From 58b3c1c2d7a27775af8c0b7c9d12dea08aa575fa Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Tue, 19 Jan 2021 10:37:45 +0100
Subject: build 'requesterId' for private-sector SP's based on hashed unique
AppIds set 'requesterId' and 'providerName' to static value for any type of
SP
---
.../test/tasks/GenerateAuthnRequestTaskTest.java | 148 ++++++++++++++++++++-
.../EidasRequestPreProcessingFirstTest.java | 3 +-
.../EidasRequestPreProcessingSecondTest.java | 48 +++++++
.../resources/SpringTest-context_basic_test.xml | 5 +
4 files changed, 201 insertions(+), 3 deletions(-)
(limited to 'eidas_modules/authmodule-eIDAS-v2/src/test')
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
index c416b515..f796bd86 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
@@ -83,6 +83,7 @@ public class GenerateAuthnRequestTaskTest {
pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue());
pendingReq.setAuthUrl("http://test.com/");
+ basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm", "true");
basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.entityId",
RandomStringUtils.randomAlphabetic(10));
basicConfig.putConfigValue(
@@ -297,7 +298,7 @@ public class GenerateAuthnRequestTaskTest {
basicConfig.putConfigValue(
"eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
basicConfig.putConfigValue(
- "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true");
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderNames", "true");
basicConfig.putConfigValue(
"eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs", "myNode");
@@ -365,6 +366,101 @@ public class GenerateAuthnRequestTaskTest {
}
+ @Test
+ public void publicSpWithCountryLu() throws TaskExecutionException,
+ SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException {
+ //set-up test
+ executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU");
+ executionContext.put("selectedEnvironment", "prod");
+
+ String providerName = RandomStringUtils.randomAlphanumeric(10);
+ pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+
+ basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
+
+ String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
+
+ //execute test
+ task.execute(pendingReq, executionContext);
+
+ //validate state
+ Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus());
+ Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location"));
+ Assert.assertTrue("Wrong redirect endpoint",
+ ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint));
+
+
+ final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
+
+ Assert.assertEquals("PrividerName", "myNode", eidasReq.getProviderName());
+ Assert.assertEquals("RequesterId found", "myNode", eidasReq.getRequesterId());
+ Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType());
+ Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH,
+ eidasReq.getLevelOfAssurance());
+
+ Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size());
+
+ }
+
+ @Test
+ public void privateSpWithCountryLu() throws TaskExecutionException,
+ SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException {
+ //set-up test
+ executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU");
+ executionContext.put("selectedEnvironment", "prod");
+
+ String providerName = RandomStringUtils.randomAlphanumeric(10);
+ String requesterId = RandomStringUtils.randomAlphanumeric(10);
+ pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+ pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, requesterId);
+
+ spConfig.put("target",
+ EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6));
+
+ basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true");
+
+ String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
+
+ //execute test
+ task.execute(pendingReq, executionContext);
+
+ //validate state
+ Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus());
+ Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location"));
+ Assert.assertTrue("Wrong redirect endpoint",
+ ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint));
+
+
+ final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
+
+ Assert.assertEquals("PrividerName", "myNode", eidasReq.getProviderName());
+ Assert.assertEquals("RequesterId", "myNode", eidasReq.getRequesterId());
+ Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType());
+ Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH,
+ eidasReq.getLevelOfAssurance());
+
+ Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size());
+
+ }
+
@Test
public void withEidasNodePostReqNotValidTemplate() throws TaskExecutionException,
SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException {
@@ -409,6 +505,53 @@ public class GenerateAuthnRequestTaskTest {
EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6));
String providerName = RandomStringUtils.randomAlphanumeric(10);
pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+ pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, "http://junit.sp");
+
+ basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false");
+
+ String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
+
+
+ //perform test
+ task.execute(pendingReq, executionContext);
+
+ //validate state
+ Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus());
+ Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location"));
+ Assert.assertTrue("Wrong redirect endpoint",
+ ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint));
+
+
+ final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
+
+ Assert.assertEquals("PrividerName", providerName, eidasReq.getProviderName());
+ Assert.assertEquals("RequesterId", "Wr8LrrVf5SYneblOlZdZNaLQQCCgzklfKQvyeZjBx10=", eidasReq.getRequesterId());
+ Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType());
+ Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance());
+
+ }
+
+ @Test
+ public void privateSPWithoutRequestIdHashing() throws TaskExecutionException,
+ SpecificCommunicationException, EaafStorageException {
+ //set-up test
+ executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC");
+ spConfig.put("target",
+ EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6));
+ String providerName = RandomStringUtils.randomAlphanumeric(10);
+ String requesterId = RandomStringUtils.randomAlphanumeric(10);
+ pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+ pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, requesterId);
basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
basicConfig.putConfigValue(
@@ -417,6 +560,7 @@ public class GenerateAuthnRequestTaskTest {
"eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
basicConfig.putConfigValue(
"eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false");
+ basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm", "false");
String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
basicConfig.putConfigValue(
@@ -438,7 +582,7 @@ public class GenerateAuthnRequestTaskTest {
final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
Assert.assertEquals("PrividerName", providerName, eidasReq.getProviderName());
- Assert.assertEquals("RequesterId", providerName, eidasReq.getRequesterId());
+ Assert.assertEquals("RequesterId", requesterId, eidasReq.getRequesterId());
Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType());
Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance());
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
index d0ab50f4..7ac41500 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
@@ -146,9 +146,10 @@ public class EidasRequestPreProcessingFirstTest {
Assert.assertEquals("ProviderName is not Static",
Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, lightReq.getProviderName());
+ Assert.assertNotSame("RequesterId was set", lightReq.getRequesterId());
Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
Assert.assertEquals("Requested attribute size not match", 8, lightReq.getRequestedAttributes().size());
}
-
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
index c44e803b..4a03fac1 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
@@ -86,6 +86,9 @@ public class EidasRequestPreProcessingSecondTest {
authnRequestBuilder.issuer("Test");
authnRequestBuilder.levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH);
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "true");
+
}
@Test
@@ -106,4 +109,49 @@ public class EidasRequestPreProcessingSecondTest {
}
+
+ /*
+ * Set ProviderName according to general configuration
+ */
+ @Test
+ public void prePreProcessLuPublicSpWithoutRequestId() throws EidPostProcessingException {
+
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "false");
+
+ final String testCountry = "LU";
+ authnRequestBuilder.citizenCountryCode(testCountry);
+ preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
+
+ final LightRequest lightReq = authnRequestBuilder.build();
+
+ Assert.assertEquals("ProviderName is not Static", "myNode", lightReq.getProviderName());
+ Assert.assertNull("RequesterId", lightReq.getRequesterId());
+ Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
+ Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size());
+
+ }
+
+ /*
+ * Always set requesterId and providername in case of country LU
+ */
+ @Test
+ public void prePreProcessLuPublicSpWithStaticRequesterId() throws EidPostProcessingException {
+
+
+ final String testCountry = "LU";
+ authnRequestBuilder.citizenCountryCode(testCountry);
+ preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
+
+ final LightRequest lightReq = authnRequestBuilder.build();
+
+ Assert.assertEquals("ProviderName is not Static",
+ "myNode", lightReq.getProviderName());
+ Assert.assertEquals("RequesterId is not Static",
+ "myNode", lightReq.getRequesterId());
+ Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
+ Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size());
+
+ }
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml
index 956cfcc9..cd2888c1 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml
@@ -50,6 +50,11 @@
<property name="priority" value="1" />
</bean>
+ <bean id="LU-PostProcessor"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.LuEidProcessor">
+ <property name="priority" value="1" />
+ </bean>
+
<bean id="eIDASAuthModule"
class="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasAuthenticationModulImpl">
<property name="priority" value="2" />
--
cgit v1.2.3