
   }
 
+  
+  
 
   @Test
   public void getStammzahlenEcryptedTest() throws JAXBException, SZRException_Exception, SzrCommunicationException {
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
index 0621081a..175f95e6 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -40,7 +40,7 @@ import org.springframework.web.context.request.ServletRequestAttributes;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.skjolberg.mockito.soap.SoapServiceRule;
+import com.github.skjolber.mockito.soap.SoapServiceRule;
 
 import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java
index 8c7558dd..e880178f 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java
@@ -28,7 +28,7 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
-import com.skjolberg.mockito.soap.SoapServiceRule;
+import com.github.skjolber.mockito.soap.SoapServiceRule;
 
 import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
diff --git a/infos/handbook-work_in_progress.docx b/infos/handbook-work_in_progress.docx
index 192db5d4..3f2c6afd 100644
Binary files a/infos/handbook-work_in_progress.docx and b/infos/handbook-work_in_progress.docx differ
diff --git a/infos/readme_1.2.0.md b/infos/readme_1.2.0.md
index 98e18ccb..5b25d3f9 100644
--- a/infos/readme_1.2.0.md
+++ b/infos/readme_1.2.0.md
@@ -1,4 +1,4 @@
-# MS-Connector v1.2.0 Release vom xx.xx.2021
+# MS-Connector v1.2.0 Release vom 12.05.2021
 
 Der MS-Connector implementiert eine Bridge zwischen dem österreichischen E-ID System und dem eIDAS Framework um ausländischen Benutzern eine Anmeldung am österreichischen Service-Providern zu ermöglichen.
 
@@ -27,7 +27,7 @@ Nachfolgend finden Sie die erforderlichen Schritte für das Update eines bestehe
 1. Stoppen Sie die *MS-Connector* Applikation und fertigen Sie eine Sicherungskopie Ihrer Applikation inklusive Konfiguration an
 2. Entpacken Sie das Releasepacket *ms_specific_connector-1.2.0-dist.zip* in ein temporäres Verzeichnis welches in weiterer Folge __MsConnectorPackage__ bezeichnet wird.
 3. Kopieren sie die Applikation __MsConnectorPackage__/ms_connector.war nach in das Applikationsverzeichnis ihres Applikationsservers
-4. Mit der Version 1.2.0 wurde die Konfiguration eine eine Minimalkonfiguration [`default_config.properties`](./../config/default_config.properties)  und eine in den MS-Connectorintegrierte Defaultkonfiguration aufgteilt. Die nachfolgende Aufzählung umfasst die neuen oder geänderten Konfigurationsparameter, beschreibt jedoch keine Aufteilung einer bestehenden Konfiguration in Minimal- und Defaultteil. Eine vollständige Beschreibung aller Konfigurationswerte finden Sie **hier**.
+4. Mit der Version 1.2.0 wurde die Konfiguration eine eine Minimalkonfiguration [`default_config.properties`](./../config/default_config.properties)  und eine in den MS-Connectorintegrierte Defaultkonfiguration aufgteilt. Die nachfolgende Aufzählung umfasst die neuen oder geänderten Konfigurationsparameter, beschreibt jedoch keine Aufteilung einer bestehenden Konfiguration in Minimal- und Defaultteil. Eine vollständige Beschreibung aller Konfigurationswerte finden Sie im Handbuch zum AT MS-Connector.
 5. Update bestehender Dateien . Die nachfolgenden Dateien wurden geändert und erfordern eine Anpassung oder eine Übernahme dem Releasepacket, sofern die Anpassung nicht bereits durchgeführt wurde
 
    * __MsConnectorPackage__/config/templates/error_message.html
@@ -53,7 +53,6 @@ Nachfolgend finden Sie die erforderlichen Schritte für das Update eines bestehe
    - *eIDAS Node Kommunikation*
      * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm```
      * ```eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll```
-     * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm```
-     * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm```
    - *ID Austria Umsetzung*
+     - ```eidas.ms.auth.eIDAS.eid.testidentity.default```
      - ```eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject```
diff --git a/pom.xml b/pom.xml
index 808d71b9..2b557e9a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,32 +22,32 @@
     <!-- ===================================================================== -->
     <egiz-spring-api>0.3</egiz-spring-api>
     <egiz-eventlog-slf4jBackend>0.4</egiz-eventlog-slf4jBackend>
-    <eaaf-core.version>1.1.13-SNAPSHOT</eaaf-core.version>
+    <eaaf-core.version>1.1.13</eaaf-core.version>
 
-    <spring-boot-starter-web.version>2.4.1</spring-boot-starter-web.version>
-    <spring-boot-admin-starter-client.version>2.3.1</spring-boot-admin-starter-client.version>
-    <org.springframework.version>5.3.2</org.springframework.version>
-    <org.thymeleaf-spring5.version>3.0.11.RELEASE</org.thymeleaf-spring5.version>
-    <cxf.version>3.4.1</cxf.version>
+    <spring-boot-starter-web.version>2.4.5</spring-boot-starter-web.version>
+    <spring-boot-admin-starter-client.version>2.4.1</spring-boot-admin-starter-client.version>
+    <org.springframework.version>5.3.6</org.springframework.version>
+    <org.thymeleaf-spring5.version>3.0.12.RELEASE</org.thymeleaf-spring5.version>
+    <cxf.version>3.3.5</cxf.version>
 
     <eidas-ref.version>2.5.0</eidas-ref.version>
 
-    <org.apache.commons-lang3.version>3.11</org.apache.commons-lang3.version>
+    <org.apache.commons-lang3.version>3.12.0</org.apache.commons-lang3.version>
     <org.apache.commons-text.version>1.9</org.apache.commons-text.version>
     <commons-collections4.version>4.4</commons-collections4.version>
-    <com.google.guava.version>30.0-jre</com.google.guava.version>
-    <joda-time.version>2.10.8</joda-time.version>
+    <com.google.guava.version>30.1.1-jre</com.google.guava.version>
+    <joda-time.version>2.10.10</joda-time.version>
     <org.slf4j.version>1.7.30</org.slf4j.version>
-    <jackson-datatype-jsr310.version>2.12.0</jackson-datatype-jsr310.version>
+    <jackson-datatype-jsr310.version>2.12.3</jackson-datatype-jsr310.version>
     <!-- org.xerial.sqlite-jdbc.version>3.34.0</org.xerial.sqlite-jdbc.version -->
 
     <javax.validation-api.version>2.0.1.Final</javax.validation-api.version>
     <hibernate-validator.version>6.1.5.Final</hibernate-validator.version>
 
     <!-- testing -->
-    <junit.version>4.13.1</junit.version>
+    <junit.version>4.13.2</junit.version>
     <surefire.version>2.22.2</surefire.version>
-    <mockito-soap-cxf.version>1.0.5</mockito-soap-cxf.version>
+    <mockito-soap-cxf.version>1.2.0</mockito-soap-cxf.version>
     <com.squareup.okhttp3.version>4.0.0</com.squareup.okhttp3.version>
 
     <!-- Code quality checks -->
@@ -64,7 +64,7 @@
 
 
     <!-- Build and assembly -->
-    <org.projectlombok.lombok.version>1.18.12</org.projectlombok.lombok.version>
+    <org.projectlombok.lombok.version>1.18.20</org.projectlombok.lombok.version>
     <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
     <versions-maven-plugin.version>2.8.1</versions-maven-plugin.version>
     <license-maven-plugin>1.20</license-maven-plugin>
@@ -267,6 +267,11 @@
         <artifactId>joda-time</artifactId>
         <version>${joda-time.version}</version>
       </dependency>
+      <dependency>
+        <groupId>org.apache.cxf</groupId>
+        <artifactId>cxf-core</artifactId>
+        <version>${cxf.version}</version>
+      </dependency>      
       <dependency>
         <groupId>org.apache.cxf</groupId>
         <artifactId>cxf-rt-frontend-jaxws</artifactId>
@@ -280,7 +285,7 @@
       <dependency>
         <groupId>javax.servlet</groupId>
         <artifactId>javax.servlet-api</artifactId>
-        <version>3.0.1</version>
+        <version>3.1.0</version>
         <scope>provided</scope>
       </dependency>
       <dependency>
-- 
cgit v1.2.3


From af013acbb41d98b39d5ede56dbd5227858688e33 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Fri, 25 Jun 2021 10:26:17 +0200
Subject: fix bug in combination with EidasNode v2.5 and DE Middleware

# Conflicts:
#	connector/src/main/resources/application.properties
---
 .../src/main/resources/application.properties      |   2 +-
 .../specific/modules/auth/eidas/v2/Constants.java  |   2 +
 .../eidas/v2/tasks/GenerateAuthnRequestTask.java   |   3 +-
 .../test/tasks/GenerateAuthnRequestTaskTest.java   |  15 ++++--
 infos/Handbuch_MS-eIDAS-Node.docx                  | Bin 64139 -> 58160 bytes
 infos/handbook-work_in_progress.docx               | Bin 44928 -> 0 bytes
 infos/handbook/Handbuch_MS-eIDAS-Node.pdf          | Bin 871397 -> 162244 bytes
 infos/readme_1.2.2.md                              |  60 +++++++++++++++++++++
 8 files changed, 76 insertions(+), 6 deletions(-)
 delete mode 100644 infos/handbook-work_in_progress.docx
 create mode 100644 infos/readme_1.2.2.md

(limited to 'eidas_modules/authmodule-eIDAS-v2/src/test/java/at')

diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties
index 2411fde3..73a83c13 100644
--- a/connector/src/main/resources/application.properties
+++ b/connector/src/main/resources/application.properties
@@ -69,7 +69,7 @@ eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll=true
 eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=false
 
 
-
+#eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat=
 eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high
 
 #eidas.ms.auth.eIDAS.szrclient.useTestService=true
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index d13dd00f..1732a61a 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -69,6 +69,8 @@ public class Constants {
   public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER =
       CONIG_PROPS_EIDAS_NODE + ".workarounds.useRequestIdAsTransactionIdentifier";
   
+  public static final String CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT = 
+      CONIG_PROPS_EIDAS_NODE + ".requested.nameIdFormat";
   
   public static final String CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = CONIG_PROPS_EIDAS_NODE
       + ".staticProviderNameForPublicSPs";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
index 92f58877..9900fa98 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
@@ -106,7 +106,8 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
       authnRequestBuilder.id(UUID.randomUUID().toString());
 
       // set nameIDFormat
-      authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT);
+      authnRequestBuilder.nameIdFormat(
+          authConfig.getBasicConfiguration(Constants.CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT));
 
       // set citizen country code for foreign uses
       authnRequestBuilder.citizenCountryCode(citizenCountryCode);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
index f796bd86..4edfe32d 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
@@ -1,5 +1,7 @@
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
 
+import static org.junit.Assert.assertNull;
+
 import java.io.UnsupportedEncodingException;
 import java.util.HashMap;
 import java.util.Map;
@@ -91,7 +93,8 @@ public class GenerateAuthnRequestTaskTest {
         "http://test/" + RandomStringUtils.randomAlphabetic(5));  
     basicConfig.putConfigValue(
         "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
-        
+    basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat");    
+    
   }
   
   @Test
@@ -313,9 +316,8 @@ public class GenerateAuthnRequestTaskTest {
     Assert.assertEquals("ProviderName is not Static", "myNode", eidasReq.getProviderName());
     Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType());
     Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance());
-    Assert.assertEquals("wrong CC", cc, eidasReq.getCitizenCountryCode());
-    Assert.assertEquals("NameIdFormat", Constants.eIDAS_REQ_NAMEID_FORMAT, eidasReq.getNameIdFormat());
-    
+    Assert.assertEquals("wrong CC", cc, eidasReq.getCitizenCountryCode());    
+    assertNull("NameIdPolicy not null", eidasReq.getNameIdFormat());
     
   }
 
@@ -337,6 +339,10 @@ public class GenerateAuthnRequestTaskTest {
     basicConfig.putConfigValue(
         "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false");
             
+    String nameIdFormat = RandomStringUtils.randomAlphabetic(10);
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat", nameIdFormat);
+    
     String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
     basicConfig.putConfigValue(
         "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);    
@@ -363,6 +369,7 @@ public class GenerateAuthnRequestTaskTest {
         eidasReq.getLevelOfAssurance());
     
     Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size());
+    Assert.assertEquals("NameIdFormat", nameIdFormat, eidasReq.getNameIdFormat());
     
   }
   
diff --git a/infos/Handbuch_MS-eIDAS-Node.docx b/infos/Handbuch_MS-eIDAS-Node.docx
index 7bb5c919..aacb3828 100644
Binary files a/infos/Handbuch_MS-eIDAS-Node.docx and b/infos/Handbuch_MS-eIDAS-Node.docx differ
diff --git a/infos/handbook-work_in_progress.docx b/infos/handbook-work_in_progress.docx
deleted file mode 100644
index 3f2c6afd..00000000
Binary files a/infos/handbook-work_in_progress.docx and /dev/null differ
diff --git a/infos/handbook/Handbuch_MS-eIDAS-Node.pdf b/infos/handbook/Handbuch_MS-eIDAS-Node.pdf
index dd79201f..1d4195bb 100644
Binary files a/infos/handbook/Handbuch_MS-eIDAS-Node.pdf and b/infos/handbook/Handbuch_MS-eIDAS-Node.pdf differ
diff --git a/infos/readme_1.2.2.md b/infos/readme_1.2.2.md
new file mode 100644
index 00000000..6e7abdd0
--- /dev/null
+++ b/infos/readme_1.2.2.md
@@ -0,0 +1,60 @@
+# MS-Connector v1.2.2 Release vom 26.06.2021
+
+Der MS-Connector implementiert eine Bridge zwischen dem österreichischen E-ID System und dem eIDAS Framework um ausländischen Benutzern eine Anmeldung am österreichischen Service-Providern zu ermöglichen.
+
+### Änderungen in dieser Version
+
+  - Bugfix
+      - Inkompatibilität zwischen AT MS-Connector, EidasNode v2.5 und Deutscher Middleware behoben
+
+
+
+
+### Durchführen eines Updates 
+
+Nachfolgend finden Sie die erforderlichen Schritte für das Update eines bestehenden MS-specific eIDAS Connectors auf die aktuelle Version 1.2.2. Das vollständige Handbuch mit allen Konfigurationsparametern finden Sie im Releasepackage im Verzeichnis: _infos/handbook/_
+
+### Ausgehend von einer bestehenden Version 1.2.x 
+
+1. Stoppen Sie die *MS-Connector* Applikation und fertigen Sie eine Sicherungskopie Ihrer Applikation inklusive Konfiguration an
+2. Entpacken Sie das Releasepacket *ms_specific_connector-1.2.2-dist.zip* in ein temporäres Verzeichnis welches in weiterer Folge __MsConnectorPackage__ bezeichnet wird.
+3. Kopieren sie die Applikation __MsConnectorPackage__/ms_connector.war nach in das Applikationsverzeichnis ihres Applikationsservers
+4. Neue optionale Konfigurationsparameter
+   - *Allgemeine Konfiguration*
+     - ```eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat```
+
+### Ausgehend von einer bestehenden Version 1.1.0 
+
+1. Stoppen Sie die *MS-Connector* Applikation und fertigen Sie eine Sicherungskopie Ihrer Applikation inklusive Konfiguration an
+2. Entpacken Sie das Releasepacket *ms_specific_connector-1.2.2-dist.zip* in ein temporäres Verzeichnis welches in weiterer Folge __MsConnectorPackage__ bezeichnet wird.
+3. Kopieren sie die Applikation __MsConnectorPackage__/ms_connector.war nach in das Applikationsverzeichnis ihres Applikationsservers
+4. Mit der Version 1.2.0 wurde die Konfiguration eine eine Minimalkonfiguration [`default_config.properties`](./../config/default_config.properties)  und eine in den MS-Connectorintegrierte Defaultkonfiguration aufgteilt. Die nachfolgende Aufzählung umfasst die neuen oder geänderten Konfigurationsparameter, beschreibt jedoch keine Aufteilung einer bestehenden Konfiguration in Minimal- und Defaultteil. Eine vollständige Beschreibung aller Konfigurationswerte finden Sie im Handbuch zum AT MS-Connector.
+5. Update bestehender Dateien . Die nachfolgenden Dateien wurden geändert und erfordern eine Anpassung oder eine Übernahme dem Releasepacket, sofern die Anpassung nicht bereits durchgeführt wurde. Sofern die entsprechenden Datein an die bestehende Infrastruktur angepasst wurden so müssen diese Änderungen übernommen werden.
+   - __MsConnectorPackage__/config/templates/error_message.html 
+   - __MsConnectorPackage__/config/eIDAS/igniteSpecificCommunication.xml  
+     Hinweis: Siehe auch Update-Hinweise zur EIDAS-Node v2.5
+6. Erstellung neuer Dateien
+   - _KeyStore für ID Austria AuthBlock:_ Erstellen eines KeyStore mit mit öffentlichem und privaten Schlüssel welcher für die JWS Signature des technischen ID Austria AuthBlocks verwendet werden soll.
+7. Neue Konfigurationsparameter
+   - *Allgemeine Konfiguration*
+     - ```eidas.ms.core.configRootDir```
+   - *ID Austria Umsetzung*
+     - ```eidas.ms.auth.eIDAS.authblock.keystore.type```
+     - ```eidas.ms.auth.eIDAS.authblock.keystore.path```
+     - ```eidas.ms.auth.eIDAS.authblock.keystore.password```
+     - ```eidas.ms.auth.eIDAS.authblock.key.alias```
+     - ```eidas.ms.auth.eIDAS.authblock.key.password```
+   - *Service-Provider Konfiguration Konfiguration*
+     - ```eidas.ms.sp.x.newEidMode```
+8. Gelöschte Konfigurationsparameter
+
+   - ```authhandler.modules.bindingservice.bpk.target```
+9. Neue optionale Konfigurationsparameter
+   - *Allgemeine Konfiguration*
+     - ```eidas.ms.core.logging.level.info.errorcodes```
+   - *eIDAS Node Kommunikation*
+     * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm```
+     * ```eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll```
+   - *ID Austria Umsetzung*
+     - ```eidas.ms.auth.eIDAS.eid.testidentity.default```
+     - ```eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject```
-- 
cgit v1.2.3