From 7bf7c3c03fd3a1efeaf3f8e3dd75922e2f5f9921 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 8 Mar 2022 19:06:10 +0100 Subject: refactor(core): move all project libs into sub-project 'modules' --- .../eidas_proxy-sevice/checks/spotbugs-exclude.xml | 20 - eidas_modules/eidas_proxy-sevice/pom.xml | 184 ------ .../msproxyservice/EidasProxyMessageSource.java | 22 - .../msproxyservice/MsProxyServiceConstants.java | 54 -- .../MsProxyServiceSpringResourceProvider.java | 52 -- .../exception/EidasProxyServiceException.java | 19 - .../protocol/EidasProxyServiceController.java | 443 -------------- .../protocol/ProxyServiceAuthenticationAction.java | 374 ------------ .../protocol/ProxyServicePendingRequest.java | 28 - .../utils/EidasProxyServiceUtils.java | 45 -- ...iz.components.spring.api.SpringResourceProvider | 1 - .../messages/eidasproxy_messages.properties | 14 - .../resources/spring/eidas_proxy-service.beans.xml | 28 - .../test/EidasProxyMessageSourceTest.java | 50 -- .../MsProxyServiceSpringResourceProviderTest.java | 56 -- .../protocol/EidasProxyServiceControllerTest.java | 666 --------------------- .../ProxyServiceAuthenticationActionTest.java | 637 -------------------- .../resources/config/additional-attributes.xml | 39 -- .../src/test/resources/config/eidas-attributes.xml | 376 ------------ .../resources/config/junit_config_1.properties | 6 - .../spring/SpringTest-context_basic_mapConfig.xml | 20 - .../spring/SpringTest-context_basic_test.xml | 42 -- 22 files changed, 3176 deletions(-) delete mode 100644 eidas_modules/eidas_proxy-sevice/checks/spotbugs-exclude.xml delete mode 100644 eidas_modules/eidas_proxy-sevice/pom.xml delete mode 100644 eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/EidasProxyMessageSource.java delete mode 100644 eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java delete mode 100644 eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceSpringResourceProvider.java delete mode 100644 eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/exception/EidasProxyServiceException.java delete mode 100644 eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java delete mode 100644 eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java delete mode 100644 eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServicePendingRequest.java delete mode 100644 eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/utils/EidasProxyServiceUtils.java delete mode 100644 eidas_modules/eidas_proxy-sevice/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider delete mode 100644 eidas_modules/eidas_proxy-sevice/src/main/resources/messages/eidasproxy_messages.properties delete mode 100644 eidas_modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml delete mode 100644 eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/EidasProxyMessageSourceTest.java delete mode 100644 eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/MsProxyServiceSpringResourceProviderTest.java delete mode 100644 eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java delete mode 100644 eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java delete mode 100644 eidas_modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml delete mode 100644 eidas_modules/eidas_proxy-sevice/src/test/resources/config/eidas-attributes.xml delete mode 100644 eidas_modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties delete mode 100644 eidas_modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig.xml delete mode 100644 eidas_modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_test.xml (limited to 'eidas_modules/eidas_proxy-sevice') diff --git a/eidas_modules/eidas_proxy-sevice/checks/spotbugs-exclude.xml b/eidas_modules/eidas_proxy-sevice/checks/spotbugs-exclude.xml deleted file mode 100644 index cdc9fa95..00000000 --- a/eidas_modules/eidas_proxy-sevice/checks/spotbugs-exclude.xml +++ /dev/null @@ -1,20 +0,0 @@ - - - - - - - - - - - - - - - - - - - - diff --git a/eidas_modules/eidas_proxy-sevice/pom.xml b/eidas_modules/eidas_proxy-sevice/pom.xml deleted file mode 100644 index 55a6974c..00000000 --- a/eidas_modules/eidas_proxy-sevice/pom.xml +++ /dev/null @@ -1,184 +0,0 @@ - - 4.0.0 - - at.asitplus.eidas.ms_specific - modules - 1.2.4-SNAPSHOT - - at.asitplus.eidas.ms_specific.modules - eidas_proxy-sevice - eIDAS specific proxy-service - Austrian specific eIDAS Proxy-Service to handle eIDAS Proxy-Service requests from other member states - - - - eIDASNode-local - local - file:${basedir}/../../repository - - - - - - at.gv.egiz.components - egiz-spring-api - - - at.asitplus.eidas.ms_specific - core_common_lib - - - at.asitplus.eidas.ms_specific.modules - authmodule-eIDAS-v2 - - - at.gv.egiz.eaaf - eaaf-core - - - at.gv.egiz.eaaf - eaaf_module_pvp2_sp - - - - eu.eidas - eidas-light-commons - - - eu.eidas - eidas-specific-communication-definition - - - eu.eidas - eidas-jcache-ignite-specific-communication - - - - org.apache.commons - commons-lang3 - - - com.google.guava - guava - - - org.apache.commons - commons-text - - - - javax.servlet - javax.servlet-api - provided - - - - - junit - junit - test - - - org.springframework - spring-test - test - - - org.powermock - powermock-module-junit4 - 2.0.7 - test - - - org.powermock - powermock-api-mockito2 - 2.0.7 - test - - - - at.asitplus.eidas.ms_specific - core_common_lib - test - test-jar - - - at.asitplus.eidas.ms_specific.modules - authmodule-eIDAS-v2 - test - test-jar - - - - at.gv.egiz.eaaf - eaaf_core_utils - test - test-jar - - - at.gv.egiz.eaaf - eaaf-core - test - test-jar - - - - - - - - src/main/resources - - - - - - org.apache.maven.plugins - maven-compiler-plugin - - - - com.github.spotbugs - spotbugs-maven-plugin - ${spotbugs-maven-plugin.version} - - checks/spotbugs-exclude.xml - - - - - org.jacoco - jacoco-maven-plugin - - - post-unit-check - test - - check - report - - - true - - - - - - - - maven-surefire-plugin - - 1 - - - - org.apache.maven.surefire - surefire-junit47 - ${surefire.version} - - - - - - - \ No newline at end of file diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/EidasProxyMessageSource.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/EidasProxyMessageSource.java deleted file mode 100644 index 23390da8..00000000 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/EidasProxyMessageSource.java +++ /dev/null @@ -1,22 +0,0 @@ -package at.asitplus.eidas.specific.modules.msproxyservice; - -import java.util.Arrays; -import java.util.List; - -import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; - -/** - * i18n Message-Source for eIDAS Proxy-Service messages. - * - * @author tlenz - * - */ -public class EidasProxyMessageSource implements IMessageSourceLocation { - - @Override - public List getMessageSourceLocation() { - return Arrays.asList("classpath:messages/eidasproxy_messages"); - - } - -} diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java deleted file mode 100644 index f6a88aa3..00000000 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java +++ /dev/null @@ -1,54 +0,0 @@ -package at.asitplus.eidas.specific.modules.msproxyservice; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; - -/** - * Constants for MS-specific eIDAS Proxy-Service. - * - * @author tlenz - * - */ -public class MsProxyServiceConstants { - - // general constants - public static final String TEMPLATE_SP_UNIQUE_ID = "eidasProxyAuth_from_{0}_type_{1}"; - - // configuration constants - public static final String CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID = Constants.CONIG_PROPS_EIDAS_NODE - + ".proxy.entityId"; - public static final String CONIG_PROPS_EIDAS_PROXY_NODE_FORWARD_URL = Constants.CONIG_PROPS_EIDAS_NODE - + ".proxy.forward.endpoint"; - - // mandate configuration - public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED = - Constants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.mandates.enabled"; - public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL = - Constants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.mandates.profiles.natural.default"; - public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL = - Constants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.mandates.profiles.legal.default"; - - - public static final String CONIG_PROPS_EIDAS_PROXY_WORKAROUND_MANDATES_LEGAL_PERSON = - Constants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.workaround.mandates.legalperson"; - - // specific eIDAS-Connector configuration - public static final String CONIG_PROPS_CONNECTOR_PREFIX = "connector"; - public static final String CONIG_PROPS_CONNECTOR_UNIQUEID = EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER; - public static final String CONIG_PROPS_CONNECTOR_COUNTRYCODE = "countryCode"; - public static final String CONIG_PROPS_CONNECTOR_MANDATES_ENABLED = "mandates.enabled"; - public static final String CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL = "mandates.natural"; - public static final String CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL = "mandates.legal"; - public static final String CONIG_PROPS_CONNECTOR_VALIDATION_ATTR_MDS = "validation.attributes.mds"; - - - //http end-points - public static final String EIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/light/idp/post"; - public static final String EIDAS_HTTP_ENDPOINT_IDP_REDIRECT = "/eidas/light/idp/redirect"; - - private MsProxyServiceConstants() { - //private constructor for class with only constant values - - } - -} diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceSpringResourceProvider.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceSpringResourceProvider.java deleted file mode 100644 index d36e4712..00000000 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceSpringResourceProvider.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.modules.msproxyservice; - -import org.springframework.core.io.ClassPathResource; -import org.springframework.core.io.Resource; - -import at.gv.egiz.components.spring.api.SpringResourceProvider; - -public class MsProxyServiceSpringResourceProvider implements SpringResourceProvider { - - @Override - public String getName() { - return "MS-specific eIDAS Proxy-Service module"; - } - - @Override - public String[] getPackagesToScan() { - return null; - - } - - @Override - public Resource[] getResourcesToLoad() { - final ClassPathResource eidasProxyServiceConfig = - new ClassPathResource("/spring/eidas_proxy-service.beans.xml", MsProxyServiceSpringResourceProvider.class); - - return new Resource[] { eidasProxyServiceConfig }; - } - -} diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/exception/EidasProxyServiceException.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/exception/EidasProxyServiceException.java deleted file mode 100644 index 43592a28..00000000 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/exception/EidasProxyServiceException.java +++ /dev/null @@ -1,19 +0,0 @@ -package at.asitplus.eidas.specific.modules.msproxyservice.exception; - -import at.gv.egiz.eaaf.core.exceptions.EaafException; - -public class EidasProxyServiceException extends EaafException { - - private static final long serialVersionUID = 1L; - - public EidasProxyServiceException(String errorId, Object[] params) { - super(errorId, params); - - } - - public EidasProxyServiceException(String errorId, Object[] params, Throwable e) { - super(errorId, params, e); - - } - -} diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java deleted file mode 100644 index e24c753e..00000000 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java +++ /dev/null @@ -1,443 +0,0 @@ -package at.asitplus.eidas.specific.modules.msproxyservice.protocol; - -import java.io.IOException; -import java.text.MessageFormat; -import java.util.Collections; -import java.util.HashMap; -import java.util.Map; -import java.util.UUID; -import java.util.stream.Collectors; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.commons.lang3.StringUtils; -import org.opensaml.saml.saml2.core.NameIDType; -import org.opensaml.saml.saml2.core.StatusCode; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -import com.google.common.collect.ImmutableSortedSet; - -import at.asitplus.eidas.specific.core.MsEidasNodeConstants; -import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; -import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; -import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException; -import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils; -import at.gv.egiz.components.eventlog.api.EventConstants; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes; -import at.gv.egiz.eaaf.core.api.idp.IModulInfo; -import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.GuiBuildException; -import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; -import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; -import eu.eidas.auth.commons.EIDASSubStatusCode; -import eu.eidas.auth.commons.EidasParameterKeys; -import eu.eidas.auth.commons.light.ILightRequest; -import eu.eidas.auth.commons.light.impl.LightResponse; -import eu.eidas.auth.commons.light.impl.LightResponse.Builder; -import eu.eidas.auth.commons.light.impl.ResponseStatus; -import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; -import eu.eidas.specificcommunication.exception.SpecificCommunicationException; -import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; -import lombok.extern.slf4j.Slf4j; - -/** - * End-point implementation for authentication requests from eIDAS Proxy-Service - * to MS-specific eIDAS Proxy-Service. - * - * @author tlenz - * - */ -@Slf4j -@Controller -public class EidasProxyServiceController extends AbstractController implements IModulInfo { - - private static final String ERROR_01 = "eidas.proxyservice.01"; - private static final String ERROR_02 = "eidas.proxyservice.02"; - private static final String ERROR_03 = "eidas.proxyservice.03"; - private static final String ERROR_04 = "eidas.proxyservice.04"; - private static final String ERROR_05 = "eidas.proxyservice.05"; - private static final String ERROR_07 = "eidas.proxyservice.07"; - private static final String ERROR_08 = "eidas.proxyservice.08"; - private static final String ERROR_09 = "eidas.proxyservice.09"; - private static final String ERROR_10 = "eidas.proxyservice.10"; - private static final String ERROR_11 = "eidas.proxyservice.11"; - - public static final String PROTOCOL_ID = "eidasProxy"; - - @Autowired EidasAttributeRegistry attrRegistry; - @Autowired ProxyServiceAuthenticationAction responseAction; - - /** - * End-point that receives authentication requests from eIDAS Node. - * - * @param httpReq Http request - * @param httpResp Http response - * @throws IOException In case of general error - * @throws EaafException In case of a validation or processing error - */ - @RequestMapping(value = { - MsProxyServiceConstants.EIDAS_HTTP_ENDPOINT_IDP_POST, - MsProxyServiceConstants.EIDAS_HTTP_ENDPOINT_IDP_REDIRECT - }, - method = { RequestMethod.POST, RequestMethod.GET }) - public void receiveEidasAuthnRequest(HttpServletRequest httpReq, HttpServletResponse httpResp) - throws IOException, - EaafException { - log.trace("Receive request on eidas proxy-service end-points"); - ProxyServicePendingRequest pendingReq = null; - try { - // get token from Request - final String tokenBase64 = httpReq.getParameter(EidasParameterKeys.TOKEN.toString()); - if (StringUtils.isEmpty(tokenBase64)) { - log.warn("NO eIDAS message token found."); - throw new EidasProxyServiceException(ERROR_02, null); - - } - log.trace("Receive eIDAS-node token: {}. Searching authentication request from eIDAS Proxy-Service ...", - tokenBase64); - - // read authentication request from shared cache - final SpecificCommunicationService specificProxyCommunicationService = - (SpecificCommunicationService) applicationContext.getBean( - SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE - .toString()); - final ILightRequest eidasRequest = specificProxyCommunicationService.getAndRemoveRequest( - tokenBase64, - ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes())); - if (eidasRequest == null) { - log.info("Find no eIDAS Authn. Request with stated token."); - throw new EidasProxyServiceException(ERROR_11, null); - - } - - log.debug("Received eIDAS auth. request from: {}, Initializing authentication environment ... ", - eidasRequest.getSpCountryCode() != null ? eidasRequest.getSpCountryCode() : "'missing SP-country'"); - log.trace("Received eIDAS requst: {}", eidasRequest); - - // create pendingRequest object - pendingReq = applicationContext.getBean(ProxyServicePendingRequest.class); - pendingReq.initialize(httpReq, authConfig); - pendingReq.setModule(getName()); - - // log 'transaction created' event - revisionsLogger.logEvent(EventConstants.TRANSACTION_CREATED, - pendingReq.getUniqueTransactionIdentifier()); - revisionsLogger.logEvent(pendingReq.getUniqueSessionIdentifier(), - pendingReq.getUniqueTransactionIdentifier(), EventConstants.TRANSACTION_IP, - httpReq.getRemoteAddr()); - - // validate eIDAS Authn. request and set into pending-request - validateEidasAuthnRequest(eidasRequest); - pendingReq.setEidasRequest(eidasRequest); - - // generate Service-Provider configuration from eIDAS request - final ISpConfiguration spConfig = generateSpConfigurationFromEidasRequest(eidasRequest); - - // validate eIDAS Authn. request by using eIDAS Connector specifc parameters - validateEidasAuthnRequest(spConfig, eidasRequest); - - // populate pendingRequest with parameters - pendingReq.setOnlineApplicationConfiguration(spConfig); - pendingReq.setSpEntityId(spConfig.getUniqueIdentifier()); - pendingReq.setPassiv(false); - pendingReq.setForce(true); - - // AuthnRequest needs authentication - pendingReq.setNeedAuthentication(true); - - // set protocol action, which should be executed after authentication - pendingReq.setAction(ProxyServiceAuthenticationAction.class.getName()); - - // switch to session authentication - protAuthService.performAuthentication(httpReq, httpResp, pendingReq); - - } catch (final EidasProxyServiceException e) { - throw e; - - } catch (final SpecificCommunicationException e) { - log.error("Can not read eIDAS Authn request from shared cache. Reason: {}", e.getMessage()); - throw new EidasProxyServiceException(ERROR_03, new Object[] { e.getMessage() }, e); - - } catch (final Throwable e) { - // write revision log entries - if (pendingReq != null) { - revisionsLogger.logEvent(pendingReq, EventConstants.TRANSACTION_ERROR, - pendingReq.getUniqueTransactionIdentifier()); - } - - throw new EidasProxyServiceException(ERROR_01, new Object[] { e.getMessage() }, e); - } - - } - - @Override - public boolean generateErrorMessage(Throwable e, HttpServletRequest httpReq, HttpServletResponse httpResp, - IRequest pendingReq) throws Throwable { - if (pendingReq instanceof ProxyServicePendingRequest) { - try { - ILightRequest eidasReq = ((ProxyServicePendingRequest) pendingReq).getEidasRequest(); - - //build eIDAS response - Builder lightRespBuilder = LightResponse.builder(); - lightRespBuilder.id(UUID.randomUUID().toString()); - lightRespBuilder.inResponseToId(eidasReq.getId()); - lightRespBuilder.relayState(eidasReq.getRelayState()); - lightRespBuilder.issuer(authConfig.getBasicConfiguration( - MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID)); - lightRespBuilder.subject(UUID.randomUUID().toString()); - lightRespBuilder.subjectNameIdFormat(NameIDType.TRANSIENT); - lightRespBuilder.status(ResponseStatus.builder() - .statusCode(StatusCode.RESPONDER) - .subStatusCode(EIDASSubStatusCode.AUTHN_FAILED_URI.getValue()) - .statusMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())) - .build()); - - // forward to eIDAS Proxy-Service - responseAction.forwardToEidasProxy(pendingReq, httpReq, httpResp, lightRespBuilder.build()); - - return true; - - } catch (ServletException | IOException | GuiBuildException e1) { - log.warn("Forward error to eIDAS Proxy-Service FAILED. Handle error localy ... ", e1); - - } - - } else { - log.error("eIDAS Proxy-Service authentication requires PendingRequest of Type: {}", - ProxyServicePendingRequest.class.getName()); - - } - - return false; - - } - - @Override - public String getName() { - return EidasProxyServiceController.class.getName(); - - } - - @Override - public String getAuthProtocolIdentifier() { - return PROTOCOL_ID; - - } - - @Override - public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { - return true; - - } - - /** - * Generic validation of incoming eIDAS request. - * - * @param eidasRequest Incoming eIDAS authentication request - * @throws EidasProxyServiceException In case of a validation error - */ - private void validateEidasAuthnRequest(ILightRequest eidasRequest) throws EidasProxyServiceException { - if (StringUtils.isEmpty(eidasRequest.getIssuer())) { - throw new EidasProxyServiceException(ERROR_05, null); - - } - - // TODO: validate some other stuff - - } - - /** - * eIDAS Connector specific validation of incoming eIDAS request. - * - * @param eidasRequest Incoming eIDAS authentication request - * @param spConfig eIDAS Connector configuration - * @throws EidasProxyServiceException In case of a validation error - */ - private void validateEidasAuthnRequest(ISpConfiguration spConfig, ILightRequest eidasRequest) - throws EidasProxyServiceException { - // check if natural-person and legal-person attributes requested in parallel - if (spConfig.isConfigurationValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_VALIDATION_ATTR_MDS, true) - && EidasProxyServiceUtils.isLegalPersonRequested(eidasRequest) - && EidasProxyServiceUtils.isNaturalPersonRequested(eidasRequest)) { - throw new EidasProxyServiceException(ERROR_08, null); - - } - - // TODO: validate some other stuff - - } - - /** - * Generate a dummy Service-Provider configuration for processing. - * - * @param eidasRequest Incoming eIDAS authentication request - * @return Service-Provider configuration that can be used for authentication - * @throws EidasProxyServiceException In case of a configuration error - */ - private ISpConfiguration generateSpConfigurationFromEidasRequest(ILightRequest eidasRequest) - throws EidasProxyServiceException { - try { - - Map connectorConfigMap = extractRawConnectorConfiguration(eidasRequest); - - // check if country-code is available - String spCountry = connectorConfigMap.get(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_COUNTRYCODE); - if (StringUtils.isEmpty(spCountry)) { - throw new EidasProxyServiceException(ERROR_07, null); - - } - - // build FriendyName from CountryCode and SPType - connectorConfigMap.put(MsEidasNodeConstants.PROP_CONFIG_SP_FRIENDLYNAME, - MessageFormat.format(MsProxyServiceConstants.TEMPLATE_SP_UNIQUE_ID, - spCountry, eidasRequest.getSpType())); - - // build Service-Provider configuration object - final ServiceProviderConfiguration spConfig = new ServiceProviderConfiguration(connectorConfigMap, authConfig); - - // build bPK target from Country-Code - final String ccCountry = authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, - Constants.DEFAULT_MS_NODE_COUNTRY_CODE); - spConfig.setBpkTargetIdentifier( - EaafConstants.URN_PREFIX_EIDAS + ccCountry + "+" + spCountry); - - // set required LoA from eIDAS request - spConfig.setRequiredLoA( - eidasRequest.getLevelsOfAssurance().stream().map(el -> el.getValue()).collect(Collectors.toList())); - - //build mandate profiles for this specific request - buildMandateProfileConfiguration(spConfig, eidasRequest); - - return spConfig; - - } catch (EidasProxyServiceException e) { - throw e; - - } catch (final EaafException e) { - throw new EidasProxyServiceException(ERROR_04, new Object[] { e.getMessage() }, e); - - } - } - - - private Map extractRawConnectorConfiguration(ILightRequest eidasRequest) { - Map allConnectorConfigs = authConfig.getBasicConfigurationWithPrefix( - MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_PREFIX); - if (log.isTraceEnabled()) { - log.trace("Full-connector configuration:"); - allConnectorConfigs.entrySet().stream().forEach( - el -> log.trace("Key: {} -> Value: {}", el.getKey(), el.getValue())); - - } - - - Map connectorConfig = allConnectorConfigs.entrySet().stream() - .filter(el -> el.getKey().endsWith(MsEidasNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER) - && el.getValue().equals(eidasRequest.getIssuer())) - .findFirst() - .map(el -> KeyValueUtils.getSubSetWithPrefix(allConnectorConfigs, - KeyValueUtils.getParentKey(el.getKey()) + KeyValueUtils.KEY_DELIMITER)) - .orElse(new HashMap<>()); - - - if (connectorConfig.isEmpty()) { - log.debug("No specific configuration for eIDAS Connector: {} Using default configuration ... ", - eidasRequest.getIssuer()); - - // set EntityId of the requesting eIDAS Connector - connectorConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, eidasRequest.getIssuer()); - - // set country-code from eIDAS request - connectorConfig.put(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_COUNTRYCODE, - eidasRequest.getSpCountryCode()); - - // set default mandate configuration - connectorConfig.put(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_ENABLED, - String.valueOf(authConfig.getBasicConfigurationBoolean( - MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, false))); - connectorConfig.put(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL, - authConfig.getBasicConfiguration( - MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL)); - connectorConfig.put(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL, - authConfig.getBasicConfiguration( - MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL)); - - } else { - log.debug("Find specific configuration for eIDAS Connector: {}", eidasRequest.getIssuer()); - - } - - return connectorConfig; - - } - - - private void buildMandateProfileConfiguration(ServiceProviderConfiguration spConfig, ILightRequest eidasRequest) - throws EidasProxyServiceException { - // check if mandates are enabled - if (spConfig.isConfigurationValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_ENABLED, false)) { - injectMandateInfosIntoSpConfig(spConfig, eidasRequest); - - } else { - if (EidasProxyServiceUtils.isLegalPersonRequested(eidasRequest)) { - throw new EidasProxyServiceException(ERROR_09, null); - - } - - spConfig.setMandateProfiles(Collections.emptyList()); - spConfig.setMandateMode(SpMandateModes.NONE); - - } - - } - - private void injectMandateInfosIntoSpConfig(ServiceProviderConfiguration spConfig, - ILightRequest eidasRequest) throws EidasProxyServiceException { - log.trace("eIDAS Proxy-Service allows mandates for Connector: {}. Selecting profiles ... ", - spConfig.getUniqueIdentifier()); - - //check if legal person is requested - if (EidasProxyServiceUtils.isLegalPersonRequested(eidasRequest)) { - spConfig.setMandateProfiles(KeyValueUtils.getListOfCsvValues( - spConfig.getConfigurationValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL))); - spConfig.setMandateMode(SpMandateModes.LEGAL_FORCE); - - if (spConfig.getMandateProfiles().isEmpty()) { - throw new EidasProxyServiceException(ERROR_10, null); - - } - - } else if (EidasProxyServiceUtils.isNaturalPersonRequested(eidasRequest)) { - spConfig.setMandateProfiles(KeyValueUtils.getListOfCsvValues( - spConfig.getConfigurationValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL))); - - spConfig.setMandateMode(SpMandateModes.NATURAL); - - } - - - if (spConfig.getMandateProfiles().isEmpty()) { - log.debug("No mandate-profiles for issure: {}. Set mandate-mode to 'none'", - spConfig.getUniqueIdentifier()); - spConfig.setMandateMode(SpMandateModes.NONE); - - } else { - log.debug("Set mandate-profiles: {} to request from issuer: {}", - spConfig.getMandateProfiles(), spConfig.getUniqueIdentifier()); - - } - - } -} diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java deleted file mode 100644 index 15524005..00000000 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java +++ /dev/null @@ -1,374 +0,0 @@ -package at.asitplus.eidas.specific.modules.msproxyservice.protocol; - -import java.io.IOException; -import java.util.UUID; - -import javax.annotation.PostConstruct; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang3.StringUtils; -import org.opensaml.saml.saml2.core.NameIDType; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.core.io.ResourceLoader; -import org.springframework.web.util.UriComponentsBuilder; - -import at.asitplus.eidas.specific.core.MsEidasNodeConstants; -import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; -import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; -import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException; -import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; -import at.gv.egiz.eaaf.core.api.idp.IAction; -import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; -import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.GuiBuildException; -import at.gv.egiz.eaaf.core.impl.data.SloInformationImpl; -import eu.eidas.auth.commons.EidasParameterKeys; -import eu.eidas.auth.commons.attribute.AttributeDefinition; -import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; -import eu.eidas.auth.commons.light.ILightRequest; -import eu.eidas.auth.commons.light.ILightResponse; -import eu.eidas.auth.commons.light.impl.LightResponse; -import eu.eidas.auth.commons.light.impl.LightResponse.Builder; -import eu.eidas.auth.commons.light.impl.ResponseStatus; -import eu.eidas.auth.commons.tx.BinaryLightToken; -import eu.eidas.specificcommunication.BinaryLightTokenHelper; -import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; -import eu.eidas.specificcommunication.exception.SpecificCommunicationException; -import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; -import lombok.extern.slf4j.Slf4j; - -/** - * Result action of a successfully performed eIDAS Proxy-Service authentication. - * - * @author tlenz - * - */ -@Slf4j -public class ProxyServiceAuthenticationAction implements IAction { - - private static final String PROXYSERVICE_AUTH_ACTION_NAME = "MS-specific eIDAS-Proxy action"; - - @Autowired - ApplicationContext context; - @Autowired - IConfiguration basicConfig; - @Autowired - ResourceLoader resourceLoader; - @Autowired - ISpringMvcGuiFormBuilder guiBuilder; - @Autowired - EidasAttributeRegistry attrRegistry; - - @Override - public SloInformationInterface processRequest(IRequest pendingReq, HttpServletRequest httpReq, - HttpServletResponse httpResp, IAuthData authData) throws EaafException { - if (pendingReq instanceof ProxyServicePendingRequest) { - try { - ILightRequest eidasReq = ((ProxyServicePendingRequest) pendingReq).getEidasRequest(); - - //build eIDAS response - Builder lightRespBuilder = LightResponse.builder(); - lightRespBuilder.id(UUID.randomUUID().toString()); - lightRespBuilder.inResponseToId(eidasReq.getId()); - lightRespBuilder.relayState(eidasReq.getRelayState()); - - lightRespBuilder.status(ResponseStatus.builder() - .statusCode(Constants.SUCCESS_URI) - .build()); - - //TODO: check if we can use transient subjectNameIds - lightRespBuilder.subject(UUID.randomUUID().toString()); - lightRespBuilder.subjectNameIdFormat(NameIDType.TRANSIENT); - - //TODO: - lightRespBuilder.issuer(basicConfig.getBasicConfiguration( - MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID)); - lightRespBuilder.levelOfAssurance(authData.getEidasQaaLevel()); - lightRespBuilder.attributes(buildAttributesFromAuthData(authData, eidasReq)); - - // set SLO response object of EAAF framework - final SloInformationImpl sloInformation = new SloInformationImpl(); - sloInformation.setProtocolType(pendingReq.requestedModule()); - sloInformation - .setSpEntityID(pendingReq.getServiceProviderConfiguration().getUniqueIdentifier()); - - // forward to eIDAS Proxy-Service - forwardToEidasProxy(pendingReq, httpReq, httpResp, lightRespBuilder.build()); - - return sloInformation; - - } catch (ServletException | IOException | GuiBuildException e) { - throw new EidasProxyServiceException("eidas.proxyservice.06", null, e); - - } - - } else { - log.error("eIDAS Proxy-Service authentication requires PendingRequest of Type: {}", - ProxyServicePendingRequest.class.getName()); - throw new EaafException("eidas.proxyservice.99"); - - } - } - - @Override - public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { - return true; - - } - - @Override - public String getDefaultActionName() { - return PROXYSERVICE_AUTH_ACTION_NAME; - - } - - - /** - * Forward eIDAS Light response to eIDAS node. - * - * @param pendingReq Current pending request. - * @param httpReq Current HTTP request - * @param httpResp Current HTTP response - * @param lightResponse eIDAS LightResponse - * @throws EaafConfigurationException In case of a configuration error - * @throws IOException In case of a general error - * @throws GuiBuildException In case of a GUI rendering error, if http POST binding is used - * @throws ServletException In case of a general error - */ - public void forwardToEidasProxy(IRequest pendingReq, HttpServletRequest httpReq, - HttpServletResponse httpResp, LightResponse lightResponse) throws EaafConfigurationException, IOException, - GuiBuildException, ServletException { - - // put request into shared cache - final BinaryLightToken token = putResponseInCommunicationCache(lightResponse); - final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token); - - // select forward URL regarding the selected environment - final String forwardUrl = basicConfig.getBasicConfiguration( - MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_FORWARD_URL); - - if (StringUtils.isEmpty(forwardUrl)) { - log.warn("NO ForwardURL defined in configuration. Can NOT forward to eIDAS node! Process stops"); - throw new EaafConfigurationException("config.08", - new Object[] { MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_FORWARD_URL }); - - } - log.debug("ForwardURL: " + forwardUrl + " selected to forward eIDAS request"); - - if (basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD, - Constants.FORWARD_METHOD_GET).equals(Constants.FORWARD_METHOD_GET)) { - - log.debug("Use http-redirect for eIDAS node forwarding ... "); - // send redirect - final UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(forwardUrl); - redirectUrl.queryParam(EidasParameterKeys.TOKEN.toString(), tokenBase64); - httpResp.sendRedirect(redirectUrl.build().encode().toString()); - - } else { - log.debug("Use http-post for eIDAS node forwarding ... "); - final StaticGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( - basicConfig, - pendingReq, - Constants.TEMPLATE_POST_FORWARD_NAME, - null, - resourceLoader); - - config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardUrl); - config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME, - EidasParameterKeys.TOKEN.toString()); - config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE, - tokenBase64); - - guiBuilder.build(httpReq, httpResp, config, "Forward to eIDASNode form"); - - } - } - - @PostConstruct - private void checkConfiguration() { - //TODO: validate configuration on start-up - - } - - - private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData, - ILightRequest eidasReq) { - IEidAuthData eidAuthData = (IEidAuthData) authData; - if (eidAuthData.isUseMandate()) { - log.debug("Building eIDAS Proxy-Service response with mandate ... "); - final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder(); - injectRepesentativeInformation(attributeMap, eidAuthData); - injectMandatorInformation(attributeMap, eidAuthData); - - // work-around that injects nat. person subject to bypass validation on eIDAS Node - injectJurPersonWorkaroundIfRequired(attributeMap, eidasReq, authData); - - return attributeMap.build(); - - } else { - log.debug("Building eIDAS Proxy-Service response without mandates ... "); - return buildAttributesWithoutMandate(eidAuthData); - - } - } - - private void injectMandatorInformation( - ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) { - String natMandatorId = eidAuthData.getGenericData( - MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, String.class); - - if (StringUtils.isNotEmpty(natMandatorId)) { - log.debug("Injecting natural mandator informations ... "); - final AttributeDefinition attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); - final AttributeDefinition attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_CURRENTFAMILYNAME).first(); - final AttributeDefinition attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_CURRENTGIVENNAME).first(); - final AttributeDefinition attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_DATEOFBIRTH).first(); - - attributeMap.put(attrDefPersonalId, natMandatorId); - attributeMap.put(attrDefFamilyName, eidAuthData.getGenericData( - PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class)); - attributeMap.put(attrDefGivenName, eidAuthData.getGenericData( - PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class)); - attributeMap.put(attrDefDateOfBirth, eidAuthData.getGenericData( - PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, String.class)); - - } else { - log.debug("Injecting legal mandator informations ... "); - final AttributeDefinition commonName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_LEGALNAME).first(); - final AttributeDefinition legalPersonId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first(); - - attributeMap.put(commonName, eidAuthData.getGenericData( - PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, String.class)); - attributeMap.put(legalPersonId, eidAuthData.getGenericData( - MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class)); - - } - } - - private void injectRepesentativeInformation( - ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) { - final AttributeDefinition attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER).first(); - final AttributeDefinition attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME).first(); - final AttributeDefinition attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME).first(); - final AttributeDefinition attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH).first(); - - attributeMap.put(attrDefPersonalId, - eidAuthData.getGenericData(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class)); - attributeMap.put(attrDefFamilyName, eidAuthData.getFamilyName()); - attributeMap.put(attrDefGivenName, eidAuthData.getGivenName()); - - //TODO: throw an error in case of SZR Date with month or day = "00" - attributeMap.put(attrDefDateOfBirth, eidAuthData.getDateOfBirth()); - - } - - /** - * Work-around to inject representative information as nat. person subject to bypass eIDAS Node validation. - * - *

Injection will only be done if this work-around is enabled by configuration, - * the mandator is a legal person, and both legal and natural person subject's is requested.

- * - * @param attributeMap Attribute set for eIDAS response - * @param eidasReq Incoming eIDAS request - * @param authData Authentication data - */ - private void injectJurPersonWorkaroundIfRequired( - ImmutableAttributeMap.Builder attributeMap, ILightRequest eidasReq, IAuthData authData) { - if (isLegalPersonWorkaroundActive() && isLegalPersonMandateAvailable(authData) - && EidasProxyServiceUtils.isNaturalPersonRequested(eidasReq) - && EidasProxyServiceUtils.isLegalPersonRequested(eidasReq)) { - log.debug("Injecting representative information as nat. person subject to bypass eIDAS Node validation"); - attributeMap.putAll(buildAttributesWithoutMandate(authData)); - - } - } - - private ImmutableAttributeMap buildAttributesWithoutMandate(IAuthData eidAuthData) { - //TODO: throw an error in case of SZR Date with month or day = "00" - return buildAttributesWithoutMandate( - eidAuthData.getGenericData(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class), - eidAuthData.getFamilyName(), - eidAuthData.getGivenName(), - eidAuthData.getDateOfBirth()); - - } - - private ImmutableAttributeMap buildAttributesWithoutMandate(String personalIdentifier, String familyName, - String givenName, String dateOfBirth) { - final AttributeDefinition attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); - final AttributeDefinition attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_CURRENTFAMILYNAME).first(); - final AttributeDefinition attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_CURRENTGIVENNAME).first(); - final AttributeDefinition attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_DATEOFBIRTH).first(); - - final ImmutableAttributeMap.Builder attributeMap = - ImmutableAttributeMap.builder() - .put(attrDefPersonalId, personalIdentifier) - .put(attrDefFamilyName, familyName) - .put(attrDefGivenName, givenName) - .put(attrDefDateOfBirth, dateOfBirth); - - return attributeMap.build(); - - } - - private BinaryLightToken putResponseInCommunicationCache(ILightResponse lightResponse) - throws ServletException { - final BinaryLightToken binaryLightToken; - try { - final SpecificCommunicationService springManagedSpecificConnectorCommunicationService = - (SpecificCommunicationService) context.getBean( - SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE - .toString()); - - binaryLightToken = springManagedSpecificConnectorCommunicationService.putResponse(lightResponse); - - } catch (final SpecificCommunicationException e) { - log.error("Unable to process specific request"); - throw new ServletException(e); - - } - - return binaryLightToken; - } - - private boolean isLegalPersonWorkaroundActive() { - return basicConfig.getBasicConfigurationBoolean( - MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_WORKAROUND_MANDATES_LEGAL_PERSON, - false); - - } - - private boolean isLegalPersonMandateAvailable(IAuthData authData) { - return StringUtils.isNoneEmpty(authData.getGenericData( - MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class)); - - } - -} diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServicePendingRequest.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServicePendingRequest.java deleted file mode 100644 index a3b5007a..00000000 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServicePendingRequest.java +++ /dev/null @@ -1,28 +0,0 @@ -package at.asitplus.eidas.specific.modules.msproxyservice.protocol; - -import org.springframework.beans.factory.config.BeanDefinition; -import org.springframework.context.annotation.Scope; -import org.springframework.stereotype.Component; - -import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; -import eu.eidas.auth.commons.light.ILightRequest; -import lombok.Getter; -import lombok.Setter; - -/** - * Pending-request of an authentication process from eIDAS Proxy-Service. - * - * @author tlenz - * - */ -@Component("ProxyServicePendingRequest") -@Scope(value = BeanDefinition.SCOPE_PROTOTYPE) -public class ProxyServicePendingRequest extends RequestImpl { - - private static final long serialVersionUID = 4227378344716277935L; - - @Getter - @Setter - ILightRequest eidasRequest; - -} diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/utils/EidasProxyServiceUtils.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/utils/EidasProxyServiceUtils.java deleted file mode 100644 index 4cd7ba6c..00000000 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/utils/EidasProxyServiceUtils.java +++ /dev/null @@ -1,45 +0,0 @@ -package at.asitplus.eidas.specific.modules.msproxyservice.utils; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import eu.eidas.auth.commons.light.ILightRequest; - -/** - * Common utils for eIDAS Proxy-Service implementation. - * - * @author tlenz - * - */ -public class EidasProxyServiceUtils { - - /** - * Check if legal person subject is requested by eIDAS Connector. - * - * @param eidasRequest Authentication request from eIDAS Connector. - * @return true if LegalPersonIdentifier is requested, otherwise falselse - */ - public static boolean isLegalPersonRequested(ILightRequest eidasRequest) { - return eidasRequest.getRequestedAttributes().entrySet().stream() - .filter(el -> el.getKey().getFriendlyName().equals(Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER)) - .findFirst() - .isPresent(); - - } - - /** - * Check if natural person subject is requested by eIDAS Connector. - * - * @param eidasRequest Authentication request from eIDAS Connector. - * @return true if PersonIdentifier is requested, otherwise falselse - */ - public static boolean isNaturalPersonRequested(ILightRequest eidasRequest) { - return eidasRequest.getRequestedAttributes().entrySet().stream() - .filter(el -> el.getKey().getFriendlyName().equals(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)) - .findFirst() - .isPresent(); - - } - - private EidasProxyServiceUtils() { - //hide constructor for class with static methods only - } -} diff --git a/eidas_modules/eidas_proxy-sevice/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/eidas_modules/eidas_proxy-sevice/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider deleted file mode 100644 index 9158d2e6..00000000 --- a/eidas_modules/eidas_proxy-sevice/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider +++ /dev/null @@ -1 +0,0 @@ -at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceSpringResourceProvider \ No newline at end of file diff --git a/eidas_modules/eidas_proxy-sevice/src/main/resources/messages/eidasproxy_messages.properties b/eidas_modules/eidas_proxy-sevice/src/main/resources/messages/eidasproxy_messages.properties deleted file mode 100644 index 3f92d58a..00000000 --- a/eidas_modules/eidas_proxy-sevice/src/main/resources/messages/eidasproxy_messages.properties +++ /dev/null @@ -1,14 +0,0 @@ -eidas.proxyservice.01=General error on request-validation from national eIDAS Proxy-Service -eidas.proxyservice.02=Authentication request contains not communication token. -eidas.proxyservice.03=General error during eIDAS-Node communication. Reason: {} -eidas.proxyservice.04=Validation of eIDAS Authn request failed. Reason: {} -eidas.proxyservice.05=No eIDAS-Connector Issuer in Authn. request. Authentication not possible -eidas.proxyservice.06=Can not build eIDAS Proxy-Service response. Authentication FAILED. -eidas.proxyservice.07=Can not determine eIDAS-Connector CountryCode. Authentication not possible -eidas.proxyservice.08=Validation of eIDAS Authn request failed. Reason: Legal person and natural person can not be requested at once. -eidas.proxyservice.09=eIDAS authentication not possible, because legal person is requested but mandates are disabled in general -eidas.proxyservice.10=eIDAS authentication not possible, because legal person is requested but not mandate profiles are defined -eidas.proxyservice.11=No Authentication request with stated communication token. - - -eidas.proxyservice.99=Internal error during eIDAS Proxy-Service authentication \ No newline at end of file diff --git a/eidas_modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml b/eidas_modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml deleted file mode 100644 index 2055b5a9..00000000 --- a/eidas_modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml +++ /dev/null @@ -1,28 +0,0 @@ - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/EidasProxyMessageSourceTest.java b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/EidasProxyMessageSourceTest.java deleted file mode 100644 index efe572b5..00000000 --- a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/EidasProxyMessageSourceTest.java +++ /dev/null @@ -1,50 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.idaustria.test; - -import java.util.List; - -import org.junit.Assert; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.io.Resource; -import org.springframework.core.io.ResourceLoader; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import at.asitplus.eidas.specific.modules.msproxyservice.EidasProxyMessageSource; -import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration(locations = { - "/spring/SpringTest-context_basic_test.xml", - "/spring/SpringTest-context_basic_mapConfig.xml", - }) -public class EidasProxyMessageSourceTest { - - @Autowired - private ResourceLoader loader; - @Autowired(required = false) - private List messageSources; - - @Test - public void checkMessageSources() { - Assert.assertNotNull("No messageSource", messageSources); - Assert.assertFalse("No message source", messageSources.isEmpty()); - - boolean found = false; - - for (final IMessageSourceLocation messageSource : messageSources) { - found = found ? found : messageSource instanceof EidasProxyMessageSource; - - Assert.assertNotNull("No sourcePath", messageSource.getMessageSourceLocation()); - for (final String el : messageSource.getMessageSourceLocation()) { - final Resource messages = loader.getResource(el + ".properties"); - Assert.assertTrue("Source not exist", messages.exists()); - - } - } - - Assert.assertTrue("Internal messagesource not found", found); - - } -} diff --git a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/MsProxyServiceSpringResourceProviderTest.java b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/MsProxyServiceSpringResourceProviderTest.java deleted file mode 100644 index 8c6da366..00000000 --- a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/MsProxyServiceSpringResourceProviderTest.java +++ /dev/null @@ -1,56 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.idaustria.test; - -import java.io.IOException; -import java.io.InputStream; - -import org.apache.commons.io.IOUtils; -import org.junit.Assert; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.BlockJUnit4ClassRunner; -import org.springframework.core.io.Resource; - -import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceSpringResourceProvider; -import at.gv.egiz.eaaf.core.test.TestConstants; - - - -@RunWith(BlockJUnit4ClassRunner.class) -public class MsProxyServiceSpringResourceProviderTest { - - @Test - public void testSpringConfig() { - final MsProxyServiceSpringResourceProvider test = - new MsProxyServiceSpringResourceProvider(); - for (final Resource el : test.getResourcesToLoad()) { - try { - IOUtils.toByteArray(el.getInputStream()); - - } catch (final IOException e) { - Assert.fail("Ressouce: " + el.getFilename() + " not found"); - } - - } - - Assert.assertNotNull("no Name", test.getName()); - Assert.assertNull("Find package definitions", test.getPackagesToScan()); - - } - - @Test - public void testSpILoaderConfig() { - final InputStream el = this.getClass().getResourceAsStream(TestConstants.TEST_SPI_LOADER_PATH); - try { - final String spiFile = IOUtils.toString(el, "UTF-8"); - - Assert.assertEquals("Wrong classpath in SPI file", - MsProxyServiceSpringResourceProvider.class.getName(), spiFile); - - - } catch (final IOException e) { - Assert.fail("Ressouce: " + TestConstants.TEST_SPI_LOADER_PATH + " not found"); - - } - } - -} diff --git a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java deleted file mode 100644 index 55958d9e..00000000 --- a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java +++ /dev/null @@ -1,666 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.idaustria.test.protocol; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertThrows; -import static org.junit.Assert.assertTrue; - -import java.io.IOException; -import java.net.URISyntaxException; -import java.net.URLDecoder; -import java.text.MessageFormat; -import java.util.Arrays; -import java.util.List; -import java.util.UUID; - -import org.apache.commons.lang3.RandomStringUtils; -import org.apache.commons.lang3.StringUtils; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.opensaml.saml.saml2.core.NameIDType; -import org.opensaml.saml.saml2.core.StatusCode; -import org.powermock.core.classloader.annotations.PrepareForTest; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; -import org.springframework.web.servlet.config.annotation.EnableWebMvc; - -import com.google.common.collect.ImmutableSortedSet; - -import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; -import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService; -import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; -import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException; -import at.asitplus.eidas.specific.modules.msproxyservice.protocol.EidasProxyServiceController; -import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePendingRequest; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; -import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyProtocolAuthService; -import eu.eidas.auth.commons.EidasParameterKeys; -import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; -import eu.eidas.auth.commons.light.ILightResponse; -import eu.eidas.auth.commons.light.impl.LightRequest; -import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; -import eu.eidas.specificcommunication.exception.SpecificCommunicationException; -import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; - -@RunWith(SpringJUnit4ClassRunner.class) -@PrepareForTest(CreateIdentityLinkTask.class) -@ContextConfiguration(locations = { - "/spring/SpringTest-context_basic_test.xml", - "/spring/SpringTest-context_basic_mapConfig.xml", - }) -@EnableWebMvc -public class EidasProxyServiceControllerTest { - - @Autowired private EidasProxyServiceController controller; - - @Autowired private DummySpecificCommunicationService proxyService; - @Autowired private DummyProtocolAuthService authService; - @Autowired private EidasAttributeRegistry attrRegistry; - @Autowired private ApplicationContext context; - - @Autowired MsConnectorDummyConfigMap config; - - private MockHttpServletRequest httpReq; - private MockHttpServletResponse httpResp; - - private SpecificCommunicationService springManagedSpecificConnectorCommunicationService; - - /** - * jUnit test set-up. - */ - @Before - public void setUp() throws EaafStorageException, URISyntaxException { - httpReq = new MockHttpServletRequest("POST", "http://localhost/ms_connector/eidas/light/idp/redirect"); - httpResp = new MockHttpServletResponse(); - RequestContextHolder.resetRequestAttributes(); - RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - - proxyService.setiLightRequest(null); - proxyService.setError(null); - - config.putConfigValue("eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint", - "http://eidas.proxy/endpoint"); - - springManagedSpecificConnectorCommunicationService = - (SpecificCommunicationService) context.getBean( - SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE - .toString()); - - } - - @Test - public void generateErrorResponseWrongPendingReq() throws Throwable { - Assert.assertFalse("wrong statusCode", controller.generateErrorMessage( - new EaafException("1000"), - httpReq, httpResp, null)); - - } - - @Test - public void generateErrorResponse() throws Throwable { - ProxyServicePendingRequest pendingReq = new ProxyServicePendingRequest(); - pendingReq.initialize(httpReq, config); - - LightRequest.Builder eidasRequestBuilder = LightRequest.builder() - .id(UUID.randomUUID().toString()) - .issuer(RandomStringUtils.randomAlphabetic(10)) - .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) - .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .spType("public") - .requesterId(RandomStringUtils.randomAlphanumeric(10)) - .providerName(RandomStringUtils.randomAlphanumeric(10)); - pendingReq.setEidasRequest(eidasRequestBuilder.build()); - - - // execute test - Assert.assertTrue("wrong statusCode", controller.generateErrorMessage( - new EaafException("1000"), - httpReq, httpResp, - pendingReq)); - - // validate state - assertNotNull("not redirct Header", httpResp.getHeader("Location")); - assertTrue("wrong redirect URL", httpResp.getHeader("Location").startsWith("http://eidas.proxy/endpoint?token=")); - String token = httpResp.getHeader("Location").substring("http://eidas.proxy/endpoint?token=".length()); - - ILightResponse resp = springManagedSpecificConnectorCommunicationService.getAndRemoveResponse(URLDecoder.decode(token, "UTF-8"), - ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes())); - - assertNotNull("responseId", resp.getId()); - assertEquals("inResponseTo", pendingReq.getEidasRequest().getId(), resp.getInResponseToId()); - assertEquals("relayState", pendingReq.getEidasRequest().getRelayState(), resp.getRelayState()); - - assertNotNull("subjectNameId", resp.getSubject()); - assertEquals("subjectNameIdFormat", NameIDType.TRANSIENT, resp.getSubjectNameIdFormat()); - assertTrue("not attributes", resp.getAttributes().isEmpty()); - - assertEquals("StatusCode", StatusCode.RESPONDER, resp.getStatus().getStatusCode()); - //assertEquals("SubStatusCode", "", resp.getStatus().getSubStatusCode()); - //assertEquals("StatusMsg", "", resp.getStatus().getStatusMessage()); - - } - - @Test - public void missingEidasToken() { - EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class, - () -> controller.receiveEidasAuthnRequest(httpReq, httpResp)); - Assert.assertEquals("wrong errorCode", "eidas.proxyservice.02", exception.getErrorId()); - - } - - @Test - public void wrongEidasTokenWithNullpointerException() { - //initialize state - httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); - - //validate state - EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class, - () -> controller.receiveEidasAuthnRequest(httpReq, httpResp)); - Assert.assertEquals("wrong errorCode", "eidas.proxyservice.11", exception.getErrorId()); - - } - - @Test - public void wrongEidasTokenCacheCommunicationError() { - //initialize state - httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); - proxyService.setError(new SpecificCommunicationException(RandomStringUtils.randomAlphanumeric(10))); - - //validate state - EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class, - () -> controller.receiveEidasAuthnRequest(httpReq, httpResp)); - Assert.assertEquals("wrong errorCode", "eidas.proxyservice.03", exception.getErrorId()); - Assert.assertTrue("Wrong exception", (exception.getCause() instanceof SpecificCommunicationException)); - - } - - @Test - public void missingServiceProviderCountry() { - //initialize state - httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); - LightRequest.Builder authnReqBuilder = LightRequest.builder() - .id(UUID.randomUUID().toString()) - .issuer(RandomStringUtils.randomAlphabetic(10)) - .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH); - - proxyService.setiLightRequest(authnReqBuilder.build()); - - //validate state - EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class, - () -> controller.receiveEidasAuthnRequest(httpReq, httpResp)); - Assert.assertEquals("wrong errorCode", "eidas.proxyservice.07", exception.getErrorId()); - - } - - @Test - public void requestingLegalAndNaturalPerson() { - //initialize state - httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); - LightRequest.Builder authnReqBuilder = LightRequest.builder() - .id(UUID.randomUUID().toString()) - .issuer(RandomStringUtils.randomAlphabetic(10)) - .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) - .requestedAttributes(ImmutableAttributeMap.builder() - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()) - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) - .build()); - - proxyService.setiLightRequest(authnReqBuilder.build()); - - //validate state - EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class, - () -> controller.receiveEidasAuthnRequest(httpReq, httpResp)); - Assert.assertEquals("wrong errorCode", "eidas.proxyservice.08", exception.getErrorId()); - - } - - @Test - public void requestLegalPersonButNoMandates() throws IOException, EaafException { - //initialize state - httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); - String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); - LightRequest.Builder authnReqBuilder = LightRequest.builder() - .id(UUID.randomUUID().toString()) - .issuer(RandomStringUtils.randomAlphabetic(10)) - .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) - .spCountryCode(spCountryCode) - .spType("public") - .requestedAttributes(ImmutableAttributeMap.builder() - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build()); - - proxyService.setiLightRequest(authnReqBuilder.build()); - - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "false"); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, - StringUtils.join(Arrays.asList( - RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); - - //validate state - EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class, - () -> controller.receiveEidasAuthnRequest(httpReq, httpResp)); - Assert.assertEquals("wrong errorCode", "eidas.proxyservice.09", exception.getErrorId()); - - } - - @Test - public void validAuthnRequest() throws IOException, EaafException { - //initialize state - httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); - String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); - LightRequest.Builder authnReqBuilder = LightRequest.builder() - .id(UUID.randomUUID().toString()) - .issuer(RandomStringUtils.randomAlphabetic(10)) - .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) - .spCountryCode(spCountryCode) - .spType("public") - .requestedAttributes(ImmutableAttributeMap.builder() - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build()); - - proxyService.setiLightRequest(authnReqBuilder.build()); - - - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "false"); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, - StringUtils.join(Arrays.asList( - RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); - - - //execute - controller.receiveEidasAuthnRequest(httpReq, httpResp); - - //validate state - Assert.assertNotNull("pendingRequest", authService.getPendingReq()); - Assert.assertTrue("wrong pendingRequest", authService.getPendingReq() instanceof ProxyServicePendingRequest); - ProxyServicePendingRequest pendingReq = (ProxyServicePendingRequest) authService.getPendingReq(); - Assert.assertNotNull("missing uniqueSpId", pendingReq.getSpEntityId()); - Assert.assertNotNull("missing eidasReq", pendingReq.getEidasRequest()); - - Assert.assertFalse("isPassive", pendingReq.isPassiv()); - Assert.assertTrue("isPassive", pendingReq.forceAuth()); - Assert.assertFalse("isPassive", pendingReq.isAuthenticated()); - Assert.assertFalse("isPassive", pendingReq.isAbortedByUser()); - Assert.assertTrue("isPassive", pendingReq.isNeedAuthentication()); - - Assert.assertNotNull("missing spConfig", pendingReq.getServiceProviderConfiguration()); - ServiceProviderConfiguration spConfig = - pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class); - Assert.assertNotNull("uniqueId", spConfig.getUniqueIdentifier()); - Assert.assertEquals("uniqueId wrong pattern", - authnReqBuilder.build().getIssuer(), - spConfig.getUniqueIdentifier()); - Assert.assertEquals("friendlyName wrong pattern", - MessageFormat.format(MsProxyServiceConstants.TEMPLATE_SP_UNIQUE_ID, spCountryCode, "public"), - spConfig.getFriendlyName()); - - Assert.assertEquals("uniqueId not match to pendingReq", - pendingReq.getSpEntityId(), spConfig.getUniqueIdentifier()); - Assert.assertNotNull("bpkTarget", spConfig.getAreaSpecificTargetIdentifier()); - Assert.assertEquals("wrong bPK Target", - EaafConstants.URN_PREFIX_EIDAS + "AT+" + spCountryCode, - spConfig.getAreaSpecificTargetIdentifier()); - - assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); - assertTrue("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); - assertEquals("MandateMode", SpMandateModes.NONE, spConfig.getMandateMode()); - - } - - @Test - public void validAuthnRequestWithMandatesDefaultProfilesNat() throws IOException, EaafException { - //initialize state - httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); - String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); - LightRequest.Builder authnReqBuilder = LightRequest.builder() - .id(UUID.randomUUID().toString()) - .issuer(RandomStringUtils.randomAlphabetic(10)) - .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) - .spCountryCode(spCountryCode) - .spType("public") - .requestedAttributes(ImmutableAttributeMap.builder() - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build()); - - - proxyService.setiLightRequest(authnReqBuilder.build()); - - List mandateProfilesNat = - Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); - List mandateProfilesJur = - Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, - StringUtils.join(mandateProfilesNat, ",")); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, - StringUtils.join(mandateProfilesJur, ",")); - - //execute - controller.receiveEidasAuthnRequest(httpReq, httpResp); - - //validate state - ServiceProviderConfiguration spConfig = - authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); - assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); - assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); - assertEquals("mandateprofile size", mandateProfilesNat.size(), spConfig.getMandateProfiles().size()); - spConfig.getMandateProfiles().stream() - .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfilesNat.contains(el))); - assertEquals("MandateMode", SpMandateModes.NATURAL, spConfig.getMandateMode()); - - } - - @Test - public void validAuthnRequestWithMandatesDefaultProfilesJur() throws IOException, EaafException { - //initialize state - httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); - String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); - LightRequest.Builder authnReqBuilder = LightRequest.builder() - .id(UUID.randomUUID().toString()) - .issuer(RandomStringUtils.randomAlphabetic(10)) - .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) - .spCountryCode(spCountryCode) - .spType("public") - .requestedAttributes(ImmutableAttributeMap.builder() - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build()); - - - proxyService.setiLightRequest(authnReqBuilder.build()); - - List mandateProfilesNat = - Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); - List mandateProfilesJur = - Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, - StringUtils.join(mandateProfilesNat, ",")); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, - StringUtils.join(mandateProfilesJur, ",")); - - //execute - controller.receiveEidasAuthnRequest(httpReq, httpResp); - - //validate state - ServiceProviderConfiguration spConfig = - authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); - assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); - assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); - assertEquals("mandateprofile size", mandateProfilesJur.size(), spConfig.getMandateProfiles().size()); - spConfig.getMandateProfiles().stream() - .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfilesJur.contains(el))); - assertEquals("MandateMode", SpMandateModes.LEGAL_FORCE, spConfig.getMandateMode()); - - } - - @Test - public void validAuthnRequestWithMandatesDefaultNoJurProfiles() throws IOException, EaafException { - //initialize state - httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); - String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); - LightRequest.Builder authnReqBuilder = LightRequest.builder() - .id(UUID.randomUUID().toString()) - .issuer(RandomStringUtils.randomAlphabetic(10)) - .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) - .spCountryCode(spCountryCode) - .spType("public") - .requestedAttributes(ImmutableAttributeMap.builder() - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build()); - - - proxyService.setiLightRequest(authnReqBuilder.build()); - - List mandateProfilesNat = - Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, - StringUtils.join(mandateProfilesNat, ",")); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, ""); - - //validate state - EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class, - () -> controller.receiveEidasAuthnRequest(httpReq, httpResp)); - Assert.assertEquals("wrong errorCode", "eidas.proxyservice.10", exception.getErrorId()); - - } - - @Test - public void validAuthnRequestWithMandatesDefaultNoNatProfiles() throws IOException, EaafException { - //initialize state - httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); - String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); - LightRequest.Builder authnReqBuilder = LightRequest.builder() - .id(UUID.randomUUID().toString()) - .issuer(RandomStringUtils.randomAlphabetic(10)) - .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) - .spCountryCode(spCountryCode) - .spType("public") - .requestedAttributes(ImmutableAttributeMap.builder() - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build()); - - - proxyService.setiLightRequest(authnReqBuilder.build()); - - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, ""); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, ""); - - //execute - controller.receiveEidasAuthnRequest(httpReq, httpResp); - - //validate state - ServiceProviderConfiguration spConfig = - authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); - assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); - assertTrue("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); - assertEquals("MandateMode", SpMandateModes.NONE, spConfig.getMandateMode()); - - } - - @Test - public void validAuthnRequestIssueSpecificNoMandates() throws IOException, EaafException { - //initialize state - httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); - - String issuer = RandomStringUtils.randomAlphabetic(10); - LightRequest.Builder authnReqBuilder = LightRequest.builder() - .id(UUID.randomUUID().toString()) - .issuer(issuer) - .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) - .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .spType("public") - .requestedAttributes(ImmutableAttributeMap.builder() - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build()); - - proxyService.setiLightRequest(authnReqBuilder.build()); - - - // set default mandate configuration - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, - StringUtils.join(Arrays.asList( - RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, - StringUtils.join(Arrays.asList( - RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); - - // set specific mandate configuration - String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); - addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_UNIQUEID, issuer); - addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_COUNTRYCODE, spCountryCode); - addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_ENABLED, "false"); - - List mandateProfiles = - Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); - addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL, - StringUtils.join(mandateProfiles, ",")); - addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL, - StringUtils.join(Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); - - //execute - controller.receiveEidasAuthnRequest(httpReq, httpResp); - - //validate state - ServiceProviderConfiguration spConfig = - authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); - assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); - assertTrue("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); - assertEquals("MandateMode", SpMandateModes.NONE, spConfig.getMandateMode()); - - } - - @Test - public void validAuthnRequestIssueSpecificMandatesNat() throws IOException, EaafException { - //initialize state - httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); - - String issuer = "https://apps.egiz.gv.at/EidasNode//ConnectorMetadata"; - LightRequest.Builder authnReqBuilder = LightRequest.builder() - .id(UUID.randomUUID().toString()) - .issuer(issuer) - .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) - .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .spType("public") - .requestedAttributes(ImmutableAttributeMap.builder() - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build()); - - proxyService.setiLightRequest(authnReqBuilder.build()); - - - // set default mandate configuration - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "false"); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, - StringUtils.join(Arrays.asList( - RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, - StringUtils.join(Arrays.asList( - RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); - - // set specific mandate configuration - String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); - addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_UNIQUEID, issuer); - addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_COUNTRYCODE, spCountryCode); - addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_ENABLED, "true"); - - List mandateProfiles = - Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); - addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL, - StringUtils.join(mandateProfiles, ",")); - addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL, - StringUtils.join(Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); - - //execute - controller.receiveEidasAuthnRequest(httpReq, httpResp); - - //validate state - ServiceProviderConfiguration spConfig = - authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); - assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); - assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); - assertEquals("mandateprofile size", mandateProfiles.size(), spConfig.getMandateProfiles().size()); - spConfig.getMandateProfiles().stream() - .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfiles.contains(el))); - assertEquals("MandateMode", SpMandateModes.NATURAL, spConfig.getMandateMode()); - - } - - @Test - public void validAuthnRequestIssueSpecificMandatesJur() throws IOException, EaafException { - //initialize state - httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); - - String issuer = RandomStringUtils.randomAlphabetic(10); - LightRequest.Builder authnReqBuilder = LightRequest.builder() - .id(UUID.randomUUID().toString()) - .issuer(issuer) - .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) - .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .spType("public") - .requestedAttributes(ImmutableAttributeMap.builder() - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build()); - - proxyService.setiLightRequest(authnReqBuilder.build()); - - - // set default mandate configuration - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, - StringUtils.join(Arrays.asList( - RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, - StringUtils.join(Arrays.asList( - RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); - - // set specific mandate configuration - String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); - addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_UNIQUEID, issuer); - addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_COUNTRYCODE, spCountryCode); - addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_ENABLED, "true"); - - List mandateProfiles = - Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); - addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL, - StringUtils.join(mandateProfiles, ",")); - addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL, - StringUtils.join(Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); - - //execute - controller.receiveEidasAuthnRequest(httpReq, httpResp); - - //validate state - ServiceProviderConfiguration spConfig = - authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); - assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); - assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); - assertEquals("mandateprofile size", mandateProfiles.size(), spConfig.getMandateProfiles().size()); - spConfig.getMandateProfiles().stream() - .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfiles.contains(el))); - assertEquals("MandateMode", SpMandateModes.LEGAL_FORCE, spConfig.getMandateMode()); - - } - - private void addConnectorConfig(int i, String key, String value) { - config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_PREFIX + String.valueOf(i) + "." + key, - value); - - } - -} - - diff --git a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java deleted file mode 100644 index 52cc01d4..00000000 --- a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java +++ /dev/null @@ -1,637 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.idaustria.test.protocol; - -import static at.asitplus.eidas.specific.core.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertThrows; -import static org.junit.Assert.assertTrue; - -import java.net.URISyntaxException; -import java.net.URLDecoder; -import java.util.Arrays; -import java.util.Collections; -import java.util.Date; -import java.util.HashMap; -import java.util.Map; -import java.util.UUID; - -import org.apache.commons.lang3.RandomStringUtils; -import org.joda.time.DateTime; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.opensaml.saml.saml2.core.NameIDType; -import org.powermock.core.classloader.annotations.PrepareForTest; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; - -import com.google.common.collect.ImmutableSortedSet; - -import at.asitplus.eidas.specific.core.MsEidasNodeConstants; -import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; -import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummySpConfiguration; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; -import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServiceAuthenticationAction; -import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePendingRequest; -import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues; -import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; -import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; -import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; -import eu.eidas.auth.commons.attribute.AttributeDefinition; -import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; -import eu.eidas.auth.commons.light.ILightResponse; -import eu.eidas.auth.commons.light.impl.LightRequest; -import eu.eidas.auth.commons.light.impl.LightRequest.Builder; -import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; -import eu.eidas.specificcommunication.exception.SpecificCommunicationException; -import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; - -@RunWith(SpringJUnit4ClassRunner.class) -@PrepareForTest(CreateIdentityLinkTask.class) -@ContextConfiguration(locations = { - "/spring/SpringTest-context_basic_test.xml", - "/spring/SpringTest-context_basic_mapConfig.xml", - }) -public class ProxyServiceAuthenticationActionTest { - - @Autowired private MsConnectorDummyConfigMap basicConfig; - @Autowired private ProxyServiceAuthenticationAction action; - @Autowired private ApplicationContext context; - @Autowired EidasAttributeRegistry attrRegistry; - - private MockHttpServletRequest httpReq; - private MockHttpServletResponse httpResp; - private ProxyServicePendingRequest pendingReq; - private MsConnectorDummySpConfiguration oaParam; - private SpecificCommunicationService springManagedSpecificConnectorCommunicationService; - - - /** - * jUnit test set-up. - * @throws EaafException In case of an error - */ - @Before - public void setUp() throws URISyntaxException, EaafException { - httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); - httpResp = new MockHttpServletResponse(); - RequestContextHolder.resetRequestAttributes(); - RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - - basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint", - "http://eidas.proxy/endpoint"); - basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson", - "false"); - - final Map spConfig = new HashMap<>(); - spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); - spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); - spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true"); - oaParam = new MsConnectorDummySpConfiguration(spConfig, basicConfig); - oaParam.setLoa(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH)); - - pendingReq = new ProxyServicePendingRequest(); - pendingReq.initialize(httpReq, basicConfig); - pendingReq.setOnlineApplicationConfiguration(oaParam); - - LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); - pendingReq.setEidasRequest(eidasRequestBuilder.build()); - - - springManagedSpecificConnectorCommunicationService = - (SpecificCommunicationService) context.getBean( - SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE - .toString()); - - } - - @Test - public void wrongPendingRequestType() { - IAuthData authData = generateDummyAuthData(); - TestRequestImpl internalPendingReq = new TestRequestImpl(); - - EaafException exception = assertThrows(EaafException.class, - () -> action.processRequest(internalPendingReq, httpReq, httpResp, authData)); - Assert.assertEquals("wrong errorCode", "eidas.proxyservice.99", exception.getErrorId()); - - } - - @Test - public void missingForwardUrl() { - Map attr = new HashMap<>(); - attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, - "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false); - basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint"); - - EaafException exception = assertThrows(EaafException.class, - () -> action.processRequest(pendingReq, httpReq, httpResp, authData)); - Assert.assertEquals("wrong errorCode", "config.08", exception.getErrorId()); - - } - - @Test - public void responseWithoutMandate() throws EaafException, SpecificCommunicationException { - Map attr = new HashMap<>(); - attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, - "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false); - - //perform test - SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); - - //validate state - Assert.assertNotNull("Result should be not null", result); - - ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); - assertEquals("wrong attr. size", 4, respAttr.size()); - checkAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER, - (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); - checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName()); - checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName()); - checkAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH, - authData.getDateOfBirth()); - - } - - @Test - public void responseWithNatMandate() throws EaafException, SpecificCommunicationException { - Map attr = new HashMap<>(); - attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, - "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - - attr.put(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, - RandomStringUtils.randomAlphabetic(10)); - attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, - RandomStringUtils.randomAlphabetic(10)); - attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, - RandomStringUtils.randomAlphabetic(10)); - attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, - "1985-11-15"); - - - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); - - //perform test - SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); - - //validate state - Assert.assertNotNull("Result should be not null", result); - - ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); - assertEquals("wrong attr. size", 8, respAttr.size()); - checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, - (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); - checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName()); - checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName()); - checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth()); - - checkAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER, - (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER)); - checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME, - (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME)); - checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME, - (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME)); - checkAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH, - (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME)); - - } - - @Test - public void responseWithJurMandate() throws EaafException, SpecificCommunicationException { - Map attr = new HashMap<>(); - attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, - "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); - - attr.put(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, - RandomStringUtils.randomAlphabetic(10)); - attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, - RandomStringUtils.randomAlphabetic(10)); - - //perform test - SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); - - //validate state - Assert.assertNotNull("Result should be not null", result); - - ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); - assertEquals("wrong attr. size", 6, respAttr.size()); - checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, - (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); - checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName()); - checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName()); - checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth()); - - checkAttrValue(respAttr, Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER, - (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER)); - checkAttrValue(respAttr, Constants.eIDAS_ATTR_LEGALNAME, - (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)); - - assertNull("find nat. person subject: personalId", - getAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); - assertNull("find nat. person subject: familyName", - getAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME)); - assertNull("find nat. person subject: givenName", - getAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME)); - assertNull("find nat. person subject: dateOfBirth", - getAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH)); - - } - - @Test - public void responseWithNatMandateWithWorkAround() throws EaafException, SpecificCommunicationException { - basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson", - "true"); - - //request natural person subject only - LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); - eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder().put( - attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build()); - pendingReq.setEidasRequest(eidasRequestBuilder.build()); - - - Map attr = new HashMap<>(); - attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, - "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - - attr.put(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, - RandomStringUtils.randomAlphabetic(10)); - attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, - RandomStringUtils.randomAlphabetic(10)); - attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, - RandomStringUtils.randomAlphabetic(10)); - attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, - "1985-11-15"); - - - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); - - //perform test - SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); - - //validate state - Assert.assertNotNull("Result should be not null", result); - - ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); - assertEquals("wrong attr. size", 8, respAttr.size()); - - } - - @Test - public void responseWithJurMandateWithWorkAround() throws EaafException, SpecificCommunicationException { - basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson", - "true"); - - //request natural person subject only - LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); - eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()) - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) - .build()); - pendingReq.setEidasRequest(eidasRequestBuilder.build()); - - Map attr = new HashMap<>(); - attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, - "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); - - attr.put(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, - RandomStringUtils.randomAlphabetic(10)); - attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, - RandomStringUtils.randomAlphabetic(10)); - - //perform test - SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); - - //validate state - Assert.assertNotNull("Result should be not null", result); - - ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); - assertEquals("wrong attr. size", 10, respAttr.size()); - checkAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER, - (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); - checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName()); - checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName()); - checkAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH, authData.getDateOfBirth()); - - } - - @Test - public void responseWithJurMandateWithWorkAroundNoNatSubject() throws EaafException, SpecificCommunicationException { - basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson", - "true"); - - //request natural person subject only - LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); - eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) - .build()); - pendingReq.setEidasRequest(eidasRequestBuilder.build()); - - Map attr = new HashMap<>(); - attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, - "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); - - attr.put(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, - RandomStringUtils.randomAlphabetic(10)); - attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, - RandomStringUtils.randomAlphabetic(10)); - - //perform test - SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); - - //validate state - Assert.assertNotNull("Result should be not null", result); - - ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); - assertEquals("wrong attr. size", 6, respAttr.size()); - assertNull("find nat. person subject: personalId", - getAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); - assertNull("find nat. person subject: familyName", - getAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME)); - assertNull("find nat. person subject: givenName", - getAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME)); - assertNull("find nat. person subject: dateOfBirth", - getAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH)); - - } - - @Test - public void checkBasicConstrainsInAction() { - - Assert.assertTrue("Wrong NeedAuthentication", action.needAuthentication(pendingReq, httpReq, httpResp)); - Assert.assertNotNull("Missing ActionName", action.getDefaultActionName()); - - Assert.assertNotNull("missing ActionBean", context.getBean(ProxyServiceAuthenticationAction.class)); - - } - - private IAuthData generateDummyAuthData() { - return generateDummyAuthData(Collections.emptyMap(), EaafConstants.EIDAS_LOA_LOW, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1940-01-01", false); - - } - - private Object getAttrValue(ImmutableAttributeMap respAttr, String attrName) { - final AttributeDefinition attrDef = - attrRegistry.getCoreAttributeRegistry().getByFriendlyName(attrName).first(); - return respAttr.getFirstValue(attrDef); - - } - - private void checkAttrValue(ImmutableAttributeMap respAttr, String attrName, String expected) { - Object value = getAttrValue(respAttr, attrName); - assertNotNull("not attr value: " + attrName, value); - - if (value instanceof String) { - assertEquals("wrong attr. value: " + attrName, expected, value); - - } else if ( value instanceof DateTime) { - assertEquals("wrong attr. value: " + attrName, expected, ((DateTime)value).toString("yyyy-MM-dd")); - - } - } - - private ImmutableAttributeMap validateBasicEidasResponse(IAuthData authData) throws SpecificCommunicationException { - assertNotNull("not redirct Header", httpResp.getHeader("Location")); - assertTrue("wrong redirect URL", httpResp.getHeader("Location").startsWith("http://eidas.proxy/endpoint?token=")); - String token = httpResp.getHeader("Location").substring("http://eidas.proxy/endpoint?token=".length()); - - ILightResponse resp = springManagedSpecificConnectorCommunicationService.getAndRemoveResponse(URLDecoder.decode(token), - ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes())); - - assertNotNull("responseId", resp.getId()); - assertEquals("inResponseTo", pendingReq.getEidasRequest().getId(), resp.getInResponseToId()); - assertEquals("relayState", pendingReq.getEidasRequest().getRelayState(), resp.getRelayState()); - assertEquals("LoA", authData.getEidasQaaLevel(), resp.getLevelOfAssurance()); - - assertNotNull("subjectNameId", resp.getSubject()); - assertEquals("subjectNameIdFormat", NameIDType.TRANSIENT, resp.getSubjectNameIdFormat()); - - assertFalse("not attributes", resp.getAttributes().isEmpty()); - return resp.getAttributes(); - - } - - private Builder generateBasicLightRequest() { - return LightRequest.builder() - .id(UUID.randomUUID().toString()) - .issuer(RandomStringUtils.randomAlphabetic(10)) - .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) - .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .spType("public") - .requesterId(RandomStringUtils.randomAlphanumeric(10)) - .providerName(RandomStringUtils.randomAlphanumeric(10)); - - } - - private IAuthData generateDummyAuthData(Map attrs, String loa, String familyName, String givenName, String dateOfBirth, - boolean useMandates) { - return new IEidAuthData() { - - @Override - public boolean isSsoSession() { - // TODO Auto-generated method stub - return false; - } - - @Override - public boolean isForeigner() { - // TODO Auto-generated method stub - return false; - } - - @Override - public boolean isBaseIdTransferRestrication() { - // TODO Auto-generated method stub - return false; - } - - @Override - public Date getSsoSessionValidTo() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getSessionIndex() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getNameIdFormat() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getNameID() { - // TODO Auto-generated method stub - return null; - } - - @Override - public IIdentityLink getIdentityLink() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getIdentificationValue() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getIdentificationType() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getGivenName() { - return givenName; - } - - @Override - public T getGenericData(String key, Class clazz) { - if (attrs.containsKey(key)) { - return (T) attrs.get(key); - - } else { - return null; - } - - } - - @Override - public String getDateOfBirth() { - return dateOfBirth; - } - - @Override - public String getFamilyName() { - return familyName; - } - - @Override - public String getEncryptedSourceIdType() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getEncryptedSourceId() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getEidasQaaLevel() { - return loa; - - } - - - @Override - public String getCiticenCountryCode() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getBpkType() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getBpk() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getAuthenticationIssuer() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getAuthenticationIssueInstantString() { - // TODO Auto-generated method stub - return null; - } - - @Override - public Date getAuthenticationIssueInstant() { - // TODO Auto-generated method stub - return null; - } - - @Override - public byte[] getSignerCertificate() { - // TODO Auto-generated method stub - return null; - } - - @Override - public byte[] getEidToken() { - // TODO Auto-generated method stub - return null; - } - - @Override - public EidIdentityStatusLevelValues getEidStatus() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getVdaEndPointUrl() { - // TODO Auto-generated method stub - return null; - } - - @Override - public boolean isUseMandate() { - return useMandates; - - } - - @Override - public String getDateOfBirthFormated(String pattern) { - // TODO Auto-generated method stub - return null; - } - }; - - } -} diff --git a/eidas_modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml b/eidas_modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml deleted file mode 100644 index 6510546e..00000000 --- a/eidas_modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml +++ /dev/null @@ -1,39 +0,0 @@ - - - - - - Dynamic attributes - - http://eidas.europa.eu/attributes/naturalperson/AdditionalAttribute - AdditionalAttribute - NaturalPerson - false - http://www.w3.org/2001/XMLSchema - string - xs - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/LegalAdditionalAttribute - LegalAdditionalAttribute - LegalPerson - false - http://www.w3.org/2001/XMLSchema - string - xs - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - diff --git a/eidas_modules/eidas_proxy-sevice/src/test/resources/config/eidas-attributes.xml b/eidas_modules/eidas_proxy-sevice/src/test/resources/config/eidas-attributes.xml deleted file mode 100644 index cbae35db..00000000 --- a/eidas_modules/eidas_proxy-sevice/src/test/resources/config/eidas-attributes.xml +++ /dev/null @@ -1,376 +0,0 @@ - - - - - - eIDAS attributes - - http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier - PersonIdentifier - NaturalPerson - true - true - http://eidas.europa.eu/attributes/naturalperson - PersonIdentifierType - eidas-natural - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName - FamilyName - NaturalPerson - true - true - http://eidas.europa.eu/attributes/naturalperson - CurrentFamilyNameType - eidas-natural - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName - FirstName - NaturalPerson - true - true - http://eidas.europa.eu/attributes/naturalperson - CurrentGivenNameType - eidas-natural - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/naturalperson/DateOfBirth - DateOfBirth - NaturalPerson - true - http://eidas.europa.eu/attributes/naturalperson - DateOfBirthType - eidas-natural - eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller - - http://eidas.europa.eu/attributes/naturalperson/BirthName - BirthName - NaturalPerson - false - true - http://eidas.europa.eu/attributes/naturalperson - BirthNameType - eidas-natural - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth - PlaceOfBirth - NaturalPerson - false - http://eidas.europa.eu/attributes/naturalperson - PlaceOfBirthType - eidas-natural - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/naturalperson/CurrentAddress - CurrentAddress - NaturalPerson - false - http://eidas.europa.eu/attributes/naturalperson - CurrentAddressType - eidas-natural - eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller - - http://eidas.europa.eu/attributes/naturalperson/Gender - Gender - NaturalPerson - false - http://eidas.europa.eu/attributes/naturalperson - GenderType - eidas-natural - eu.eidas.auth.commons.protocol.eidas.impl.GenderAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier - LegalPersonIdentifier - LegalPerson - true - true - http://eidas.europa.eu/attributes/legalperson - LegalPersonIdentifierType - eidas-legal - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/LegalName - LegalName - LegalPerson - true - true - http://eidas.europa.eu/attributes/legalperson - LegalNameType - eidas-legal - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/LegalPersonAddress - LegalAddress - LegalPerson - false - http://eidas.europa.eu/attributes/legalperson - LegalPersonAddressType - eidas-legal - eu.eidas.auth.commons.protocol.eidas.impl.LegalAddressAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/VATRegistrationNumber - VATRegistration - LegalPerson - false - http://eidas.europa.eu/attributes/legalperson - VATRegistrationNumberType - eidas-legal - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/TaxReference - TaxReference - LegalPerson - false - http://eidas.europa.eu/attributes/legalperson - TaxReferenceType - eidas-legal - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/D-2012-17-EUIdentifier - D-2012-17-EUIdentifier - LegalPerson - false - http://eidas.europa.eu/attributes/legalperson - D-2012-17-EUIdentifierType - eidas-legal - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/LEI - LEI - LegalPerson - false - http://eidas.europa.eu/attributes/legalperson - LEIType - eidas-legal - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/EORI - EORI - LegalPerson - false - http://eidas.europa.eu/attributes/legalperson - EORIType - eidas-legal - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/SEED - SEED - LegalPerson - false - http://eidas.europa.eu/attributes/legalperson - SEEDType - eidas-legal - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/SIC - SIC - LegalPerson - false - http://eidas.europa.eu/attributes/legalperson - SICType - eidas-legal - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/naturalperson/representative/PersonIdentifier - RepresentativePersonIdentifier - RepresentativeNaturalPerson - false - true - http://eidas.europa.eu/attributes/naturalperson/representative - PersonIdentifierType - eidas-natural - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/naturalperson/representative/CurrentFamilyName - RepresentativeFamilyName - RepresentativeNaturalPerson - false - true - http://eidas.europa.eu/attributes/naturalperson/representative - CurrentFamilyNameType - eidas-reprentative-natural - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/naturalperson/representative/CurrentGivenName - RepresentativeFirstName - RepresentativeNaturalPerson - false - true - http://eidas.europa.eu/attributes/naturalperson/representative - CurrentGivenNameType - eidas-reprentative-natural - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/naturalperson/representative/DateOfBirth - RepresentativeDateOfBirth - RepresentativeNaturalPerson - false - http://eidas.europa.eu/attributes/naturalperson/representative - DateOfBirthType - eidas-reprentative-natural - eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller - - http://eidas.europa.eu/attributes/naturalperson/representative/BirthName - RepresentativeBirthName - RepresentativeNaturalPerson - false - true - http://eidas.europa.eu/attributes/naturalperson/representative - BirthNameType - eidas-reprentative-natural - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/naturalperson/representative/PlaceOfBirth - RepresentativePlaceOfBirth - RepresentativeNaturalPerson - false - http://eidas.europa.eu/attributes/naturalperson/representative - PlaceOfBirthType - eidas-reprentative-natural - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/naturalperson/representative/CurrentAddress - RepresentativeCurrentAddress - RepresentativeNaturalPerson - false - http://eidas.europa.eu/attributes/naturalperson/representative - CurrentAddressType - eidas-reprentative-natural - eu.eidas.auth.commons.protocol.eidas.impl.RepvCurrentAddressAttributeValueMarshaller - - http://eidas.europa.eu/attributes/naturalperson/representative/Gender - RepresentativeGender - RepresentativeNaturalPerson - false - http://eidas.europa.eu/attributes/naturalperson/representative - GenderType - eidas-reprentative-natural - eu.eidas.auth.commons.protocol.eidas.impl.GenderAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonIdentifier - RepresentativeLegalPersonIdentifier - RepresentativeLegalPerson - false - true - http://eidas.europa.eu/attributes/legalperson/representative - LegalPersonIdentifierType - eidas-reprentative-legal - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/representative/LegalName - RepresentativeLegalName - RepresentativeLegalPerson - false - true - http://eidas.europa.eu/attributes/legalperson/representative - LegalNameType - eidas-reprentative-legal - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonAddress - RepresentativeLegalAddress - RepresentativeLegalPerson - false - http://eidas.europa.eu/attributes/legalperson/representative - LegalPersonAddressType - eidas-reprentative-legal - eu.eidas.auth.commons.protocol.eidas.impl.RepvLegalAddressAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/representative/VATRegistrationNumber - RepresentativeVATRegistration - RepresentativeLegalPerson - false - http://eidas.europa.eu/attributes/legalperson/representative - VATRegistrationNumberType - eidas-reprentative-legal - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/representative/TaxReference - RepresentativeTaxReference - RepresentativeLegalPerson - false - http://eidas.europa.eu/attributes/legalperson/representative - TaxReferenceType - eidas-reprentative-legal - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/representative/D-2012-17-EUIdentifier - RepresentativeD-2012-17-EUIdentifier - RepresentativeLegalPerson - false - http://eidas.europa.eu/attributes/legalperson/representative - D-2012-17-EUIdentifierType - eidas-reprentative-legal - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/representative/LEI - RepresentativeLEI - RepresentativeLegalPerson - false - http://eidas.europa.eu/attributes/legalperson/representative - LEIType - eidas-reprentative-legal - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/representative/EORI - RepresentativeEORI - RepresentativeLegalPerson - false - http://eidas.europa.eu/attributes/legalperson/representative - EORIType - eidas-reprentative-legal - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/representative/SEED - RepresentativeSEED - RepresentativeLegalPerson - false - http://eidas.europa.eu/attributes/legalperson/representative - SEEDType - eidas-reprentative-legal - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/representative/SIC - RepresentativeSIC - RepresentativeLegalPerson - false - http://eidas.europa.eu/attributes/legalperson/representative - SICType - eidas-reprentative-legal - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonAddress - RepresentativeLegalAddress - RepresentativeLegalPerson - false - http://eidas.europa.eu/attributes/legalperson/representative - LegalPersonAddressType - eidas-reprentative-legal - eu.eidas.auth.commons.protocol.eidas.impl.RepvLegalAddressAttributeValueMarshaller - - http://eidas.europa.eu/attributes/legalperson/representative/VATRegistrationNumber - RepresentativeVATRegistration - RepresentativeLegalPerson - false - http://eidas.europa.eu/attributes/legalperson/representative - VATRegistrationNumberType - eidas-reprentative-legal - eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller - - - diff --git a/eidas_modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties b/eidas_modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties deleted file mode 100644 index 4f3b82b5..00000000 --- a/eidas_modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties +++ /dev/null @@ -1,6 +0,0 @@ -## Basic service configuration -eidas.ms.context.url.prefix=http://localhost -eidas.ms.context.url.request.validation=false - -eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy -eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://eidas.proxy/endpoint \ No newline at end of file diff --git a/eidas_modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig.xml b/eidas_modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig.xml deleted file mode 100644 index fe9ff441..00000000 --- a/eidas_modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig.xml +++ /dev/null @@ -1,20 +0,0 @@ - - - - - - - - - - - \ No newline at end of file diff --git a/eidas_modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_test.xml b/eidas_modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_test.xml deleted file mode 100644 index 9870d22a..00000000 --- a/eidas_modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_test.xml +++ /dev/null @@ -1,42 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file -- cgit v1.2.3